Strategy outlines short- and long-term objectives

Credit: QuoteInspector/CC BY-ND 4.0

The government has published a plan for protecting the public sector against cyberattacks and vowed that all organisations will be “resilient to known vulnerabilities and attack methods no later than 2030”.

The Government Cyber Security Strategy: 2022 to 2030 policy paper was published earlier this week; it set out a two-pronged approach to driving improvements in public sector cybersecurity, with the first being to ensure that “government organisations have the right structures, mechanisms, tools and support in place to manage their cybersecurity risks”.

“The second is to ‘defend as one’,” according to the strategy document. “Recognising that the scale and pace of the threat demands a more comprehensive and joined up response, government will harness the value of sharing cyber security data, expertise and capabilities across its organisations to present a defensive force disproportionately more powerful than the sum of its parts.”

Related content

• Ex-NCSC chief Martin asks whether the new cyber strategy will make the UK safer
• Cyber national security: how the UK has prepared itself for major attacks
• Life hacks – a year at the National Cyber Security Centre

The intent of the plan is to ensure that at the public sector’s “critical functions [are] significantly hardened to cyberattack by 2025” and that “all government organisations across the whole public sector [will be] resilient to known vulnerabilities and attack methods no later than 2030”.

In his ministerial foreword to the document, prime minister Boris Johnson wrote that it is crucial the government leads by example if the UK’s ambitions are to be met.

“As well as ensuring that government organisations can protect the services and functions that maintain and promote our economy and society, government must be an exemplar to the private sector, to ensure that the UK continues to enhance its reputation as one of the most secure and attractive digital economies in which to live, do business and invest in,” he said.

Cabinet Office minister Steve Barclay added that around 40% of cyber incidents reported between September 2020 and August 2021 were aimed at public sector organisations.

“Building and maintaining our cyber defences is therefore vital if we are to protect the functions and services on which we all depend,” he said. “As government, we have made a great deal of progress in recent years, but there is much more to do. “To meet the threats we will face in the coming decade we must build on our successes and transform how we approach cyber security in government.”

The paper confirmed that responsibility for ensuring public sector bodies in the devolved nations are resilient to cyber risks will fall to the respective devolved governments.

Its publication comes just a month after the release of the government’s National Cyber Strategy, which set out the ambition to make the UK a leading cyber power. The plan underscored the importance of all organisations increasing internet security and protecting against ransomware attacks that emanate from countries such as Russia and China.