1

Issues in Contemporary Public Administration: Managing

performance within the National Cyber Security Centre (NCSC) to
strengthen the cybersecurity infrastructure of the UK
 2

Executive Summary
This research aims to highlight the issues faced by the National Cyber Security Centre (NCSC)
so that the performance of the company is managed properly to strengthen the infrastructure of
its cybersecurity in the UK. There were two different issues that created a challenging
environment for the NCSC and they were a lack of technical infrastructure as well as a shortage
of expertise. Focusing deep insights into these issues, this was understood that the organisation
had problems in cloud infrastructure as well as IoT traffic. Budgetary constraints became an
obstacle to addressing these issues. A shortage of cybersecurity professionals is considered to be
a major headache for the cybersecurity company. Lack of cybersecurity skills made them
restricted to handle the threats of hackers. The NCSC was identified to coordinate with
government agencies, private sectors, international firms and more so that the company can get
valuable data and information. The organisation is also considered to be giving quality education
to adolescents to get aware of cybersecurity processing. Agile Performance Management was
proposed for the future development of the company. CSPM along with industry-standard
algorithms should be implemented to address the technological issues of the NCSC.
 3

Table of Contents
Introduction and set up of problem..................................................................................................4

Introduction of the research.........................................................................................................4

Problem........................................................................................................................................5

Evaluation of the alternative solutions and research overview.......................................................6

Overview of Research..................................................................................................................6

Overview of current policies.......................................................................................................6

Proposed policies for future development...................................................................................7

Theoretical overview of the alternative solutions to enhance performance management...........7

Discussion of Findings and Conclusion..........................................................................................8

Analysis of the key findings........................................................................................................8

Recommendations for the identified challenges..........................................................................9

Conclusion...................................................................................................................................9

References......................................................................................................................................11
 4

Introduction and set up of problem

Introduction of the research

Performance management of an organisation is a systematic technique of setting goals and

objectives, assessing the progress continuously and giving feedback according to the assessment
to improve the performance of the organisation so that goals are reached efficiently and
effectively [6]. The process of performance management involves a wide range of organisational
stakeholders, such as owners, executive officers, managers, employees, customers and more [9].
The main goal of this report is to investigate the efficacy of the activities of the National Cyber
Security Centre (NCSC) in the UK information and communications security. The NCSC is a
public organisation that works under the UK government and is responsible for handling the
cyber security problems and providing the information related to these matters both to private
companies and people [14]. This organization is seen to be improving the digital infrastructure of
the UK as well as protecting people from cyber attacks by helping to eliminate cybercrime. The
NCSC is multifaceted as it offers services which not only include cybersecurity advice but also
incident response, threat analysis and employee training on how to handle cybersecurity. To
provide these services, the company has to collaborate with a vast number of organisations so
that the company is able to obtain information from different sectors. The organisation
collaborates with numerous government agencies, international security agencies, private sectors
and law enforcement to improve cybersecurity in the country. This was also understood that the
company is also taking innovative information from research institutions so that the current
trends of innovation and digital platforms can be implemented in the processing of the
organisation [1].
To strengthen cybersecurity, the NCSC holds a number of awareness campaigns among the
people of the UK so that they become aware of the terrible situation of cyber threats such as
phishing attacks, ransomware, malware and more [14]. Mitigation of the issues of cyber threats
from the perspective of people requires a compact knowledge regarding the processing of cyber
issues. Thus, the company plays an important role in terms of holding awareness campaigns to
deal with cyber threats. The NCSC plays an integral part in terms of providing cybersecurity and
 5

safety to the organisations as well as the people of the UK and moreover, it gives insights into
the mitigation strategies of cyber threats to the public of the country.

Problem

The NCSC has to face a number of challenges when it comes to operating the activities of the
organisation. Inefficient execution of plans leads to a lack of productivity in the end. The NCSC
faced two major challenges which mainly arise in terms of a lack of technological infrastructure
as well as a lack of quality expertise.
Lack of technological infrastructure
The NCSC has one of the biggest problems in managing cloud environments as the organisation
does not possess the highest quality of cloud infrastructure that enables it to understand what
activities are going on in the cloud environment. There is also a concern for the company to
operate on networks that have zero trust. There is a great risk to provide cyber security when
organisations use unencrypted IoT devices. As per reliable reports, a high number of almost 98%
of the processing of IoT traffic is believed to be unencrypted which is activated in the
organisational digital setting and therefore, it is a terrible challenge for the NCSC to counter the
risk of unencrypted in the organisational forum [13]. Budgetary constraints are some of the large
problems faced by the organisation. To deal with the digital platforms, there is a great
requirement of having a proper infrastructure and therefore, a huge budget is required to
construct the infrastructure. These problems are considered to be the major challenges that
become obstacles in order to process the organisation’s activities.
Lack of quality expertise
There is a high shortage of cybersecurity professionals all over the global platform. This is
clearly visible when cybersecurity skills were in the first place as far as the lack of skills in the
respective field is concerned. This was understood that 43% of participants believed that there is
a great lack of skills among cybersecurity professionals globally [17]. Therefore, the authority of
NCSC is considered to be dealing with this challenge of having a lack of quality employees who
can work in cybersecurity platforms. Moreover, cyber threats are continuously evolving and new
challenges day by day are faced by organisations. However, the skills of cybersecurity
employees remain the same and thus, they are unable to address the newly evolved challenges
[15]. Also it is found that shortage of cybersecurity professionals’ results in poor or weak digital
 6

infrastructure as well as lack of coordination within the authority of the cybersecurity

organisation in the country. The NCSC collaborates with different stakeholders like government
agencies, international partners, private sectors and more [17]. Therefore, sometimes it becomes
hard for the employees with lack of professional collaborative skills, to make effective
coordination with all these stakeholders and moreover, any kind of misalignment can have a
negative impact on the performance of the organisation [8]. Thus, these challenges have a major
impact on the operations of the NCSC in order to deal with cyber threats.

Evaluation of the alternative solutions and research overview

Overview of Research

This research helps in understanding the issues of the cybersecurity organisation, the NCSC in
terms of preventing cyber threats. Problems of the NCSC are to be discussed initially in this
research. Further, this research moves towards alternative solutions so that the cybersecurity
organisation can work with full efficiency. Recommendations will be delivered in the last phase
of this research based on the findings that were observed in the problem section.

Overview of current policies

The NCSC has a wide range of policies that help the organisation to move forward in terms of
achieving its goals. These current policies are to be analysed in this section. The authority of
NCSC believes in offering customised solutions to people and sectors by securing personal
machines, evolving practices for the security of business and providing guidance to different
industries like education, healthcare and more. Collaboration with different government
agencies, private companies and global cybersecurity authorities is one of the best policies of the
NCSC [19]. The cybersecurity organisation is considered to be seeking information from
numerous organisations that operate on digital platforms and the large collaboration of this
organisation makes it easy to earn relatable data as well as information. Thus, coordination with
different organisations has been a great polices that created a strong positive impact on the
activities of the organisation.
The NCSC adopts the policy of giving quality education to people and concerned sectors. This
was understood that the NCSC arranges cybersecurity courses for students who are aged between
 7

11 and 17 years so that people can get cyber exposure from the initial stages of their lives and
moreover, quality professionals can evolve. Thus, giving education on how cyber threats can be
dominated is an integral part of the policies of the NCSC.

Proposed policies for future development

There are numerous policies that can make future development for the NCSC like the advanced
policy of threat detection, enhancement of international collaboration and resilience of critical
infrastructure. These policies can have a positive impact on the management of the performance
of the company. Threat detection in real-time is necessary for the cybersecurity company [12].
State-of-the-art technology is a great innovative way to encounter threats in real time for
cybersecurity organisations. This technology offers a wide range of services like threat detection,
automated response, analytics and more. Using this technology eventually involves artificial
intelligence as well as machine learning for the improvement of the accuracy as well as the speed
of the identification of threats along with their mitigation strategy. There is a requirement for
partnerships with the private sector. Therefore, the NCSC should have a policy that clarifies the
ways of making partnerships with private sectors and their internal technological processes. This
is how private sectors can be able to prevent cyber threats from happening.
Collaboration with international cybersecurity organisations is a great policy for the
enhancement of infrastructure [8]. This is important for the cybersecurity organisation to
innovate its operations as well as activities with the involvement of trendy technologies.
Therefore, the organisation should look into the processing of global cyber companies and their
approach towards the measurement of cyber threats. This is how the company will have a basic
idea of how cyber companies may operate to tackle innovative cyber threats.

Theoretical overview of the alternative solutions to enhance performance

management

As performance management is a fundamental part in order to reach organisational success, there

is an importance of addressing performance management issues through the implication of
alternative solutions. Some of these solutions are to be discussed here in this section. “Agile
Performance Management” is an efficient theory that manages the organisation's performance
effectively. This theory of performance management focuses on flexibility, frequent feedback,
 8

adaptability, continuous improvement and more [3]. Strict and fast feedback is generated to the
higher authority of the organisation when there is an error that is found during the operations of
the organisation. Thus, these feedbacks help organisations reduce the risk factors effectively.
Moreover, there is always a scope for improvement on a regular basis for the cyber security
organisation when agile management is applied to the system.
On the other hand, the Information theory is found as another effective framework that can help
the National Cyber Security Centre (NCSC) to improve its organisational efficiency and
cybersecurity measures. The information theory focuses on how data are communicated, stored
and measured. In any case, it is apparent that it aims to gather and store information effectively
[2]. On the basis of these theory recommendations NCSC may change its approach of collecting
data to make sure that a complete threat assessment is based on data collection and storage
principles. In addition, efficient storage solutions can be implemented in order to ensure the
quick restoration of critical data and the quick response to cyber threats. In addition, the
application of information theory can also help to straighten the communication lines within
NCSC organization and guarantee a smooth transmission of threat intelligence [7]. This
theoretical understanding can render the organization more agile and prompt in the response to
emerging cyber threats. Therefore, this will enable NCSC to be better at providing cybersecurity
measures and protecting the digitally infrastructure by using information theory.

Discussion of Findings and Conclusion

Analysis of the key findings

After understanding the insights into the operations of the NCSC, two major problems were
found and they were a lack of technological infrastructure as well as a shortage of quality
professionals. From the viewpoint of technological infrastructure, this was understood that the
NCSC had issues in operating its services in the cloud environment. Unencrypted IoT traffic was
not dealt with properly by the company due to its increased number of occurrences regularly.
Technological issues did not get addressed due to budgetary constraints as well. As far as the
lack of quality IT professionals was concerned, this problem was considered a global issue for
cybersecurity companies including the NCSC [4]. A high rate of cybersecurity employees was
found who did not have quality skills as well as knowledge. This challenge is taking a highly
 9

severe position as cyber threats are being innovated rapidly whereas the skills of a majority of
employees remain the same. Collaboration skills were required from employees as the NCSC is
considered to be coordinating a vast range of organisations like government agencies, private
sectors and more.

Recommendations for the identified challenges

Solving the technological challenge faced by the NCSC

For the security of the cloud environment, there should be the implication of CSPM (“Cloud
Security Posture Management”)[10]. The use of this technology will enable the authority of the
NCSC to monitor regularly their technical infrastructure surrounding cloud environments for
compliance violations, misconfiguration, security risks and more [18]. This gives the security of
cloud resources through the adoption of best practices. There should be the usage of industry-
standard algorithms so that data in the cloud storage is encrypted properly. There should also be
the implementation of AWS, Google Cloud and Azure to secure the cloud environment [20].
Moreover, there should be regular reviewing and security configuration updating to address any
kind of threat. To reduce security breaches, the NCSC should segment different IoT devices that
are from other networking platforms. The use of SSL or TLS can be an effective application that
ensures encryption between IoT devices for transmitting data [16]. These technical solutions will
allow the NCSC to work efficiently.
Addressing the lack of IT professionals
There should be a process of continuous learning of IT cyber security skills through the
arrangement of training programs like online courses, workshops, software development,
networking, and more to develop cyber security skills [5]. The implication of artificial
intelligence can generate more efficiency in the efforts of IT professionals. This technology
along with machine learning will allow the employees of the NCSC to detect threats instantly
respond to automation and reduce their workload Error: Reference source not found. To give
flexibility as well as work-life balance for job satisfaction, the NCSC authority should introduce
the remote working technique for their employees. This will prevent burnout and encourage
employees to work effectively and with full concentration.
 10

Conclusion

After a thorough analysis of the issues faced by the NCSC and their probable suggestions, it is
concluded that the company has great importance in tackling cyber threats in the UK. Therefore,
it is essential for the NCSC authority to sort out the problems. This paper mentioned that the
cyber security company had two major issues- a lack of technical infrastructure as well as a
shortage of quality professionals. From the perspective of technological issues, the company had
challenges in the cloud environment as well as IoT devices. On the other hand, the shortage of
quality employees in cyber security platforms did not become capable of handling innovative
technologies that are used by modern hackers. Therefore, the company was suggested with
several strategies to address the technical challenge. There is a requirement for online training
regularly for the skills development of employees.
 11

References

[1] AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F. and Raymond Choo, K.-K.
(2022). The role of national cybersecurity strategies on the improvement of cybersecurity
education. Computers & Security, 119, p.102754.
doi:https://doi.org/10.1016/j.cose.2022.102754.
[2] Behn, R.D. (2003). Why Measure Performance? Different Purposes Require Different
Measures. Public Administration Review, 63(5), pp.586–606.
doi:https://doi.org/10.1111/1540-6210.00322.
[3] Chahal, S.M.S. (2023). Agile Methodologies for Improved Product Management. Journal of
business and strategic management, 8(4), pp.79–94. doi:https://doi.org/10.47941/jbsm.1439.
[4] Crumpler, W. and Lewis, J.A., (2022). Cybersecurity Workforce Gap (p. 10). Center for
Strategic and International Studies (CSIS).

[5] Hatzivasilis, G., Ioannidis, S., Smyrlis, M., Spanoudakis, G., Frati, F., Goeke, L.,
Hildebrandt, T., Tsakirakis, G., Oikonomou, F., Leftheriotis, G. and Koshutanski, H. (2020).
Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to
Trainees. Applied Sciences, 10(16), p.5702. doi:https://doi.org/10.3390/app10165702.
[6] Heinrich, C.J. (2002). Outcomes-Based Performance Management in the Public Sector:
Implications for Government Accountability and Effectiveness. Public Administration
Review, [online] 62(6), pp.712–725. doi:https://doi.org/10.1111/1540-6210.00253.
[7] JAMES, O. and MOSELEY, A. (2014). DOES PERFORMANCE INFORMATION
ABOUT PUBLIC SERVICES AFFECT CITIZENS’ PERCEPTIONS, SATISFACTION,
AND VOICE BEHAVIOUR? FIELD EXPERIMENTS WITH ABSOLUTE AND
RELATIVE PERFORMANCE INFORMATION. Public Administration, 92(2), pp.493–
511. doi:https://doi.org/10.1111/padm.12066.
[8] Kelman, S. and Friedman, J.N. (2009). Performance Improvement and Performance
Dysfunction: An Empirical Examination of Distortionary Impacts of the Emergency Room
Wait-Time Target in the English National Health Service. Journal of Public Administration
Research and Theory, 19(4), pp.917–946. doi:https://doi.org/10.1093/jopart/mun028.
 12

[9] Li, Y (2015) ‘The paradox of performance management regimes’ Public Administration,
93(4): 1152-67.
[10] Loaiza Enriquez, R. (2021). Cloud Security Posture Management /CSPM) in Azure. [online]
www.theseus.fi. Available at: https://www.theseus.fi/handle/10024/504136.
[11] Microsoft (2023). What Is AI for Cybersecurity? | Microsoft Security. [online]
www.microsoft.com. Available at:
https://www.microsoft.com/en-in/security/business/security-101/what-is-ai-for-cybersecurity
[Accessed 2 May 2024].
[12] Naseer, A., Naseer, H., Ahmad, A., Maynard, S.B. and Masood Siddiqui, A. (2021). Real-
time analytics, incident response process agility and enterprise cybersecurity performance: A
contingent resource-based analysis. International Journal of Information Management, 59,
p.102334. doi:https://doi.org/10.1016/j.ijinfomgt.2021.102334.
[13] NCSC (2024a). Current challenges. [online] www.ncsc.gov.uk. Available at:
https://www.ncsc.gov.uk/section/ncsc-for-startups/current-challenges.
[14] NCSC (2024). The National Cyber Security Centre. [online]. Available at:
https://www.ncsc.gov.uk/
[15] NCSC (2024b). Schools. [online] www.ncsc.gov.uk. Available at:
https://www.ncsc.gov.uk/section/education-skills/schools.
[16] Paris, Mohamed Hadi Habaebi and Alhareth Zyoud (2023). Implementation of SSL/TLS
Security with MQTT Protocol in IoT Environment. Wireless Personal Communications,
132(1), pp.163–182. doi:https://doi.org/10.1007/s11277-023-10605-y.
[17] Sherif, A. (Jul 7, 2023). In what area are you suffering a skills shortage? [online]. Available
at: https://www.statista.com/statistics/662423/worldwide-cio-survey-function-skill-
shortages/

[18] Srilakshmi, K. and Bhargavi, P. (2019). Cloud Computing Security Using Cryptographic
Algorithms. Asian Journal of Computer Science and Technology, 8(S3), pp.76–80.
doi:https://doi.org/10.51983/ajcst-2019.8.s3.2082.
[19] Tagarev, T. and Yanakiev, Y., (2020), May. Business models of collaborative networked
organisations: implications for cybersecurity collaboration. In 2020 IEEE 11th International
Conference on Dependable Systems, Services and Technologies (DESSERT) (pp. 431-438).
IEEE.
 13

[20] Wankhede, P., Talati, M. and Chinchamalatpure, R. (2020). Comparative Study Of Cloud
Platforms -Microsoft Azure, Google Cloud Platform And Amazon Ec2. Journal of Research
in Engineering and Applied Sciences, 05(02), pp.60–64.
doi:https://doi.org/10.46565/jreas.2020.v05i02.004.