Building a sustainable future: reactions to the UK NCSC’s fourth annual review

This week, the UK’s National Cyber Security Centre (NCSC) released its fourth annual review, highlighting their progress towards making the UK the safest place to live and work online.

In a year dominated by the impact of the coronavirus pandemic, the report highlights achievements in key areas including democracy, resilience and international influence.

To find out how these achievements are making the world safer and more secure, and how governments and cyber security stakeholders around the world can build on them to create a more sustainable future, we sat down with NCC Group’s Chief Technical Officer, Ollie Whitehouse, and Head of Public Affairs, Kat Sommer.

What are your immediate takeaways from the NCSC’s fourth annual review?

Ollie (OW): Firstly, the NCSC and global cyber security industry deserve great credit for their response to the short-term challenges of COVID-19. By proactively supporting healthcare providers and collaborating with international allies to protect research into potential vaccines, the NCSC has underlined and strengthened cyber security’s role as a guardian of critical national infrastructure.

The support that businesses and the public have received is also notable. For example, initiatives such as the Suspicious Email Reporting Service are to be welcomed for giving individuals more opportunities to engage with cyber security, with the ‘Exercise in a Box’ programme engaging people in over 100 countries.

As highlighted in our submission to the UK’s post-2021 National Cyber Security Strategy development, the pandemic has heightened the population’s receptiveness to the importance of cyber security, and initiatives like those mentioned are crucial in continuing to embed cyber resilience as a core part of the national psyche.

Kat (KS): In the past 12 months, the NCSC’s role in defending the UK’s political process was more obvious than ever as it ensured online voting continuity ahead of the 2019 election and advised on the creation of a Virtual Parliament to mitigate the threat from threat actors.

With efforts to establish satisfactory international cyber norms still ongoing and organised crime groups and proxy nation state actors continuing to orchestrate cyber attacks with few repercussions, the NCSC’s role in strengthening our democratic resilience should not be underestimated.

Going forward, it is crucial that the UK and its allies worldwide work closely to define acceptable behavior in cyberspace and consider how best to deal with rogue international actors.

How can the cyber security industry build on the NCSC’s achievements to create a more sustainable future?

KS: It’s important to remember that many of the reactive, short-term solutions that the NCSC has introduced will have lasting, long-term benefits. For example, while many businesses will have exposed themselves to new threats by moving to remote working, the lessons that they have learned, coupled with the advice and guidance that the NCSC and a host of independent cyber security providers have offered will help them to increase their long-term cyber resilience.

OW: It is encouraging to see the progress that the NCSC has made in encouraging greater diversity in cyber security through CyberFirst and the Decrypting Diversity report, which sets out a series of commitments to address diversity and inclusion in this sector.

It is only by setting such targets and being accountable to them that we will see real change and ensure that the next generation of cyber specialists can realise the benefits that diversity brings. This is something that NCC Group is actively pursuing through our dedicated inclusion and diversity programme, so we are delighted to align with and support the NCSC’s efforts in this area.

As the UK government’s five-year strategy draws to a close next year, we believe that the next strategy must build on the success of the NCSC which has successfully driven cross-sector collaboration and provided a great example for public and private sector organisations around the world.

Ultimately, there is still room to encourage a more holistic view of cyber security, whether that’s evidencing the value of cyber as a key facet of organisational governance in business, strengthening international collaborations and knowledge-sharing, or improving the population’s overall cyber literacy.

ENDS