Professional Documents
Culture Documents
Issues in Contemporary Public Administration: Managing Performance Within The National Cyber Security Centre (NCSC) To Strengthen The Cybersecurity Infrastructure of The UK
Issues in Contemporary Public Administration: Managing Performance Within The National Cyber Security Centre (NCSC) To Strengthen The Cybersecurity Infrastructure of The UK
Executive Summary
This research aims to highlight the issues faced by the National Cyber Security Centre (NCSC)
so that the performance of the company is managed properly to strengthen the infrastructure of
its cybersecurity in the UK. There were two different issues that created a challenging
environment for the NCSC and they were a lack of technical infrastructure as well as a shortage
of expertise. Focusing deep insights into these issues, this was understood that the organisation
had problems in cloud infrastructure as well as IoT traffic. Budgetary constraints became an
obstacle to addressing these issues. A shortage of cybersecurity professionals is considered to be
a major headache for the cybersecurity company. Lack of cybersecurity skills made them
restricted to handle the threats of hackers. The NCSC was identified to coordinate with
government agencies, private sectors, international firms and more so that the company can get
valuable data and information. The organisation is also considered to be giving quality education
to adolescents to get aware of cybersecurity processing. Agile Performance Management was
proposed for the future development of the company. CSPM along with industry-standard
algorithms should be implemented to address the technological issues of the NCSC.
3
Table of Contents
Introduction and set up of problem..................................................................................................4
Problem........................................................................................................................................5
Overview of Research..................................................................................................................6
Conclusion...................................................................................................................................9
References......................................................................................................................................11
4
safety to the organisations as well as the people of the UK and moreover, it gives insights into
the mitigation strategies of cyber threats to the public of the country.
Problem
The NCSC has to face a number of challenges when it comes to operating the activities of the
organisation. Inefficient execution of plans leads to a lack of productivity in the end. The NCSC
faced two major challenges which mainly arise in terms of a lack of technological infrastructure
as well as a lack of quality expertise.
Lack of technological infrastructure
The NCSC has one of the biggest problems in managing cloud environments as the organisation
does not possess the highest quality of cloud infrastructure that enables it to understand what
activities are going on in the cloud environment. There is also a concern for the company to
operate on networks that have zero trust. There is a great risk to provide cyber security when
organisations use unencrypted IoT devices. As per reliable reports, a high number of almost 98%
of the processing of IoT traffic is believed to be unencrypted which is activated in the
organisational digital setting and therefore, it is a terrible challenge for the NCSC to counter the
risk of unencrypted in the organisational forum [13]. Budgetary constraints are some of the large
problems faced by the organisation. To deal with the digital platforms, there is a great
requirement of having a proper infrastructure and therefore, a huge budget is required to
construct the infrastructure. These problems are considered to be the major challenges that
become obstacles in order to process the organisation’s activities.
Lack of quality expertise
There is a high shortage of cybersecurity professionals all over the global platform. This is
clearly visible when cybersecurity skills were in the first place as far as the lack of skills in the
respective field is concerned. This was understood that 43% of participants believed that there is
a great lack of skills among cybersecurity professionals globally [17]. Therefore, the authority of
NCSC is considered to be dealing with this challenge of having a lack of quality employees who
can work in cybersecurity platforms. Moreover, cyber threats are continuously evolving and new
challenges day by day are faced by organisations. However, the skills of cybersecurity
employees remain the same and thus, they are unable to address the newly evolved challenges
[15]. Also it is found that shortage of cybersecurity professionals’ results in poor or weak digital
6
Overview of Research
This research helps in understanding the issues of the cybersecurity organisation, the NCSC in
terms of preventing cyber threats. Problems of the NCSC are to be discussed initially in this
research. Further, this research moves towards alternative solutions so that the cybersecurity
organisation can work with full efficiency. Recommendations will be delivered in the last phase
of this research based on the findings that were observed in the problem section.
The NCSC has a wide range of policies that help the organisation to move forward in terms of
achieving its goals. These current policies are to be analysed in this section. The authority of
NCSC believes in offering customised solutions to people and sectors by securing personal
machines, evolving practices for the security of business and providing guidance to different
industries like education, healthcare and more. Collaboration with different government
agencies, private companies and global cybersecurity authorities is one of the best policies of the
NCSC [19]. The cybersecurity organisation is considered to be seeking information from
numerous organisations that operate on digital platforms and the large collaboration of this
organisation makes it easy to earn relatable data as well as information. Thus, coordination with
different organisations has been a great polices that created a strong positive impact on the
activities of the organisation.
The NCSC adopts the policy of giving quality education to people and concerned sectors. This
was understood that the NCSC arranges cybersecurity courses for students who are aged between
7
11 and 17 years so that people can get cyber exposure from the initial stages of their lives and
moreover, quality professionals can evolve. Thus, giving education on how cyber threats can be
dominated is an integral part of the policies of the NCSC.
There are numerous policies that can make future development for the NCSC like the advanced
policy of threat detection, enhancement of international collaboration and resilience of critical
infrastructure. These policies can have a positive impact on the management of the performance
of the company. Threat detection in real-time is necessary for the cybersecurity company [12].
State-of-the-art technology is a great innovative way to encounter threats in real time for
cybersecurity organisations. This technology offers a wide range of services like threat detection,
automated response, analytics and more. Using this technology eventually involves artificial
intelligence as well as machine learning for the improvement of the accuracy as well as the speed
of the identification of threats along with their mitigation strategy. There is a requirement for
partnerships with the private sector. Therefore, the NCSC should have a policy that clarifies the
ways of making partnerships with private sectors and their internal technological processes. This
is how private sectors can be able to prevent cyber threats from happening.
Collaboration with international cybersecurity organisations is a great policy for the
enhancement of infrastructure [8]. This is important for the cybersecurity organisation to
innovate its operations as well as activities with the involvement of trendy technologies.
Therefore, the organisation should look into the processing of global cyber companies and their
approach towards the measurement of cyber threats. This is how the company will have a basic
idea of how cyber companies may operate to tackle innovative cyber threats.
adaptability, continuous improvement and more [3]. Strict and fast feedback is generated to the
higher authority of the organisation when there is an error that is found during the operations of
the organisation. Thus, these feedbacks help organisations reduce the risk factors effectively.
Moreover, there is always a scope for improvement on a regular basis for the cyber security
organisation when agile management is applied to the system.
On the other hand, the Information theory is found as another effective framework that can help
the National Cyber Security Centre (NCSC) to improve its organisational efficiency and
cybersecurity measures. The information theory focuses on how data are communicated, stored
and measured. In any case, it is apparent that it aims to gather and store information effectively
[2]. On the basis of these theory recommendations NCSC may change its approach of collecting
data to make sure that a complete threat assessment is based on data collection and storage
principles. In addition, efficient storage solutions can be implemented in order to ensure the
quick restoration of critical data and the quick response to cyber threats. In addition, the
application of information theory can also help to straighten the communication lines within
NCSC organization and guarantee a smooth transmission of threat intelligence [7]. This
theoretical understanding can render the organization more agile and prompt in the response to
emerging cyber threats. Therefore, this will enable NCSC to be better at providing cybersecurity
measures and protecting the digitally infrastructure by using information theory.
After understanding the insights into the operations of the NCSC, two major problems were
found and they were a lack of technological infrastructure as well as a shortage of quality
professionals. From the viewpoint of technological infrastructure, this was understood that the
NCSC had issues in operating its services in the cloud environment. Unencrypted IoT traffic was
not dealt with properly by the company due to its increased number of occurrences regularly.
Technological issues did not get addressed due to budgetary constraints as well. As far as the
lack of quality IT professionals was concerned, this problem was considered a global issue for
cybersecurity companies including the NCSC [4]. A high rate of cybersecurity employees was
found who did not have quality skills as well as knowledge. This challenge is taking a highly
9
severe position as cyber threats are being innovated rapidly whereas the skills of a majority of
employees remain the same. Collaboration skills were required from employees as the NCSC is
considered to be coordinating a vast range of organisations like government agencies, private
sectors and more.
Conclusion
After a thorough analysis of the issues faced by the NCSC and their probable suggestions, it is
concluded that the company has great importance in tackling cyber threats in the UK. Therefore,
it is essential for the NCSC authority to sort out the problems. This paper mentioned that the
cyber security company had two major issues- a lack of technical infrastructure as well as a
shortage of quality professionals. From the perspective of technological issues, the company had
challenges in the cloud environment as well as IoT devices. On the other hand, the shortage of
quality employees in cyber security platforms did not become capable of handling innovative
technologies that are used by modern hackers. Therefore, the company was suggested with
several strategies to address the technical challenge. There is a requirement for online training
regularly for the skills development of employees.
11
References
[1] AlDaajeh, S., Saleous, H., Alrabaee, S., Barka, E., Breitinger, F. and Raymond Choo, K.-K.
(2022). The role of national cybersecurity strategies on the improvement of cybersecurity
education. Computers & Security, 119, p.102754.
doi:https://doi.org/10.1016/j.cose.2022.102754.
[2] Behn, R.D. (2003). Why Measure Performance? Different Purposes Require Different
Measures. Public Administration Review, 63(5), pp.586–606.
doi:https://doi.org/10.1111/1540-6210.00322.
[3] Chahal, S.M.S. (2023). Agile Methodologies for Improved Product Management. Journal of
business and strategic management, 8(4), pp.79–94. doi:https://doi.org/10.47941/jbsm.1439.
[4] Crumpler, W. and Lewis, J.A., (2022). Cybersecurity Workforce Gap (p. 10). Center for
Strategic and International Studies (CSIS).
[5] Hatzivasilis, G., Ioannidis, S., Smyrlis, M., Spanoudakis, G., Frati, F., Goeke, L.,
Hildebrandt, T., Tsakirakis, G., Oikonomou, F., Leftheriotis, G. and Koshutanski, H. (2020).
Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to
Trainees. Applied Sciences, 10(16), p.5702. doi:https://doi.org/10.3390/app10165702.
[6] Heinrich, C.J. (2002). Outcomes-Based Performance Management in the Public Sector:
Implications for Government Accountability and Effectiveness. Public Administration
Review, [online] 62(6), pp.712–725. doi:https://doi.org/10.1111/1540-6210.00253.
[7] JAMES, O. and MOSELEY, A. (2014). DOES PERFORMANCE INFORMATION
ABOUT PUBLIC SERVICES AFFECT CITIZENS’ PERCEPTIONS, SATISFACTION,
AND VOICE BEHAVIOUR? FIELD EXPERIMENTS WITH ABSOLUTE AND
RELATIVE PERFORMANCE INFORMATION. Public Administration, 92(2), pp.493–
511. doi:https://doi.org/10.1111/padm.12066.
[8] Kelman, S. and Friedman, J.N. (2009). Performance Improvement and Performance
Dysfunction: An Empirical Examination of Distortionary Impacts of the Emergency Room
Wait-Time Target in the English National Health Service. Journal of Public Administration
Research and Theory, 19(4), pp.917–946. doi:https://doi.org/10.1093/jopart/mun028.
12
[9] Li, Y (2015) ‘The paradox of performance management regimes’ Public Administration,
93(4): 1152-67.
[10] Loaiza Enriquez, R. (2021). Cloud Security Posture Management /CSPM) in Azure. [online]
www.theseus.fi. Available at: https://www.theseus.fi/handle/10024/504136.
[11] Microsoft (2023). What Is AI for Cybersecurity? | Microsoft Security. [online]
www.microsoft.com. Available at:
https://www.microsoft.com/en-in/security/business/security-101/what-is-ai-for-cybersecurity
[Accessed 2 May 2024].
[12] Naseer, A., Naseer, H., Ahmad, A., Maynard, S.B. and Masood Siddiqui, A. (2021). Real-
time analytics, incident response process agility and enterprise cybersecurity performance: A
contingent resource-based analysis. International Journal of Information Management, 59,
p.102334. doi:https://doi.org/10.1016/j.ijinfomgt.2021.102334.
[13] NCSC (2024a). Current challenges. [online] www.ncsc.gov.uk. Available at:
https://www.ncsc.gov.uk/section/ncsc-for-startups/current-challenges.
[14] NCSC (2024). The National Cyber Security Centre. [online]. Available at:
https://www.ncsc.gov.uk/
[15] NCSC (2024b). Schools. [online] www.ncsc.gov.uk. Available at:
https://www.ncsc.gov.uk/section/education-skills/schools.
[16] Paris, Mohamed Hadi Habaebi and Alhareth Zyoud (2023). Implementation of SSL/TLS
Security with MQTT Protocol in IoT Environment. Wireless Personal Communications,
132(1), pp.163–182. doi:https://doi.org/10.1007/s11277-023-10605-y.
[17] Sherif, A. (Jul 7, 2023). In what area are you suffering a skills shortage? [online]. Available
at: https://www.statista.com/statistics/662423/worldwide-cio-survey-function-skill-
shortages/
[18] Srilakshmi, K. and Bhargavi, P. (2019). Cloud Computing Security Using Cryptographic
Algorithms. Asian Journal of Computer Science and Technology, 8(S3), pp.76–80.
doi:https://doi.org/10.51983/ajcst-2019.8.s3.2082.
[19] Tagarev, T. and Yanakiev, Y., (2020), May. Business models of collaborative networked
organisations: implications for cybersecurity collaboration. In 2020 IEEE 11th International
Conference on Dependable Systems, Services and Technologies (DESSERT) (pp. 431-438).
IEEE.
13
[20] Wankhede, P., Talati, M. and Chinchamalatpure, R. (2020). Comparative Study Of Cloud
Platforms -Microsoft Azure, Google Cloud Platform And Amazon Ec2. Journal of Research
in Engineering and Applied Sciences, 05(02), pp.60–64.
doi:https://doi.org/10.46565/jreas.2020.v05i02.004.