National Cyber Security Centre: ‘Our adversaries innovate – so we must too’

Written by Sam Trendall on 30 October 2019 in News

Senior leaders stress importance of risk-taking in combatting the threats faced by the UK

Credit: NSWC Crane Corporate Communications

Leaders at the National Cyber Security Centre have stressed the importance of matching the ability to innovate of the hostile states and other malicious actors that pose a threat to UK businesses and public sector entities.

In a keynote presentation at the Cyber Innovation Den event hosted yesterday in central London by techUK, a senior NCSC spokesperson told attendees that the intelligence agency addressed the global cyberthreat landscape much as a business would approach its competitive marketplace.

“We do not exactly have competitors, but we do have adversaries, and they innovate – so we had better innovate too,” they said.

The senior manager said that the organisation conceives of maintaining the UK’s status as an innovative “cyber power” in three ways.

Related content

The first if these is being able to “defend ourselves using innovative technologies”. The second is – in extreme circumstances – possessing “the ability to attack people in cyberspace”, while “the third is to do that within established norms and be ethical and lawful”, the spokesperson said.

They added: “We are in an arms race with cybercriminals and other hostile organisations – and they do innovate.”

The presentation echoed comments made by NCSC chief executive Ciaran Martin at an event last week launching the organisation’s annual report.

“We will take more risks – we will innovate, that is essential,” he said. “Not all of them will work, and my plea to our partners is to stand with us through our failures as well as our successes.”

Developing cyber skills
Published in 2016, the government’s National Cyber Security Strategy set out a five-year plan, the ongoing implementation of which is split into three tracks: Defend; Deter; and Develop. 

Also presenting at the techUK event was Andrew Elliot, deputy director of cyber and digital identity at the Department for Digital, Culture, Media and Sport. He said that his department is focused on the ‘develop’ strand of the strategy rollout.

Within this, DCMS has three core objectives, he said. 

“Number one is we want to have the skills and capability to meet a growing demand,” Elliot said. “We are also trying to move the responsibility for being secure from the user to the manufacturer – we want to make the internet of things secure by default. Thirdly, we want all organisations to have access to the best security products and services that they need.”

Elliot pointed to two accelerator programmes for cybersecurity start-ups as examples of programmes that demonstrate the role government can play in instigating innovation. 

The London Office for Rapid Cybersecurity Advancement (Lorca), which is funded by DCMS, is now recruiting for its fourth cohort of SME companies. Firms that took part in the first three have raised a cumulative total of £58m in investment, Elliot said.

Meanwhile, the Cyber Accelerator programme, run by the NCSC from the Cheltenham headquarters of its parent agency GHCQ, is already working with its fourth cohort of start-ups. The 23 companies to take part in the first three cohorts have attracted backing totalling £35m.

While these figures appear impressive, Elliot stressed that government was still working to ascertain whether “we made sustainable interventions – or have we just created a flash in the pan?”.

“We do not have all the answers yet,” he said. “What is the core role of governments in this space?” 

"Government has great convening power... We have various levers – and those levers do not always require funding large programmes"
Andrew Elliot, DCMS

Government’s ability to help organisations work together to the benefit of the UK’s security is evidenced by the growing number of cybersecurity “clusters” across the UK, Elliot said. There are now 24 such clusters around the country, each of which contains a group of cybersecurity SMEs that wish to collaborate with one another.

Another example cited by the DCMS cyber chief of how government can serve as an assembler is the creation of the UK Cyber Security Council. Whitehall funding of up to £2.5m is available to establish the council, which will be dedicated to furthering the cybersecurity profession across the UK and growing the skills. Government is currently working to choose a lead organisation to deliver the council.

“Government has great convening power – we help people make connections,” Elliot said. “We have various levers – and those levers do not always require funding large programmes.”


About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

How big is the UK’s cyber skills gap?
7 July 2020

A major government-commissioned study found that about half of UK organisations are lacking basic security skills. PublicTechnology talks to the researchers behind it to find out where...

Welcome to Cyber Week
6 July 2020

Introducing a dedicated week of features, interviews and exclusive research

Cyber national security: how the UK has prepared itself for major attacks
6 July 2020

We are approaching the fourth anniversary of the foundation of the NCSC and the threats it was created to respond to loom larger than ever. PublicTechnology examines the growth of the UK’...

Letter from Australia: how the government got serious on cybersecurity
10 July 2020

CyberArk, our sponsor for PublicTechnology Cyber Week, writes about how industry and government are working together to meet Australia’s cyber challenges

Related Sponsored Articles

Interview: CyberArk EMEA chief on how government has become a security leader
29 May 2020

PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right

Accelerating sustainability in the age of disruption
21 May 2020

HPE shows why organisations are increasingly seeking to understand and consider the environmental impacts of their IT purchasing decisions