UK National Cyber Security Program ‘not meeting its goals’

According to a 12-page document from the National Audit Office (NAO), the UK National Cyber Security Program is not meeting its goals with efficiency. The report, which evaluates the 2016-2021 strategy set up by the Cabinet Office, detailed numerous shortcomings that determined their conclusions of failure.

The analysis more or less starts with the following premise:

The 2016 National Cyber Security Strategy’s (the Strategy) vision is that “the UK is secure and resilient to cyber threats, prosperous and confident in the digital world.” Government recognises this is a complex challenge that also needs the involvement of businesses and the public to manage their own exposure to cyber risk. The Strategy outlines the roles and responsibilities that individuals, businesses, organisations and government need to take to make sure that their systems are secure. The Strategy is supported by expenditure of £1.9 billion.

One point of contention is that the budget assigned to the UK National Cyber Security Program is insufficient. As of the time of the report being filed, the “remaining funding for the final two years of the five-year Programme” is a measly £648 million. While this seems like a decent sum of cash, it really is not when you consider that only 3 of 12 goals for the Program are considered to be on track. With the year of 2019 well under way, one can understand how the NAO is concerned that the goals will not be fulfilled by the 2021 deadline.

This is compounded further by the Cabinet Office stating itself that there is only one area of the “12 strategic outcomes” that they have “high confidence” in fulfilling. From this one can deduce that mismanagement has been rampant in the UK National Cyber Security Program. In fact, the NAO explicitly stated as much, saying in the report that they believe a new strategy is needed.

The new strategy is spoken of toward the end of the report and is summarized as follows:

In advance of the 2019 Spending Review, the Department should consult across government and other relevant organisations. We would expect this strategy to be principles-based, identifying the unique role that the centre of government can play, the responsibilities of other departments, and the scale and nature of the government’s cyber security support to the wider UK economy and society.

The NAO assessment is a good place for the Cabinet Office to reevaluate its priorities and attempt to salvage the UK National Cyber Security Program. Time will tell if the Office takes the recommendations to heart and implements them.

Featured image: Flickr / Pikakoko

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter
Tags NAOUK

Recent Posts

Google adds better protection against man-in-the-middle attacks

Google is ramping up its security protections to better ward off man-in-the-middle attacks, which have caused extreme damage over the…

13 mins ago

‘Sea Turtle’ DNS hijacking attacks believed to be state-sponsored

A DNS hijacking campaign hitting governments and agencies in the Middle East and North Africa is believed to be the…

4 days ago

Top 9 cybersecurity startups to keep an eye on in 2019

Cybersecurity is one of the most heavily invested areas every year. Here are nine cybersecurity startups that are attracting the…

4 days ago

Is faxing still a viable mode of business communication? Oh, yeah!

Think the annoying squelch of a fax machine is an extinct sound from the past? Think again. For many businesses,…

4 days ago

Static IP address vs. dynamic IP address: Which is better for business?

While most businesses and home users can do quite well with a dynamic IP address, there are times you should…

5 days ago

Using MFA to connect to Exchange Online PowerShell

Exchange Online PowerShell is a great tool for managing Exchange Online in Office 365. But there are a few steps…

5 days ago