Pillar 2: Building a Resilient and Prosperous Digital UK
Until now, the UK’s approach to cyber resilience has hinged on legislation and the establishment of a National Cyber Security Centre (NCSC), a resource for cybersecurity advice, guidance, tools, and incident response for the public sector, industry, SMEs, and the public. Yet, despite these measures, increased digitization and a growing attack surface mean that gaps in the nation’s cyber resiliency remain.
With its new strategy, the UK government recognizes that a holistic, whole-of-society endeavor is needed to achieve national cyber resilience. While the government has a role to play, the strategy stresses that “...what happens in the boardroom or the classroom matters as much to our national cyber power as the actions of technical experts and government officials...”
To build a more resilient UK, the government will publish guidance on effective risk management processes across the public and private sector, including more comprehensive monitoring of systems, networks, and services. Per the plan, operators of critical national infrastructure must also assume a more sophisticated understanding of cyber risk and manage that risk more proactively.
In addition, the government proposes improvements to corporate reporting of resilience to risks, including cyber threats. This will give investors and shareholders better insight into how companies are managing and mitigating material risks to their business.
Finally, this pillar emphasizes the deepening globalization of supply chains and the imperative of mitigating supply chain risk.
Pillar 3: Taking the Lead in the Technologies Vital to Cyber Power
A key objective of the UK cyber resilience strategy is to pursue strategic advancements through technology and data.
Led by the NCSC, the UK plans to identify areas of technology critical to cyber resilience, invest in research and development, and encourage trustworthy and diverse supply chains. The UK government will also take steps to exploit and protect the growing volume of data generated by and driving innovation in emerging technologies.