Government debuts cybersecurity strategy to protect public services

The government is rolling out a new £37.8 million strategy to help combat cyber threats against UK public services.

Steve Barclay MP said the investment would help local authorities boost their cyber resilience. This includes protecting essential services and data including housing benefit, voter registration, electoral management, school grants and the provision of social care.

Announcing the Government Cybersecurity Strategy, Barclay said Britain is now the third most targeted country in the world in cyberspace from hostile states.

“Our public services are precious and without them individuals can’t access the support that they rely on,” he said.

“If we want people to continue to access their pensions online, social care support from local government or health services, we need to step up our cyber defences.

“The cyber threat is clear and growing. But government is acting – investing over £2 billion in cyber, retiring legacy IT systems and stepping up our skills and coordination.”

‘Defend As One’

The new strategy outlines how central government and the public sector will ensure that public services can function in the face of growing cyber threats. This includes better sharing data, expertise and capabilities to allow government to ‘Defend As One’, meaning that “government cyber defence is far greater than the sum of its parts.”

Of the 777 incidents managed by the National Cybersecurity Centre (NCSC) between September 2020 and August 2021, around 40 percent were aimed at the public sector. In 2020, both Redcar & Cleveland and Hackney Councils were hit by ransomware attacks impacting council tax, benefits and housing waiting lists. Gloucester City Council was then the subject of a further cyberattack in 2021.

Members of the public will be able to contribute to the effort, with a new vulnerability reporting service allowing individuals to report weaknesses in digital services.

It follows the recent publication of the National Cybersecurity Strategy, which called on all parts of society to play their part in reinforcing the UK’s economic strengths in cyberspace, through more diversity in the workforce, levelling up the cyber sector across all UK regions, expanding offensive and defensive cyber capabilities and prioritising cybersecurity in the workplace, boardrooms and digital supply chains.

Key strategy announcements

• Establishing a new Government Cyber Coordination Centre (GCCC), to better coordinate cybersecurity efforts across the public sector. Building on private sector models, such as the Financial Sector Cyber Collaboration Centre, the GCCC will identify, investigate and coordinate the government’s response to attacks on public sector systems. The government says the centre will be based in the Cabinet Office and will ensure that data is rapidly shared, allowing us to ‘Defend As One’.
• A new cross-government vulnerability reporting service, which will allow security researchers and members of the public to report issues they identify with public sector digital services.
• A new, more detailed assurance regime for the whole of government, which will include robust assessment of departmental plans and vulnerabilities to give central government a more detailed picture of government’s cyber health for the first time.
• £37.8 million invested into local authorities for cyber resilience – protecting essential services and data including housing benefit, voter registration, electoral management, school grants and the provision of social care.
• A project to reduce government risk through culture change, in partnership with small businesses and academia.
• Stepped up work to understand the growing risk from the supply chains of commercially provided products in government systems, ensuring security is a key part of procurement and working with industry on cyber vulnerabilities.