View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 16, 2021updated 01 Feb 2022 4:17am

The UK’s National Cyber Strategy signals a more ‘proactive’ approach to cyber power

The UK plans to take a more 'interventionist' position on cybersecurity, experts tell Tech Monitor, including defending its values online.

By Claudia Glover

The UK government unveiled its long-awaited National Cyber Strategy yesterday, outlining how it plans to improve the resilience of UK institutions and businesses while protecting the country’s interests in ‘cyberspace’. The strategy signals a more interventionist stance from the government, experts told Tech Monitor, which has previously looked to the private sector for leadership. Its commitment to a ‘whole of society’ approach, meanwhile, risks overlooking the need for more diverse perspectives in the cybersecurity workforce.

UK National Cyber Strategy


The National Cyber Force, a joint initiative between GCHQ (pictured), the MoD and MI6, will be equipped for ‘offensive cyber’, the new strategy says. (Photo courtesy Ministry of Defence)

UK National Cyber Strategy: a more proactive stance

The National Cyber Strategy is focused on five pillars: strengthening the UK cybersecurity ecosystem; building a resilient and prosperous digital economy; taking the lead in technologies vital to ‘cyber power’, advancing UK global leadership in cybersecurity and technology and, finally, “detecting, disrupting and deterring” the UK’s adversaries in ‘cyberspace’.

The strategy signals an increasingly interventionist approach by the UK government, says Dr Tim Stevens, head of the Cyber Security Research Group at King’s College London. “It’s very proactive,” he says. “Whereas the last strategy [published in 2016] was saying ‘look, the market won’t deliver everything here. We need to be more interventionist,’ this [strategy] has said, ‘We’re going to do something really forward-leaning and interventionist. We’re going to put our money where our mouth is.’”

This interventionist approach can be seen in the strategy’s stance on the country’s cybersecurity industry, on the cybersecurity defences of British businesses, and in its approach to geopolitical rivals.

Under the new strategy, for example, the National Cyber Security Centre will be tasked with taking “direct action to reduce cyber harms to the UK.” The National Cyber Force, a joint initiative between GCHQ, the Ministry of Defence and MI6, will be equipped to undertake ‘offensive cyber’ operations, disrupting the online communications of adversaries.

The strategy also indicates a more proactive stance in defending the UK's principles online. "We will champion an inclusive, multi-stakeholder approach to debates about the future of cyberspace and digital technology, upholding human rights in cyberspace and countering moves towards digital authoritarianism and state control," it says.

Content from our partners
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition

This a commitment to counter internet censorship and control by the likes of Russia and China, explains Stevens. "At one point it even calls out digital authoritarianism, which I do not recall from previous strategies, but that is what our diplomats have been doing. And this is very much about saying 'We have to push back against this.'"

"It has a very clear vision," Stevens says of the strategy. "Whether it can be achieved or not is an open question. But it is an interesting shift towards being very proactive."

A 'whole of society' approach

The National Cyber Security Strategy also pledges to take a 'whole of society' approach to cybersecurity, encompassing the private sector, the education system and more. "What happens in the boardroom or the classroom matters as much to our national cyber power as the actions of technical experts and government officials," it says.

This is an "acknowledgement that cybersecurity issues are so broad, complex and interlinked that they need to be knitted into the very fabric of national policymaking," says Niel Harper, a cybersecurity policy advisor to the World Economic Forum. "The government has come to terms with the fact that it doesn't have the resources or the depth of skills to tackle all the UK's cyber-related problems on its own."

"There's only so much the government can do," agrees James Sullivan, director of cyber research at defence think tank RUSI. "It's about channelling the rest of society to deliver the cybersecurity ... and the technological advancement we need."

This 'whole-of-society' approach includes increasing the diversity of the UK's cybersecurity workforce, the strategy acknowledges. Concrete measures to achieve this include moves to improve the "diversity of candidates taking Computer Science GCSE and equivalent qualifications in Scotland, and going onto further education such as T Levels in England and apprenticeships and higher education opportunities," it says.

However, experts note there is also need to increase the diversity of perspectives and abilities within the cybersecurity workforce. "I've heard individual civil servants talk about how we need people outside STEM to be involved in cybersecurity, but that's weakly articulated in the National Cyber Strategy," says Stevens.

RUSI's Sullivan agrees. "There are psychological elements to cybercrime. There are geopolitical cyber issues. We need a body of cyber diplomats that are able to translate complex technical information into simple language. So absolutely, we should not narrow our focus to a certain set of academics based on STEM skills. This is a much wider challenge."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU