According to a 12-page document from the National Audit Office (NAO), the UK National Cyber Security Program is not meeting its goals with efficiency. The report, which evaluates the 2016-2021 strategy set up by the Cabinet Office, detailed numerous shortcomings that determined their conclusions of failure.
The analysis more or less starts with the following premise:
The 2016 National Cyber Security Strategy’s (the Strategy) vision is that “the UK is secure and resilient to cyber threats, prosperous and confident in the digital world.” Government recognises this is a complex challenge that also needs the involvement of businesses and the public to manage their own exposure to cyber risk. The Strategy outlines the roles and responsibilities that individuals, businesses, organisations and government need to take to make sure that their systems are secure. The Strategy is supported by expenditure of £1.9 billion.
One point of contention is that the budget assigned to the UK National Cyber Security Program is insufficient. As of the time of the report being filed, the “remaining funding for the final two years of the five-year Programme” is a measly £648 million. While this seems like a decent sum of cash, it really is not when you consider that only 3 of 12 goals for the Program are considered to be on track. With the year of 2019 well under way, one can understand how the NAO is concerned that the goals will not be fulfilled by the 2021 deadline.
This is compounded further by the Cabinet Office stating itself that there is only one area of the “12 strategic outcomes” that they have “high confidence” in fulfilling. From this one can deduce that mismanagement has been rampant in the UK National Cyber Security Program. In fact, the NAO explicitly stated as much, saying in the report that they believe a new strategy is needed.
The new strategy is spoken of toward the end of the report and is summarized as follows:
In advance of the 2019 Spending Review, the Department should consult across government and other relevant organisations. We would expect this strategy to be principles-based, identifying the unique role that the centre of government can play, the responsibilities of other departments, and the scale and nature of the government’s cyber security support to the wider UK economy and society.
The NAO assessment is a good place for the Cabinet Office to reevaluate its priorities and attempt to salvage the UK National Cyber Security Program. Time will tell if the Office takes the recommendations to heart and implements them.
Featured image: Flickr / Pikakoko