A new report from the Public Accounts Committee (PAC) has revealed that the UK government has not done enough when it comes to developing long-term objectives for the National Cyber Security Strategy.
According to the report, the current strategy, which covers the five-year period from 2016 to 2021, has been “hampered by a weak evidence base and lack of business case”. PAC believes that more data needs to be collected going forward and the lack of a business case has made it difficult to determine if the funds allocated at the start of the program were the correct amount.
Following a poor start, the Cabinet Office reported that it is beginning to make progress in meeting the strategic outcomes of the current National Cyber Security Strategy. However, it has not yet laid out its plans for its approach to cyber security after 2021.
- UK government criticized over cybersecurity
- Government bodies are at risk online
- 1 in 10 UK businesses are at risk from cyber threats
The Cabinet Office therefore needs to start planning now to develop a revised approach before the next Spending Review which will likely be announced as part of the 2019 autumn budget.
The report also highlighted the fact that it is difficult for UK consumers to know whether the devices they buy or the companies they give their details to online are storing their information securely. Currently there is no 'traffic light' or 'kitemark' system in place to inform consumers on how secure the products they buy are.
This area is particularly difficult for the government to influence and regulate but it has made some progress in the area. For example, the National Cyber Security Centre (NCSC) has promoted two-factor authentication to make thefts of basic personal information less valuable to cybercriminals and the organization has also worked with the Bank of England to build better cyber security standards.
Instead of regulating how the banking sector protects itself online, the NCSC has provided technical advice to the Bank of England to help it implement cyber security policies in line with its statutory mandate to promote financial stability.
PAC recommends that a similar approach be developed to support other industries, including retail, which have also been the target of cyberattacks.
Committee Chair Meg Hillier MP commented on the findings of the report, saying:
“In the interest of national security, the Cabinet Office need to take a long-term approach to protecting against the risk of cyber-attacks: future plans should be based on strong evidence, business cases should be rigorously-costed to ensure value for money, and strategic outcomes and objectives should be clearly defined."
- We've also highlighted the best antivirus