Findings from UK Cyber Report

By Phil Reitinger

The United Kingdom published its new National Cyber Security Strategy on 1 November.   “Piffle,” you say, “not another cyber security strategy.”  In this case, you’d be wrong.

Cyber security is a critical topic, with significant breaches in the UK and elsewhere, election-related hacking in the United States, and record-setting denial-of-service attacks globally.  Our nations have been doing “cyber security” for decades, but every year the problem has become worse, not better.  It’s easy to collapse into cynicism.  Regardless, the UK strategy is a step in the right direction.

First, it is important in these interesting times to be clear and compelling.  The UK strategy puts forward a simple but evocative description of the approach – “Defend. Deter. Develop.” – that can help galvanize government and national action.  Like the 2010 UK Counterterrorism strategy, “Pursue Prevent Protect Prepare,” the taxonomy allows people to understand the strategy and their own role in furthering it.

Second, the UK strategy gets into details, focusing on concrete steps rather than policy blather.  The UK strategy calls for, among other things, implementing Domain Name System (DNS) blocking/filtering, and deploying an email verification system (meaning DMARC) – two projects in which the Global Cyber Alliance has a special interest.   Generally absent are phrases like “encourage to consider” (with some exceptions, like the box on encryption on p. 52) found in the occasional other strategy.

Third, the UK strategy bites off the issue of direct government action and regulation, where necessary.  “The Government will … invest to maximise the potential of a truly innovative UK cyber sector … identify and bring on talent … [and] will also make use of all available levers … to drive up standards of cyber security across the economy, including, if required, through regulation.”  The UK strategy draws a middle line between the pure “partnership” strategy in the US and what seems to be a heavier regulatory focus elsewhere.

No strategy is perfect, but focusing on clarity, action, and accountability will take you a long way.

The author, Phil Reitinger, is the President and CEO of the Global Cyber AllianceYou can follow him on Twitter @CarpeDiemCyber.