UK National Cyber Security Program ‘not meeting its goals’

According to a 12-page document from the National Audit Office (NAO), the UK National Cyber Security Program is not meeting its goals with efficiency. The report, which evaluates the 2016-2021 strategy set up by the Cabinet Office, detailed numerous shortcomings that determined their conclusions of failure.

The analysis more or less starts with the following premise:

The 2016 National Cyber Security Strategy’s (the Strategy) vision is that “the UK is secure and resilient to cyber threats, prosperous and confident in the digital world.” Government recognises this is a complex challenge that also needs the involvement of businesses and the public to manage their own exposure to cyber risk. The Strategy outlines the roles and responsibilities that individuals, businesses, organisations and government need to take to make sure that their systems are secure. The Strategy is supported by expenditure of £1.9 billion.

One point of contention is that the budget assigned to the UK National Cyber Security Program is insufficient. As of the time of the report being filed, the “remaining funding for the final two years of the five-year Programme” is a measly £648 million. While this seems like a decent sum of cash, it really is not when you consider that only 3 of 12 goals for the Program are considered to be on track. With the year of 2019 well under way, one can understand how the NAO is concerned that the goals will not be fulfilled by the 2021 deadline.

This is compounded further by the Cabinet Office stating itself that there is only one area of the “12 strategic outcomes” that they have “high confidence” in fulfilling. From this one can deduce that mismanagement has been rampant in the UK National Cyber Security Program. In fact, the NAO explicitly stated as much, saying in the report that they believe a new strategy is needed.

The new strategy is spoken of toward the end of the report and is summarized as follows:

In advance of the 2019 Spending Review, the Department should consult across government and other relevant organisations. We would expect this strategy to be principles-based, identifying the unique role that the centre of government can play, the responsibilities of other departments, and the scale and nature of the government’s cyber security support to the wider UK economy and society.

The NAO assessment is a good place for the Cabinet Office to reevaluate its priorities and attempt to salvage the UK National Cyber Security Program. Time will tell if the Office takes the recommendations to heart and implements them.

Featured image: Flickr / Pikakoko

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter
Tags NAO UK

Recent Posts

Algorithmic trading: Leveraging your IT expertise to play the stock market

If you’re a crackerjack IT pro or, even better, a programmer, you may have some skills needed to try algorithmic…

15 hours ago

PowerShell script obfuscation: Fight back against this growing threat

Malware authors are increasingly using PowerShell script obfuscation to try to hack your systems. But there are several ways you…

20 hours ago

Can’t pass the buck: Boards must take charge of enterprise cybersecurity

A company’s board must be responsible for more than the bottom line. As cyberattacks rage, enterprise cybersecurity must be at…

23 hours ago

M2M communication: Changing the society one bit at a time

M2M communication is an information exchange between two machines without human intervention. But when used right, humans will benefit tremendously.

2 days ago

Can the hybrid multicloud approach deliver what it promises?

A comprehensive hybrid multicloud model can enable unprecedented operational agility for legacy applications and accelerate the development of new ones.

2 days ago

Securing and locking down your Azure management groups

The goal when using Azure management groups is to configure it based on your design, and then lock down the…

2 days ago