National Cybersecurity Strategy 2022 For UK

National
Cyber
Strategy 2022
Pioneering a cyber future with
the whole of the UK
National
Cyber
Strategy 2022
Pioneering a cyber future with
the whole of the UK
Contents
Foreword8
Introduction10
The opportunities and challenges of the digital age 10
Our vision: cyber power in support of national goals 11
The five pillars of our strategy 13
Part 1: Strategy 16
Strategic Context 17
Global Britain in a Competitive Age 17
The cyber landscape 17
Cyber power 20
The UK as a cyber power today 20
Drivers of change 29
Our National Response 32

Our vision, goals and principles 32
Key shifts in our approach 34
Roles and responsibilities across the UK 36
Part 2: Implementation 46
Pillar 1: UK Cyber Ecosystem 48
Strengthening the UK’s cyber ecosystem 49
Objective 1: Support a whole-of-society approach50
Objective 2: Enhance skills and diversity54
Objective 3: Foster growth and innovation58
5
Pillar 2: Cyber Resilience 64
Building a resilient and prosperous digital UK 65
Objective 1: Understand cyber risk 68
Objective 2: Prevent and resist cyber attacks 70
Objective 3: Prepare, respond and recover 74
Pillar 3: Technology Advantage 78

Taking the lead in the technologies vital to cyber power 79
Objective 1: Anticipate, assess and act on technology developments 81
Objective 2: Foster and sustain advantage in technology 82
Objective 2a: Preserving the national Crypt-Key enterprise85
Objective 3: Secure connected technologies 86
Objective 4: Shape global technology standards 88
Pillar 4: Global Leadership 90

Advancing UK global leadership and influence for a
secure and prosperous international order 91
Objective 1: Strengthen collective action and mutual cyber resilience 92
Objective 2: Shape global governance of cyberspace94
Objective 3: Leverage and export UK capabilities in cyber95
Pillar 5: Countering Threats 98

Detecting, disrupting and deterring our adversaries to
enhance UK security in and through cyberspace 99
Objective 1: Detect, investigate and share information on threats 101
Objective 2: Deter and disrupt threats 104
Objective 3: Take action in and through cyberspace to counter threats 106
Delivering Our Ambition 112

Roles and responsibilities across government 112
Investing in our cyber power 115
Measuring success 115
Next steps 116
6 National Cyber Strategy

Annex A: Cyber as part of the government’s wider agenda 118
Annex B: NIS Regulations – National Strategy 121
Key roles and responsibilities 122
List of key authorities for NIS implementation 124
Annex C: Glossary 125

26
40
42
44
52
56
60
80
84
103
108
110
7
Foreword
The United Kingdom is an open and The new National Cyber Strategy is
democratic society, whose record our plan to ensure that the UK remains
in collaboration and innovation confident, capable and resilient in this
underpins our success as an outward- fast-moving digital world; and that we
looking global nation. We see this in continue to adapt, innovate and invest
our response to international health in order to protect and promote our
emergencies and in our promotion interests in cyberspace.
of Net Zero targets. But nowhere are
the advantages of this approach more Taking over where the pioneering
evident than in cyber. National Cyber Security Strategy of
2016 leaves off, this next chapter leads
Whether it’s realising the wide-ranging us into a future where the UK is even
benefits that cyber offers our citizens more resilient to cyber attack. As lead
and our economy as we level up and minister, I am clear about two of its core
unite the entire country; working with aims: first that we should strengthen
partners towards a cyberspace that our hand in technologies that are critical
reflects our national values or using to cyber; second, that we should limit
the full extent of our cyber capability to our reliance on individual suppliers or
influence global events, the UK sees technologies which are developed under
cyber as a way to protect and promote regimes that do not share our values.
our interests in a landscape being
reshaped by technology.

UK science and technology will be the up in our offensive cyber capability. But
engine room of this change, ensuring basic cyber security remains central
that cyber continues to be a national to our efforts as we toughen up our
economic and strategic asset, that our response to those who attack the UK
technology is more trustworthy and is and our citizens. Our focus is also on
better able to ward off a spectrum of making the public sector more resilient,
cyber adversaries whose capabilities helping councils protect their systems
were, until recently, the sole preserve and citizens’ personal data from
of nation states. ransomware and other cyber attacks.
As a government, we have committed As a society, cyber is for everyone.

to spend £22 billion on research and Through this Strategy, the government
development, and to put technology is doing more to protect UK citizens and
at the heart of our plans for national companies, and its international partners
security. We have all seen the – helping realise its vision of cyberspace
transformative potential of digital as a reliable and resilient place for
technologies but also, as with 5G, people and business to flourish.
their potential to disrupt. Our plans
for artificial intelligence and data
policy will help ensure that we are on
the front foot for these technologies,
and the steps taken under the cyber
The Rt Hon Steve Barclay MP
strategy will ensure we have confidence
Chancellor of the Duchy of Lancaster
in the security and resilience of
and Minister for the Cabinet Office
suppliers and partners.
The creation of the National Cyber Force

last year represents a significant step-
9
Introduction
The opportunities and 2. The scale and speed of this change –
often outpacing our social norms, laws,
challenges of the digital age and democratic institutions – is also
unleashing unprecedented complexity,
1. Exponential advances in technology
instability and risk. The past year has
combined with decreasing costs have
seen cyber attacks on hospitals and
made the world more connected
oil pipelines, schools and businesses,
than ever before, driving extraordinary
some brought to a standstill by
opportunity, innovation and progress.
ransomware, and commercial spyware
The coronavirus (COVID-19) pandemic
used to target activists, journalists
has accelerated this trend, but we
and politicians. The transnational
are likely still in the early stages of a
nature of cyberspace means these
long-term structural shift. The global
challenges cannot be addressed without
expansion of cyberspace is changing
international collaboration, but it is
the way we live, work and communicate,
also an increasingly important arena of
and transforming the critical systems
systemic competition and the clash of
we rely on in areas such as finance,
competing interests, values and visions
energy, food distribution, healthcare
of our global future.
and transport. In short, cyberspace is
now integral to our future security and
prosperity. This offers extraordinary
opportunities for technologically
advanced countries like the UK to
pursue their national goals in new ways.

Our vision: cyber power in • a more secure and resilient nation,
better prepared for evolving threats
support of national goals and risks and using our cyber
3. In this context, cyber power is capabilities to protect citizens
becoming an ever more vital lever against crime, fraud and state threats
of national power and a source of • an innovative, prosperous digital
strategic advantage. Cyber power is economy, with opportunity more
the ability to protect and promote evenly spread across the country
national interests in and through and our diverse population
cyberspace. Countries that are best
able to navigate the opportunities and • a Science and Tech Superpower,
challenges of the digital age will be securely harnessing transformative
more secure, more resilient and more technologies in support of a greener,
prosperous in future. The UK is one healthier society
of the world’s most digitally advanced
• a more influential and valued partner
nations and this government has an
on the global stage, shaping the
ambitious technology agenda, at
future frontiers of an open and stable
home and abroad. This means we are
international order while maintaining
especially exposed to the challenges
our freedom of action in cyberspace
of cyberspace but also uniquely well-
placed to lead the way in seizing its 6. Over the past decade we have
opportunities for our citizens and for the established the UK as a cyber power,
common benefit of humanity. building cutting-edge cyber security and
operations capabilities and a leading
4. Over the next ten years, the internet,
cyber security sector. This strategy
digital technology and the infrastructure
builds on the significant progress made
that underpins it will become ever
through the National Cyber Security
more fundamental to our interests and
Strategy 2016-2021 and three important
to those of our allies and adversaries.
conclusions set out in the government’s
As we forge a new role for the UK in a
Integrated Review of Security, Defence,
more competitive age, strengthening
Development and Foreign Policy. First,
our cyber power will enable us to
that in the digital age, the UK’s cyber
lead the way for industry and other
power will be an ever more important
countries, get ahead of future changes
lever for delivering our national goals.
in technology, mitigate threats and
Second, that sustaining our cyber
gain strategic advantage over our
power requires a more comprehensive
adversaries and competitors. It will
and integrated strategy, considering
make the UK one of the most secure
our full range of cyber objectives and
and attractive digital economies to live,
capabilities. And third, that this must
do business and invest in.
be a whole of society approach – that
5. Our vision is that the UK in 2030 will what happens in the boardroom or
continue to be a leading responsible the classroom matters as much to our
and democratic cyber power, able to national cyber power as the actions
protect and promote our interests in of technical experts and government
and through cyberspace in support of officials, and working in partnership will
national goals: be essential to our success.
11
The five pillars of • Pillar 4: Advancing UK global
leadership and influence for a
our strategy more secure, prosperous and
7. The Integrated Review set out five open international order, working
‘priority actions’ for this strategy and with government and industry
we will use these as the pillars of our partners and sharing the expertise
strategic framework, guiding and that underpins UK cyber power
organising the specific actions we will • Pillar 5: Detecting, disrupting
take and the outcomes we intend to and deterring our adversaries
achieve by 2025: to enhance UK security in and
through cyberspace, making more
• Pillar 1: Strengthening the UK
integrated, creative and routine use
cyber ecosystem, investing in our
of the UK’s full spectrum of levers
people and skills and deepening the
partnership between government, 8. Part 1 of this document sets out
academia and industry the strategic context we are operating
• Pillar 2: Building a resilient and in, the goals of our strategy, and the
prosperous digital UK, reducing strategic approach we will adopt over
cyber risks so businesses can the coming decade. Part 2 sets out the
maximise the economic benefits of specific actions we will take to deliver
digital technology and citizens are our goals to 2025, organised under
more secure online and confident these five pillars.
that their data is protected
• Pillar 3: Taking the lead in the

technologies vital to cyber power,
building our industrial capability and
developing frameworks to secure
future technologies
13
Vision
The UK in 2030 will continue to be a
leading responsible and democratic
cyber power, able to protect and
promote our interests in and through
cyberspace in support of national goals.
Pillars and objectives

1. Strengthen the 2. Enhance and expand 3. Foster the growth of a
structures, partnerships the nation’s cyber skills sustainable, innovative
and networks at every level, including and internationally
necessary to support through a world class competitive cyber and
Pillar 1 a whole-of-society and diverse cyber information security
approach to cyber. profession that inspires sector, delivering quality
Strengthening and equips future talent. products and services,
which meet the needs
the UK cyber of government and the
ecosystem wider economy.
1. Improve the 2. Prevent and resist 3. Strengthen resilience

understanding of cyber attacks at national and
cyber risk to drive more effectively organisational
more effective action by improving level to prepare
Pillar 2 on cyber security and management of for, respond to
resilience. cyber risk within UK and recover from
Building a organisations, and cyber attacks.
providing greater
resilient and protection to citizens.
prosperous
digital UK
1. Improve our ability to 2. Foster and sustain 2a. Preserve a robust

anticipate, assess and sovereign and allied and resilient national
act on the science advantage in the Crypt-Key enterprise
and technology security of technologies which meets the needs
Pillar 3 developments most critical to cyberspace. of HMG customers,
vital to our cyber power. our partners and allies,
Taking the and has appropriately
mitigated our most
lead in the significant risks
3. Secure the next 4. Work with the
technologies generation of multistakeholder including the threat
vital to connected technologies community to shape from our most capable
the development of of of adversaries
cyber power and infrastructure,
mitigating the cyber global digital technical
security risks of standards in the priority
dependence on global areas that matter most
markets and ensuring for upholding our
UK users have access democratic values,
to trustworthy and ensuring our cyber
diverse supply. security, and advancing
UK strategic advantage
through science and
technology.

1. Strengthen the cyber 2. Shape global 3. Leverage and export
security and resilience governance to UK cyber capabilities
of international promote a free, and expertise to
partners and increase open, peaceful boost our strategic
Pillar 4 collective action to and secure advantage and
disrupt and deter cyberspace. promote our broader
Advancing UK adversaries. foreign policy and
prosperity interests.
global leadership
and influence
1. Detect, investigate 2. Deter and disrupt 3. Take action in and

and share information state, criminal and through cyberspace
on state, criminal and other malicious to support our
other malicious cyber cyber actors national security and
Pillar 5 actors and activities and activities the prevention and
in order to protect the against the UK, its detection of serious
Detecting, UK, its interests and interests, crime.
its citizens. and its citizens.
disrupting
and deterring
adversaries
Supporting national goals
Security and resilience Science and Tech Superpower
Economic prosperity Shaping the international order
15
Part 1:
Strategy

Strategic Context
Global Britain in a The cyber landscape
Competitive Age 10. The policy challenges presented by
9. The Integrated Review of Security, cyberspace are not solely technological
Defence, Development and Foreign in nature. The cyber domain is a human-
Policy, published in March 2021, made environment and is fundamentally
describes the government’s vision shaped by human behaviour. It amplifies
for the UK’s role in the world over the such behaviours for better or worse,
next decade and the action we will the impacts of which are usually also
take to 2025. It recognises that for the felt in the physical world. Cyberspace
UK to be better equipped for a more is owned and operated by private
competitive world we must embrace companies, governments, non-profit
innovation in science and technology organisations, individual citizens and
to boost our national prosperity and even criminals. This means that any
strategic advantage. The National strategic response to this context must
Cyber Strategy builds on this approach link geostrategy and national security,
and its publication is one of the criminal justice and civil regulation,
commitments under the Integrated economic and industrial policy and
Review strategic objective for ‘sustaining requires a deep understanding of the
strategic advantage through science different cultural or social contexts and
and technology’. value systems interacting online.
11. Cyberspace also transcends

national borders. Technology supply
chains and critical dependencies are
increasingly global, cyber criminals
and state-based actors operate from
around the world, powerful technology
companies export products and set
their standards, and the rules and
norms governing cyberspace and the
internet are decided in international fora.
Cyberspace is also continually evolving
as technology and the ways people use
it change, requiring us to adopt an agile
and responsive approach.
17
Layers of Cyberspace
What is cyberspace?
To many of us, cyberspace is the
virtual world we experience when
we go online to communicate, work
and conduct everyday tasks. In
technical terms, cyberspace is the
interdependent network of information • Email accounts
technology that includes the internet, • Gaming profiles
telecommunications networks, • Social Media account
computer systems and internet- • Bank account login
connected devices. For the military, Online • Contactless travel
and when considering our efforts to card ID
experience
counter threats in cyberspace, it is an • Fitness tracker profile
operational domain, along with land,
sea, air and space.
• Enterprise IT systems
How is cyberspace experienced?
• Databases, e.g.
Cyberspace is, by definition, a ‘shared’
HMRCs tax records
space and its scale and complexity
• Industrial control systems
means that every person’s experience of
it is unique. Citizens access cyberspace • Windows/OS
when they check their bank accounts • Apps, eg WhatsApp,
online or stream a film at home. Software, Facebook, TikTok
Businesses use cyberspace to connect systems • Programming
their staff with the resources they need, and data languages, Python,
whether this is access to information or C++
control over a manufacturing process.
Governments provide public services to
their citizens using online portals. Cyber • Routers, Hubs
professionals look ‘under the hood’ at • Servers
the technology, standards and protocols • WiFi, Ethernet
that make it all ‘just work’ for users. All • Radio Antennas
these groups use cyberspace in different • Smart fridges
ways and for different purposes, and we Physical • Contactless travel
are all making an ever-greater use of it. devices and card reader
communication • Phones, PCs and
other personal devices

Cyberspace can be described in terms of three layers:
Virtual
The part of cyberspace most people experience. It consists of
representations of people and organisations through a virtual identity
THE EXPERIENCE OF CYBERSPACE

in a shared virtual space. Virtual representations could be an email
address, user identification, a social media account or an alias.
One person or one organisation can have multiple identities online.
Conversely, multiple people or organisations could also create just a
single, shared identity.
Logical
The part of cyberspace made up of code or data, such as
operating systems, protocols, applications and other software.
The logical layer cannot function without the physical layer and
information flows through wired networks or the electromagnetic
spectrum. The logical layer, along with the physical layer allow
virtual identities to communicate and act.
Physical
The physical layer of cyberspace includes all the hardware on which
data is transmitted, from the routers, wires and hubs that you have in
your home, to large complex telecommunications systems operated
by big tech companies. As well as physical infrastructure it includes
the electromagnetic spectrum on which data is transmitted, such as
WiFi and radio.
19
Cyber power 13. Cyber power is distinct from more
traditional forms of power. It involves
12. At the heart of our strategy is the seamlessly blending hard capabilities
concept of cyber power, which we and softer levers of influence. It is
define as the ability of a state to protect more distributed and governments
and promote its interests in and through must work with partners in order to
cyberspace. We identify five broad attain and exercise it. And the pace of
dimensions of cyber power which align technological change means that it can
to the pillars of this strategy: be gained and lost more quickly, as
previously cutting edge capabilities are
• The people, knowledge, skills, rendered obsolete by new advances.
structures and partnerships that
are the foundation of our cyber 14. Our strategy reflects this, describing
power, underpinning all the other how we will work with partners
components and integrating them wherever we can as part of a whole-
into a national approach of-society effort. We will do more to
address problems upstream and fix
• The ability to protect our assets
root causes, anticipate future trends
through cyber security and resilience,
and put in place long-term responses,
in order to realise the full benefits
and be more active in shaping rather
that cyberspace offers to our
than responding to the contested
citizens and economy
geopolitical environment.
• The technical and industrial
capabilities to maintain a stake in the The UK as a cyber
evolution of key cyber technologies power today
and deploy new advances in the
interests of society 15. The UK is already a leading cyber
power.1 Over the past decade the
• The global influence, relationships
government has led a sustained national
and ethical standards to shape rules
effort to strengthen the UK’s cyber
and norms in cyberspace in line with
security, raise public awareness of cyber
our values and interests and promote
risks, grow the cyber security sector,
international security and stability
and develop a wide range of capabilities
• The ability to take action in and through cyberspace to respond to
through cyberspace to support threats from hostile actors. While we
national security, economic wellbeing have made great progress and put
and crime prevention. This includes ourselves in a strong position we still
cyber operations to deliver real world face significant challenges across the
effect, and to help achieve strategic five pillars of this strategy.
advantage, and law enforcement
operations and the application of
cyber sanctions to bring malicious
cyber actors criminals to justice and
disrupt their activities
1
Ranked second in the International Telecommunication Union’s Global Cyber Security Index, third in
the Harvard Belfer Center’s Cyber Power Index and in the second tier of the International Institute of
Strategic Studies’ Cyber Power capability assessment.

The UK’s cyber ecosystem and simultaneously at 18 venues across the
technology leadership UK. Our CyberFirst bursary programme
has attracted highly motivated, talented
16. The UK’s approach to building its undergraduates. Last year there were
cyber power has included concerted 750 students in the scheme and all
efforts to develop the country’s cyber 56 graduates were in full-time cyber
skills base and commercial capabilities, security roles.
with the UK government and the
devolved governments of Northern 18. Despite these interventions the
Ireland, Scotland and Wales working wider skills pipeline still remains a
in partnership and learning from significant challenge: of the 1.32 million
each other. The UK cyber security businesses in the wider economy,
sector is growing fast, with over 1400 around 50% still report a basic technical
businesses generating revenues of cyber security skills gap.2 And although
£8.9 billion last year, supporting 46,700 the UK cyber security sector has grown
skilled jobs, and attracting significant rapidly, most companies are startups
overseas investment. This sector is and building large scale domestic
vital to our cyber power, supporting vendors remains challenging in the face
our security, and international influence of international consolidation. As the
and economic growth. We have experience with 5G has shown, the UK
consolidated the UK’s reputation as a and our allies do not have a leading
global leader in cyber security research, position in some key areas of the wider
with 19 academic centres of excellence technology industry. Countries that are
and 4 research institutes tackling our able to establish a leading role in the
most pressing cyber security challenges. technologies critical to cyber power will
be better positioned to influence the
17. The cyber security sector workforce way they are designed and deployed,
has grown by around 50% in the last more able to protect their security and
four years, with demand for skills often economic advantage, and quicker to
outstripping supply. We have engaged exploit opportunities for breakthroughs
extensively with industry, professional in cyber capabilities.
organisations, students, employers,
existing cyber security professionals The UK’s cyber resilience
and academia to better understand
the nature of the cyber security skills 19. Over the last decade we have
challenge. We have made a wide range delivered a wide range of interventions
of extracurricular initiatives available to aimed at strengthening the UK’s cyber
inspire young people to pursue a career resilience. This has been possible
in cyber security. From 2019 to 2020, thanks to the significant and sustained
we involved close to 57,000 young investment in some of our core cyber
people in our CyberFirst and Cyber capabilities, including the National
Discovery learning programmes. We Cyber Security Centre (NCSC), law
extended our courses to reach younger enforcement and our security and policy
students and the CyberFirst Girls’ professionals across government, as
competition online attracted 11,900 well as our expanding domestic and
girls, with the top teams competing international partnerships.
2
DCMS, Cyber security skills in the UK labour market 2021 (2021)
21
20. Our most innovative and made across the health sector,
groundbreaking efforts have been to including the implementation of the
take action at scale, including through NIS regulations.
the development and increasing roll-
out of the Active Cyber Defence (ACD) 22. We have provided comprehensive
programme. Last year it took down cyber security advice and guidance to
2.3 million malicious campaigns – organisations in the wider economy,
including 442 phishing campaigns using and tailored support to critical sectors
NHS branding and 80 illegitimate NHS during the coronavirus (COVID-19). For
apps hosted and available to download the public, our Cyber Aware campaign
outside of official app stores.3 We also has provided advice on the steps they
took the lead globally in pushing for can take to protect themselves online.
connectable consumer products to be When cyber attacks have got through
‘secure by design’, developing a UK we have used our world-leading incident
code of practice in 2018 that inspired response capabilities to provide direct
others to follow and informed the first support in the most serious cases and
globally-applicable industry standard on our investment in local law enforcement
internet-connected consumer devices.4 5 specialists means that every reported
incident now receives a response.
21. New regulation has had a positive
impact on cyber security, with 82% of 23. We have established specialist law
organisations saying the improvements enforcement cyber units the UK, and
they had made were influenced by the alongside this the cyber PROTECT
introduction of the UK General Data network, Economic Crime Victims Care
Protection Regulation in 2018.6 And Unit and regional Cyber Resilience
77% of businesses now see cyber Centres. These initiatives mean that
security as a high priority, an increase for citizens and small-to-medium-sized
of 12% since 2016.7 The introduction organisations there is someone nearby
of the Network & Information Systems or easily contactable who has the right
Regulations (‘NIS regulations’) in 2018 skills and local knowledge to provide
also led to designated organisations support and guidance to improve your
taking measures to better ensure cyber resilience.
the security of their networks and
24. However, we have growing
information systems, leading to a
evidence of gaps in our national
reduction in the cyber risks posed
resilience, with levels of cyber crime
to essential services and important
and breaches affecting government,
digital services.8 A good example of
businesses and individuals continuing
collaboration across the four nations
to rise as well as cyber-enabled crime,
of the UK has been the improvements
3
NCSC, NCSC Annual Review 2021 (2021)
4
DCMS, Code of Practice for Consumer IoT Security (2018)
5
DCMS, ETSI industry standard based on the Code of Practice (2019)
6
DCMS/RSM, The impact of GDPR on cyber security outcomes (2020); The General Data Protection
Regulation (GDPR) that was introduced into UK law in 2018 has now been replaced by the UK GDPR)
7
DCMS, Cyber Security Breaches Survey 2021 (2021)
8
DCMS, Post-Implementation Review of the Network and Information Systems Regulations 2018
(2020)

like fraud.9 10 Legacy IT systems, supply cultivated through a long history of
chain vulnerabilities and a shortage of collaborative operational response. The
cyber security professionals are growing UK has also grown its overseas network
areas of concern. Almost four in ten of cyber and tech security officers
businesses (39%) and a quarter of across five continents and undertaken
charities (26%) report suffering cyber capacity building work across 100
security breaches or attacks in the last countries, building resilience, enhancing
year, and many organisations (especially UK influence and promoting UK values.
small and medium enterprises) lack
the ability to protect themselves and 27. The Cyber Security Ambassador
respond to incidents.11 Industry tells programme has developed long-term
us that many businesses do not relationships and helped UK businesses
understand the cyber risks they face, secure major international contracts. UK
that commercial incentives to invest in international development interventions
cyber security are not clear, and that such as the Digital Access Programme
there is often little motivation to report have successfully collaborated with
breaches and attacks. partner countries in Africa, Asia and
Latin America by providing technical
The UK’s international advice to enhance the cybersecurity
leadership and influence capacity of their government, business
sectors and users – including through
25. Internationally, UK cyber expertise increasing cyber-hygiene skills in
is regarded highly by our partners underserved communities to enable the
and the UK has been instrumental in most vulnerable to protect themselves
increasing international capability and from the risks and challenges
resolve to confront malicious cyber of being online
activity. This has been reinforced by
responsible use of our offensive cyber 28. However, we face competing
capabilities, consistent with both UK approaches internationally as systemic
and international law and our publicly competitors like China and Russia
stated positions, in contrast with the continue to advocate for greater national
indiscriminate activities of some of sovereignty over cyberspace as the
our adversaries. answer to security challenges. Internet
freedom is decreasing globally and
26. During our period as Chair-in- the vision of the internet as a shared
Office of the Commonwealth, the UK space that supports the exchange of
conceived and led the implementation of knowledge and goods between open
the Commonwealth Cyber Declaration, societies risks coming under threat.
a shared commitment to our security,
prosperity and values in cyberspace.
The National Crime Agency’s (NCA)
international network has strengthened
our cyber law enforcement partnerships
overseas, building on relationships
9
Defined as Computer Misuse Act offences
10
ONS, Crime in England and Wales: year ending June 2021 (2021)
11
DCMS, Cyber Security Breaches Survey 2021 (2021)
23
Countering cyber threats 30. Government has taken steps
to the UK and deterring our to counter these growing threats.
Significant investment in our intelligence
adversaries
capabilities has increased our
29. The threats we face in and through understanding of the threat and enabled
cyberspace have grown in intensity, us to conduct more effective covert
complexity and severity in recent years. counter campaigns. We have developed
Cyber attacks against the UK are an integrated law enforcement response
conducted by an expanding range of to cyber crime, led by the National
state actors, criminal groups (sometimes Crime Agency (NCA) and dedicated
acting at the direction of states or with cyber teams within regional organised
their implicit approval) and activists for crime units and local police forces
the purpose of espionage, commercial across England, Wales, Northern Ireland
gain, sabotage and disinformation. Such and Scotland. This has enhanced our
attacks cause significant financial loss, operational and investigative edge over
intellectual property theft, psychological cyber criminals and other adversaries.
distress, disruption to services and The government is also strengthening
assets and risks to our critical national the security of the increasing number of
infrastructure, democratic institutions digital identity solutions, by developing
and media. They can also damage the UK digital identity and attributes trust
investor and consumer confidence and framework.13 This will also help to tackle
amplify existing inequalities and harms. crimes that involve misuse of identity
During the COVID-19 pandemic the data. And the NCA’s Cyber Choices
shadow pandemic of gender-based programme is helping people to make
violence was compounded by online more informed choices, diverting them
attacks. Ransomware attacks continue from criminality to use their cyber skills in
to become more sophisticated and a positive and legal way.
damaging. While the overall level of
31. We have invested significantly in
cyber threat from hostile actors during
our offensive cyber capabilities, first
the COVID-19 pandemic has remained
through the National Offensive Cyber
constant, they have exploited it as an
Programme, and more recently through
opportunity and shifted their cyber
the establishment of the National Cyber
operations to steal vaccine and medical
Force (NCF). The NCF draws together
research, and to undermine other
personnel from the Government
nations already hampered by the crisis.
Communications Headquarters (GCHQ),
The growing dependence on digital
the Ministry of Defence (MOD), the
technologies for remote working and
Secret Intelligence Service (SIS, also
online transactions has also increased
known as MI6) and the Defence Science
exposure to risks. Alongside this, digital
and Technology Laboratory, under one
divides have also created uneven
unified command for the first time. It is
access to online services and exposed
operating in and through cyberspace
people to online abuse and harms due
to keep the country safe and to protect
to limited digital literacy and awareness
and promote the UK’s interests at
of the cyber security measures we can
home and abroad.
all take to stay secure online.12
12
NCSC, CyberAware
13
DCMS, UK digital identity and attributes trust framework (2021)

32. In coordination with our allies,
we have also sought to raise the cost
of state-sponsored hostile activity in
cyberspace by attributing attacks – as
we did with the recent SolarWinds and
Microsoft Exchange breaches – and
imposing consequences on those
responsible. The development of the
autonomous UK cyber sanctions regime
has added another disruptive tool that
we have used to respond to incidents
such as the WannaCry and NotPetya
attacks. However, despite all this, our
approach to cyber deterrence does not
yet seem to have fundamentally altered
the risk calculus for attackers. Some
recent examples of significant cyber
attacks are described below.
25
Recent case studies of
cyber attacks
During 2021, the UK continued its Cyber criminals using
work with global partners to detect
and disrupt shared threats, the most ransomware to attack
consistent of these emanating from public services
Russia and China. In addition to the
direct cyber security threats posed by Ransomware became the most
the Russian state, it became clear that significant cyber threat facing the
many of the organised crime gangs UK in 2021. Due to the likely impact
launching ransomware attacks against of a successful attack on essential
Western targets were based in Russia. services or critical national infrastructure
China remained a highly sophisticated the NCSC assessed ransomware
actor in cyberspace with increasing as potentially as harmful as state-
ambition to project its influence beyond sponsored espionage.14
its borders and a proven interest in
In October 2020, Hackney Council
the UK’s commercial secrets. How
suffered a ransomware cyber attack
China evolves in the next decade will
which caused many months of
probably be the single biggest driver
disruption and cost millions of pounds
of the UK’s future cyber security. While
to rectify. At a critical time when it was
less sophisticated than Russia and
dealing with the impact of the COVID-19
China, Iran and North Korea continued
pandemic, the council was locked out
to use digital intrusions to achieve
of important data and many services
their objectives, including through
were disrupted, including council tax
theft and sabotage.
and benefit payments. Other local
authorities have suffered similar attacks,
as have a variety of organisations in the
education sector.
14
NCSC, Mitigating malware and ransomware attacks (2021)

In May 2021, a ransomware attack States exploiting strategic
against the Irish Health Service
Executive (HSE) disrupted Irish
vulnerabilities and
healthcare IT networks and hospitals supply chains
for over 10 days, causing real-world
consequences to patients and their The compromise of the software
families. Some stolen patient data company SolarWinds and the
was also published online. The HSE, exploitation of Microsoft Exchange
which provides health and social care Servers highlighted the threat
services in Ireland, shut down national from supply chain attacks. These
and regional networks the same day to sophisticated attacks, which saw
contain the incident. Malicious cyber actors target less-secure elements -
activity was also detected on the Irish such as managed service providers or
Department of Health (DoH) network commercial software platforms - in the
however due to the deployment of tools supply chain of economic, government
during the investigation process an and national security institutions were
attempt to execute ransomware was two of the most serious cyber intrusions
detected and stopped. The attack also ever observed by the NCSC.
had an impact on Northern Ireland,
In early December 2020, a US
affecting the ability to access data
cyber security firm, FireEye, found
held by HSE for some cross-border
that an attacker had been able to
patient services.
add a malicious modification to a
Importantly, no ransom payment was product that they and many other
made in either case. Law enforcement organisations around the world utilise.
do not encourage, endorse, nor This modification allowed the attacker
condone the payment of ransom to send administrator-level commands
demands. If you do pay the ransom: to any affected installation of that
product and could be used for further
• there is no guarantee that targeted attacks on connected systems.
you will get access to your The initial supply chain attack was
data or computer conducted through a piece of software
called Orion, an IT network monitoring
• your computer will still be infected tool developed by a company called
• you will be paying criminal groups SolarWinds. The actor was able to
implant malicious code into an update
• you’re more likely to be file for the software, as far back as
targeted in the future March 2020. In April 2021 the NCSC,
together with its security counterparts
The NCSC publish guidance on how to in the US, revealed for the first time that
defend organisations against malware or Russia’s Foreign Intelligence Service
ransomware attacks, including how to (the SVR) was behind this attack – one
prepare for an incident and steps to take of the most serious cyber intrusions of
if your organisation is already infected. recent times.15 SolarWinds confirmed
18,000 organisations across the world
15
FCDO, Russia: UK and US expose global campaign of malign activity by Russian intelligence
services (2021)
27
including US Government departments over a quarter of a million servers
were affected. This incident was part worldwide.16 The attack was highly
of a wider pattern of cyber intrusions likely to enable large-scale espionage,
by the SVR who have previously including acquiring personally identifiable
attempted to gain access to the IT information and intellectual property.
networks of NATO members and Compromising Microsoft Exchange
governments across Europe. gave the perpetrator a foothold to
pivot further into the IT networks of
On 2 March 2021, Microsoft made victims. At the time of the attack, the
public that sophisticated actors had government quickly provided advice and
attacked a number of Microsoft recommended actions to those affected
Exchange servers, which are used by and Microsoft said that by end of March
organisations worldwide to manage their that 92% of customers had patched
email, scheduling and collaboration. against the vulnerability.
Microsoft assessed that the initial
intrusions commenced as early as
January 2021 and were Chinese state-
sponsored. In response to this they
released multiple security updates for
affected servers. In July 2021, the UK
joined like-minded partners to confirm
that Chinese state-backed actors were
responsible for the attacks that affected
16
FCDO, UK and allies hold Chinese state responsible for a pervasive pattern of hacking (2021)

Drivers of change 35. This increasingly complex
landscape will make it even harder
33. The coming decade will see the for states, businesses and society to
continued rapid expansion of data understand the risks they face and how
and digital connectivity to almost they can and should protect themselves.
every aspect of our lives. Huge Increased dependency on third party
global growth in Internet access and suppliers of managed services, which
usage, underpinned by data and often have privileged access to the
the infrastructure upon which data IT systems of thousands of clients,
use relies, is creating new markets is creating new risks that need to be
and increasing convenience, choice addressed. Devices and networks will
and efficiency. But it also makes increasingly be connected to the internet
countries much more dependent on as standard, extending cyberspace to
interconnected digital systems, providing our homes, vehicles, built environment
more opportunities for malicious activity and industrial infrastructure. Sensors,
and significant ‘real-world’ impact. As wearables, medical devices and
critical and non-critical technologies biometrics will further blur the boundary
continue to converge across sectors between offline and online activity. Cyber
these risks are spreading to new areas risks will become pervasive, increasing
of our economy, and the movement the volume of personal and sensitive
of data and services into the cloud – data generated and the potential impact
and often out of the UK – is further if systems are breached.
increasing our exposure.
36. Against this backdrop, the threats
34. We are increasingly seeing the in cyberspace will continue to evolve
interaction of established businesses and diversify as high-end cyber
in regulated sectors, such as telecoms capabilities become commoditised and
and energy, with new and largely proliferate to a wider range of states
unregulated businesses, such as those and criminal groups. The number of
providing microgeneration, electric actors with the ability and intent to
vehicle charging or ‘connected places’ target the UK in cyberspace will increase
capabilities. Critical infrastructures will and states will employ a wider range
become much more distributed and of levers to conduct disruptive activity,
diffuse and this fundamentally changes including the use of proxy actors. The
how regulation will impact the security of accelerated transition to hybrid working
the critical functions and services we rely and restrictions on international travel
on. This diversification will also affect our resulting from the pandemic have led to
wider national security, making it more greater reliance on digital services and
difficult to gain access to information incentivised organised crime groups
whether for law enforcement or cyber towards cyber crimes. We are already
security. This change in environment will beginning to see signs of this trend with
also affect products and services more the latest crime survey estimating that
widely outside of our traditional critical cyber crimes have increased significantly
national infrastructure. between 2019 and 2021.17
17
ONS, Crime in England and Wales: year ending June 2021 (2021)
29
This challenge will not be unique to the 39. This will be exacerbated by
UK, creating mutual vulnerability for all competition for control of a rapidly
those who rely on cyberspace. evolving technological landscape.
As digital technology is integrated
37. Cyberspace will become more into our everyday lives, businesses
contested as state and non-state and infrastructure, some technologies
actors seek strategic advantage in and are becoming genuinely critical to
through cyberspace. Cyber operations the functioning of society. Power will
will become increasingly important to increasingly be held by countries that
power projection below the threshold have a strategic advantage in science
of armed conflict and in pre-conflict and technology and access to the
situations. Future conflicts will also data that drives innovation, enabling
see an increase in the use of cyber them to exert influence over others
capabilities. For the UK to act effectively and to shape global standards in ways
we will require higher levels of cyber that best fit their own economic and
resilience in our defence capabilities. political interests.
Cyber operations will need to be
integrated with other force elements 40. Emerging technologies such as
to defeat threats and enable wider digital twins, quantum computing, and
defence activity. Space will increasingly large-scale autonomous systems – and
become a domain of activity, as set the information they generate – will
out in the National Space Strategy, create new opportunities and risks
opening up new areas of risk but also and open up new cyber capabilities
creating opportunities for the UK to for attackers and defenders, just as
exploit its cyber capabilities to achieve cryptocurrencies are being exploited
advantage in new ways.18 by ransomware gangs. Leadership
in technology is becoming more
38. Debates over the rules governing distributed, and the UK will not be able
cyberspace will increasingly become to develop sovereign capability in all
a site of systemic competition the technologies that matter. States
between great powers, with a clash and companies make use of technical
of values between countries that want standards to promote their own
to preserve a system based on open interests and we risk key technologies
societies and systemic competitors like being shaped by those who do not
China and Russia who are promoting share our values.
greater state control as the only way
to secure cyberspace. This will put 41. For over a decade the UK has
pressure on the free and open internet, pursued an ambitious national cyber
as nation states, big technology firms security strategy and sustained
and other actors promote competing a significant level of investment,
approaches to technical standards and establishing the country as a global
internet governance. leader in cyber. As evident from the
analysis above, significant challenges
and opportunities remain. The following
sections outline our national response.
18
HMG, National Space Strategy (2021)

31
Our National Response
42. In this strategic environment, the 43. Our judgment is that, as cyberspace
UK has a choice to make. We could aim becomes ever more fundamental to
simply to keep pace with the threats and our interests and those of our allies and
challenges we face in an increasingly adversaries, it is a strategic imperative
complex cyberspace, consolidating to foster our competitive advantage
the progress of the last five years and in navigating this landscape. This will
addressing the most urgent issues enable us not only to assure our security
where we can. There are two risks to today but also to shape and benefit from
this approach. The first is that we do the world of tomorrow.
not fully realise the potential of the UK’s
strength in cyber to support national Our vision, goals and
priorities, and miss out on opportunities.
The second, more severe risk is that we
principles
reach a technological tipping point, and 44. Our vision is that the UK in 2030 will
find that the foundations of our future continue to be a leading responsible
economy and society are being shaped and democratic cyber power, able to
by our competitors and adversaries, protect and promote our interests in
and that we will have to work harder to and through cyberspace in support of
assure our own security. national goals.

45. To realise this vision we will pursue 46. These goals are intended to be
five strategic goals. Each aims to mutually reinforcing. For example,
bolster our national strength in one of achieving higher levels of cyber security
the five dimensions of cyber power, and resilience domestically will be a
and collectively they aim to enhance necessary foundation for a more active
our ability to uphold a cyberspace that stance internationally. In turn, our global
reflects our values and interests. These supply chains and the threats we face
five goals – or pillars – form a strategic from overseas mean we will not be
framework to guide our activity, and Part able to assure our own security without
2 sets out the actions we will take to more actively shaping the behaviour of
2025 under each one. international actors. And our ability to
influence global debates on cyberspace,
• Pillar 1: Strengthening the UK the internet and technology will rely
cyber ecosystem, investing in our on maintaining our technical edge and
people and skills and deepening the building an innovation ecosystem that
partnership between government, generates genuine advantage in the
academia and industry technologies that matter most.
• Pillar 2: Building a resilient and 47. Central to our vision is the
prosperous digital UK, reducing promotion of a free, open, peaceful
cyber risks so businesses can and secure cyberspace. Our strategic
maximise the economic benefits of focus on cyber power is not about
digital technology and citizens are stoking conflict or setting the UK
secure online and confident that their up to win a zero-sum game. As the
data is protected Integrated Review identifies, a world in
• Pillar 3: Taking the lead in the which open societies and economies
technologies vital to cyber power, can flourish is the best guarantor of
building our industrial capability and our future prosperity, sovereignty and
developing frameworks to secure security. The UK will work with like-
future technologies minded nations to promote our shared
values of openness and democracy,
• Pillar 4: Advancing UK global pursuing a responsible, democratic
leadership and influence for a approach to cyber power. This
more secure, prosperous and means that in working towards these
open international order, working five strategic goals we will apply the
with government and industry following principles:
partners and sharing the expertise
that underpins UK cyber power • We will prioritise the ability of
citizens and businesses to operate
• Pillar 5: Detecting, disrupting
in cyberspace safely and securely
and deterring our adversaries
so they can maximise the economic
to enhance UK security in and
and societal benefits of digital
through cyberspace, making more
technology and exercise their legal
integrated, creative and routine use
and democratic rights
of the UK’s full spectrum of levers
33
• We will work to uphold an open and 49. A commitment to keeping the
interoperable internet as the best UK at the cutting edge on cyber.
model to support global prosperity The government will be investing
and wellbeing, resisting the pressure £2.6 billion in cyber and legacy IT
of authoritarian states towards over the next three years. This is in
fragmentation and their idea of addition to significant investment in
internet sovereignty the National Cyber Force announced
in Spending Review 2020 (SR20). It
• We will make lawful, proportionate includes a £114 million increase in the
and responsible use of our cyber National Cyber Security Programme;
capabilities, supported by clear and is alongside increases in investment
oversight and engagement with also announced in research and
the public and our allies, and development (R&D), intelligence,
we will hold others to account defence, innovation, infrastructure and
for reckless or indiscriminate skills, all of which will contribute in part
behaviour in cyberspace to UK cyber power. Investment in cyber
• We will take action against the announced in SR20 and Spending
criminal use of cyberspace by Review 2021 (SR21) far exceeds the
all means available, calling out £1.9 billion over five years committed to
those who use criminal proxies or the previous strategy.19
harbour criminal groups in their 50. A more comprehensive National
territories and working to prevent Cyber Strategy. Cyber security
the proliferation of high-end cyber remains at the heart of this strategy,
capabilities to criminals but it now draws together the full range
• We will champion an inclusive, multi- of the UK’s capabilities inside and
stakeholder approach to debates outside government. It gives greater
about the future of cyberspace weight to the critical technologies and
and digital technology, upholding infrastructure that underpin cyberspace,
human rights in cyberspace and supports UK cyber companies both
countering moves towards digital to grow domestically and compete
authoritarianism and state control internationally, steps up international
action to shape and influence the future
Key shifts in our approach of cyberspace, and integrates offensive
cyber as a lever of power. It calls for
48. In many areas our strategy will a truly joined up, national strategic
build on our current approach, seeking approach. The strategy distributes
to enhance, expand or adapt our responsibilities for leadership and
efforts where necessary. The main coordination across Secretaries of State,
distinctions from the National Cyber and much more closely involves the
Security Strategy 2016-2021 are set out devolved administrations. This builds on
below and reflect our broader ambition our success at coordinating effort across
to cement the UK’s position as a government, which is a key UK strength.
leading cyber power.
19
HM Treasury, Autumn Budget and Spending Review 2021 (2021)

51. A whole-of-society effort. Our for operational technology security, as
aim is for a national strategic approach a new centre of excellence focused
that is shaped by and helps guide on building the highest level of cyber
decision-making in organisations resilience in partnership with industry
across the country; and provides the and academia. And it announces the
basis for stronger collaboration with expansion of the National Cyber Security
our partners in the UK and around the Centre’s (NCSC) research capabilities,
world. There is more work to do to including the new applied research
make this a reality. Short term actions hub in Manchester, with a focus on
will include: (i) establishing a new emerging technology in areas such as
National Cyber Advisory Board, inviting connected places and transport. The
senior leaders from the private and strategy also builds on our successful
third sectors to challenge, support and work to promote approaches that build
inform our approach; (ii) reorienting our security into new technologies, making
cyber sector innovation programmes them “secure by design”. This will mean
away from large, often London-based investing and making more use of
initiatives to a regionally delivered regulatory and legislative levers where
model, built in partnership with local necessary to promote more diverse,
industry, innovators, law enforcement secure and resilient technology supply
and academia; and (iii) taking steps chains, as we have done in telecoms.
to increase the diversity of the cyber
workforce – recognising that being able 53. Significantly strengthening our
to harness and nurture the skills and core effort to promote cyber security,
talents of the whole population is critical with government leading the way.
for our national security. The strategy We will invest more than ever before
itself has been informed by engagement in a rapid and radical overhaul of
with the devolved governments of government cyber security, setting
Northern Ireland, Scotland and Wales, clear standards for departments and
industry, law enforcement, regulators, addressing legacy IT infrastructure.
academia, civil society and international Government’s critical functions will be
partners. Our intention is to keep these significantly hardened to cyber attack
dialogues open over the period of its by 2025 and we will ensure that all
implementation. government organisations – across
the whole public sector – are resilient
52. A more proactive approach to known vulnerabilities and attack
to fostering and protecting our methods by 2030. We will do more
competitive advantage in the to protect and engage citizens while
technologies critical to cyberspace. removing as much of the burden from
The Integrated Review and subsequent them as possible. We will harden the
strategies have already begun to digital environment, protecting citizens
take this approach forward in areas from cyber crime and fraud and placing
such as artificial intelligence, quantum more responsibility on manufacturers,
technologies and data. This strategy retailers, service providers and the public
makes further commitments around sector to raise cyber security standards.
secure microprocessor design, the We will drive up the level of private
security of operational technologies sector engagement and investment in
and cryptography. It announces the cyber resilience by aligning regulations
establishment of a national laboratory and incentives across the economy
35
and providing more support. We will partner countries, helping build their
also focus more on supply chain risks, resilience and enhancing their abilities to
testing a range of interventions to help counter cyber threats. And we will better
organisations manage the cyber security leverage the full range of our domestic
risks posed by their suppliers, and strengths, including operational and
ensure that best practice filters down strategic communications expertise,
through the supply chain. thought leadership, trading relationships
and industrial partnerships to support
54. More integrated and sustained our international goals.
campaigns to disrupt and deter our
adversaries and protect and promote Roles and responsibilities
the UK’s interests in cyberspace.
These campaigns will draw on a across the UK
fuller range of diplomatic, policy and
56. Central to our strategy will be a
operational levers across government.
whole-of-society approach to cyber. We
They will be significantly underpinned by
need to build an enduring and balanced
the establishment and expansion of the
partnership across the public, private
National Cyber Force (NCF), which will
and third sectors, with each playing an
be based in Samlesbury in Lancashire.
important role in our national effort.
We will make more routine use of the
NCF’s capabilities to disrupt threats Citizens
from both state and non-state actors
and to support the UK’s wider national 57. This strategy aims to remove as
security interests. Our campaigns will much of the burden of cyber security
also benefit from major new investment from citizens as possible but we will all
in high-end capabilities for law continue to have an important role to
enforcement at national, regional and play. Whilst the government will do as
local levels. This will help us to tackle the much as possible to stop cyber attacks
substantial threat from ransomware and before they cause harm to people,
increasingly innovative cyber criminals. some threat actors will find a way to
We will also continue to make use of circumvent these protections. We can
the UK’s autonomous cyber sanctions all take action to improve the security of
regime and attributions process to the assets we value in both the physical
impose costs on our adversaries and and virtual worlds.20 That means fulfilling
call out malign and reckless and attacks. our personal responsibility to take all
reasonable steps to safeguard not
55. Putting cyber power at the heart only our hardware – our smartphones
of the UK’s foreign policy agenda and other devices – but also the data,
and recognising that every part of software and systems that afford us
the strategy requires international freedom, flexibility and convenience
engagement. We will reinforce our core in our private and professional lives.
alliances and engage a broader range To support this, the government
of countries to counter the spread of provides technically accurate, timely
digital authoritarianism. Over the next and actionable advice. Civil society
few years, we will increase investment organisations and community groups
in international programmes to support also play a major role supporting people
20
Cyber Aware is the government’s advice on how to stay secure online

to understand and protect themselves The cyber security sector and
from cyber risks. Many charities, for major technology companies
example, provide targeted support,
advice and awareness-raising to 59. The UK’s growing cyber security
vulnerable groups. sector has a critical role in responding
to the emerging cyber threats and
Businesses and organisations challenges that face our country. The
rapid proliferation of connectable
58. Businesses and organisations products and the accelerated digital
have a responsibility to ensure they transformation of businesses and
are effectively managing their cyber organisations are providing opportunities
risks, to become cyber resilient and to for the sector to grow and innovate,
support their customers and the people providing new services and products.
who use their services. Businesses This strategy describes how the
and organisations are increasingly government will continue to support
dependent on digital technologies and the growth of the UK cyber security
online services to operate, innovate sector and benefit from their capabilities
and grow. This improves services but and expertise by maintaining and
also creates new risks and challenges, strengthening our partnerships. We
such as the ever increasing volume of also want to strengthen the broader
personal data and digital assets which partnerships between academia,
they are responsible for. This brings the wider technical community and
a responsibility to protect those data the private sector, to ensure that we
and assets, while maintaining services. capitalise fully on the UK’s technical
Failure to do so can have significant expertise and know-how.
reputational and economic implications
for organisations and cause harm to 60. The major technology companies
their customers. Operators of essential that provide digital services have a
services and providers of key digital crucial role to play in ensuring a secure
services (such as cloud services) have environment for UK businesses and
particular responsibilities to address organisations to operate in. This is
the cyber risks they face and meet the particularly true for the managed service
obligations set out in the Network & providers and platform businesses that
Information Systems Regulations (‘NIS integrate a number of activities. They
regulations’). Advice and guidance from need to ensure the services they offer
the NCSC helps to provide support are ‘secure by default’ and are not overly
to all businesses and organisations to dependent on their customers taking
help them protect their information, protective actions. Major technology
assets and systems. The Information companies also have a particular
Commissioner’s Office (ICO) also responsibility to prioritise their own cyber
provides advice for organisations on resilience. The increasing dependency
their cyber security obligations under the of businesses, government and wider
UK General Data Protection Regulation. society on cloud and online services is
creating new and unique vulnerabilities
and interdependencies.
37
Government 62. Most areas of cyber policy and
the majority of measures outlined in
61. The UK government is uniquely this strategy relate to reserved matters
positioned to bring together the such as national security, foreign affairs
intelligence necessary to understand the and defence, telecommunications,
most sophisticated threats, make and product standards and safety,
enforce the law, set national standards, and consumer protection. But the
and counter threats from hostile actors development and implementation of
including conducting offensive cyber this strategy still depends on input,
operations. Through this strategy action and investment by the devolved
we will invest in strengthening our governments of Northern Ireland,
national cyber capabilities. Government Scotland and Wales. This is especially
departments and public sector bodies true where this relates to devolved
are also responsible for protecting policy areas which sit primarily within
their own networks and systems. As the ‘ecosystem’ and ‘resilience’ pillars of
the holder of significant data and a this strategy, such as education, policing
provider of services, the government and the cyber resilience of certain
takes stringent measures to provide critical sectors including their own public
safeguards for its information assets. sectors. Coordination and cooperation
Lastly, the government also has an across the four nations of the UK is
important responsibility to advise essential to ensure the greatest impact
and inform citizens, businesses and across the whole country. This requires
organisations what they need to do regular and early engagement by the
to protect themselves online. Where Cabinet Office and other UK government
necessary this includes setting the departments with their Welsh, Scottish
standards we expect key companies and Northern Irish counterparts to share
and organisations to meet in order to information on priorities and plans. This
protect all of us. also helps to avoid duplication and get
the best value from public funding. The
devolved governments will continue
to develop their own cyber strategies
and plans, aligning them with this UK
government strategy.

39
The National Cyber
Security Centre
“Helping to make the UK The enduring capabilities and attributes
the safest place to live and that underpin the NCSC’s work are:
work online” • World-class technical expertise in
the cyber security disciplines and
The National Cyber Security Centre
specialisms the UK needs;
(NCSC) was formally launched in
2017, as part of GCHQ, to be the UK’s • Unparalleled insight into current and
national authority on the cyber security potential cyber threats – intent and
environment: sharing knowledge, capability – to UK interests;
addressing systemic vulnerabilities
and providing leadership on key • Access to the full range of UK
national cyber security issues.21 The national security capabilities and
NCSC’s establishment simplified the authorities for cyber security goals;
government’s operational structures, • Direct reach into cyber security
transformed the UK’s ability to respond communities in conjunction with
to national-level cyber incidents, and partners in academia, industry, and
initiated the roll-out of innovative internationally;
digital services that have helped to
make organisations and individuals • Cryptographic capabilities and
automatically safer online. services, crucial to the safety and
security of UK interests globally.
We are making sure that the NCSC is
fit for the challenges of the next decade The NCSC’s principal responsibilities
by clarifying the enduring capabilities under the new strategy will be to:
and attributes that underpin its work,
funding them on a sustainable basis, • Take direct action to reduce cyber
and focussing their use where operating harms to the UK by providing
experience to date tells us they will protection at scale through digital
have the maximum possible impact at a services (e.g. Active Cyber Defence),
national scale. driving changes in technology,
managing the response to nationally-
significant cyber incidents, and
– with the National Cyber Force
(NCF) – directly countering the cyber
operations of our adversaries.
21
HMG, National Cyber Security Strategy 2016 to 2021 (2016): paragraph 1.9

• Support all parts of UK society to • Providing UK sovereign
protect themselves by providing capabilities through the NCSC’s
tailored expertise and unique National Crypt-Key Centre, which
knowledge that citizens, businesses protects the critical information and
and organisations across the UK services on which the UK military
can use to protect themselves and and national security community rely,
help make the UK a safer place for including from attack by our most
everyone online. capable adversaries.
• Providing technical input to • Supporting growth in cyber skills
HMG policy and regulation on and investment by providing the
the issues of most importance technical underpinning for every level
for cyber security by providing of cyber education and engaging
policy leads across Whitehall with and supporting industry, catalysing
authoritative technical input and investment into the cyber sector.
threat assessment derived from the
NCSC’s core capabilities, supporting The NCSC will also contribute to
development and implementation of the evaluation of progress against
policies and regulations to keep the the objectives of this national cyber
citizens, organisations and interests strategy through NCSC Assessments,
digitally secure. the UK’s editorially-independent cyber
assessments function.
41
The National Cyber Force
Established in 2020, the National NCF operations can be used to
Cyber Force (NCF) is responsible for influence individuals and groups, disrupt
operating in and through cyberspace to online and communications systems
counter, disrupt, degrade and contest and degrade the operations of physical
those who would do harm to the UK systems. This type of activity is often
or its allies, to keep the country safe referred to as offensive cyber (OC).
and to protect and promote the UK’s
interests at home and abroad. The NCF NCF operations are conducted in line
is made up of a roughly equal share of with a well-established legal framework,
personnel from defence and intelligence which includes the Intelligence Services
and brings together their expertise, Act 1994 and the Investigatory Powers
resources and authorities under a single Act 2016. The UK has previously
command structure. It will be based in made it clear that it develops and
Samlesbury, Lancashire. deploys capabilities in accordance
with international law, including the law
The NCF delivers a broad range of of armed conflict where applicable.
outcomes in the interests of national Its activities are subject to ministerial
security, such as support to defence, approval, judicial oversight and
the UK’s economic wellbeing and the Parliamentary review, making the UK’s
prevention of serious NCF activities governance regime for cyber operations
range, from the tactical through to the one of the strongest in the world.
strategic, against both state actors and
non-state actors. Its work falls into three
main categories:
• Countering threats from terrorists,

criminals and states using the
internet to operate across borders
in order to do harm to the UK and
other democratic societies
• Countering threats which disrupt
the confidentiality, integrity
and availability of data and
services in cyberspace (i.e.
supporting cybersecurity)
• Contributing to UK Defence
operations and helping deliver
the UK’s foreign policy agenda
(for example intervening
in a humanitarian crisis to
protect civilians)

The UK will not routinely talk about As the national centre of excellence
individual cyber operations, but the for effects operations in and through
kinds of operational activity the NCF cyberspace the NCF will transform the
could conduct include: UK’s ability to develop, integrate and
utilise these capabilities alongside others
• Stopping terrorist groups from and optimise them to deliver effect.
carrying out their plans by disabling
their command and control
communications and limiting the
dissemination of extremist media
• Reducing the risk of harm to
UK armed forces by degrading
adversary weapons systems
• Defending democracy and
free, fair and open elections
by countering organised state
disinformation campaigns intended
to undermine them
• Preventing criminal groups from
profiting from their activities by
disrupting their use of online
platforms and services
• Helping to enforce international
sanctions by disrupting
efforts to evade them
• Shielding the UK and others from
cyber attacks by disrupting the
infrastructure used by adversaries
to carry them out
• Protecting civilians in a humanitarian
crisis by preserving their ability to
access critical information
43
Law Enforcement’s
National Cyber
Crime Network
Established over the course of the These are further complemented by
National Cyber Security Strategy 2016- dedicated Local Cyber Crime Units
2021, law enforcement’s national cyber (LCCUs), embedded in each of the 43
crime network has developed a fully police forces and synchronised through
integrated response to cyber crime, a regional coordinator. These Regional
ready to deliver an intelligence-led and Local CCUs can investigate and
response to all forms of cyber attacks pursue offenders, help business and
against individuals, organisations or victims protect themselves from attack
whole sectors. This is a nationwide and work with partners to prevent
system operating at national, regional vulnerable individuals from being drawn
and local levels. It provides victim care, into committing cyber crime.
helps businesses and people to be
protected and to recover swiftly, and Centralised crime reporting, triage
pursues criminal justice outcomes and analysis is provided through
against perpetrators. Action Fraud, hosted by the City of
London Police. The most serious and/
The National Crime Agency’s (NCA) or complex cases are subsequently
National Cyber Crime Unit (NCCU) referred to the NCA and regional
provides national leadership and network to pursue, while other cases
coordination of the response, supported are disseminated to local forces. The
by a network of dedicated Regional City of London Police also coordinate
Cyber Crime Units (RCCUs) in each victim support, including through the
of England and Wales’s nine police Economic Crime Victim Care Unit.
regions, in partnership with their
counterparts in Police Scotland and Systems are being joined up with
Police Service of Northern Ireland, as transformed forensic, intelligence
well as the Metropolitan Police Service’s and data-sharing capabilities to build
Cyber Crime Unit. a single platform so that national
and regional units can access all the
specialist high-end capabilities and
tools being developed. This includes
the ability to collaborate effectively with
partners in the security and intelligence
community, in particular to respond
to blended criminal and state threats.
Continuing the ethos of ‘build it once,
build it nationally for the benefit of the
whole cyber crime network’, these

capabilities can also be accessed by partner country interventions with
the local cyber crime units through intelligence and evidence
the regional coordinators. This whole
system approach is already delivering a • Preventing criminal groups from
significantly enhanced response to the profiting from their activities by
cyber crime threat. disrupting their use of criminal
marketplaces and enabling services
The law enforcement Cyber Crime • Protecting the UK and other
Network will continue to drive our countries from cyber crimes by
criminal justice response to malicious degrading and disrupting the
activities in cyberspace regardless of infrastructure used to carry them out
the threat actor at the international,
national, regional and local level. This • Contributing to sanction activity
will be complimented by a range of and public attribution against high
other disruptive methods including but echelon offenders
not limited to:
• Seizing cryptocurrency
• Developing specialist high end and other assets as the
investigative and disruptive proceeds of cyber crime
cyber capabilities
• Utilising the NCA’s extensive
international network to support
45
Part 2:
Implementation

47
Pillar 1:
UK Cyber
Ecosystem

Strengthening the UK’s
cyber ecosystem
63. For this strategy to succeed we home to an estimated 45% of sector
need to ensure that the UK has the right employment and accounts for 85% of
people, knowledge and partnerships. external investment.22
We must have a diverse and technically
skilled workforce, a vibrant research 65. Overall we will take on a more
community, an internationally strategic role where we facilitate
competitive cyber sector and a thriving the coming together of industry
regional innovation ecosystem that leaders, academics, innovators, law
enables us to take the lead in critical enforcement, the national security
technologies, all built on stronger community and others who want to
partnerships between government, collaborate on making the UK more
industry and academia. resilient against cyber threats. We will
align all the levers of government to
64. The growth of the cyber ecosystem support the cyber ecosystem, from
needs to be self‑sustaining, not how cyber is taught in schools to
dependent on government interventions. how economic regulations drive up
Over the course of this strategy we standards, to ensure that the UK grows
will transition from funding a range of the vital capabilities necessary to secure
largely bespoke and centrally‑managed ourselves against future threats.
skills and innovation programmes,
to a more sustainable, systemic and
regional approach. We will build on the
government’s wider reforms to the skills
and education systems to support and
inspire more people to gain the skills
they need to pursue a cyber career. And
we will prioritise a range of concrete
actions to increase the diversity of the
cyber workforce. This is not only about
ensuring that these jobs and careers
are made available to everyone but also
mission critical for our national security,
ensuring we harness the talent and
skills of the whole population. We will
also ensure that cyber sector growth
benefits the whole of the UK, not just
London and the South East which is
22
DCMS, Cyber Security Sectoral Analysis 2021 (2021)
49
Objective 1: 68. More integrated and effective
regional cyber networks across the
Strengthen the structures, UK, enabling stronger partnerships
partnerships and networks between government, businesses and
necessary to support academia to support sectoral growth
and business resilience. We will work
a whole‑of‑society with regional cyber clusters and the
approach to cyber recently established UK Cyber Cluster
Collaboration (UKC3), the growing
66. Cyber power requires a number of regional cyber innovation
whole‑of‑society approach. Our centres and Cyber Resilience Centres,
competitive advantage will come from strengthening links between local
our ability to nurture and harness businesses, academic centres of
talent across the UK and get the right excellence and law enforcement.
people working together in the right
ways across the whole public sector, 69. These steps will build on the
industry and academia, pulling together range of existing relationships between
the whole cyber community. We will the National Cyber Security Centre
need to form a genuine integrated (NCSC) and its stakeholders, between
delivery partnership with industry and government departments, arm’s-length
ensure a broad geographic approach bodies and the sectors of the economy
across the nations and regions of the they represent, including CNI and
UK, working closely with the devolved regulators, and the government’s wider
governments of Northern Ireland, dialogue with industry and the digital
Scotland and Wales and seizing the and technology sectors.
levelling up opportunity that cyber power
presents. We will achieve the following
outcomes by 2025:
67. A more inclusive and strategic

national cyber dialogue with industry,
academia and citizens by establishing
a new senior National Cyber Advisory
Board and building on the already strong
networks of cyber growth and resilience
partnerships and the academic
centres of excellence for cyber security
research and education

Ciara Mitchell, Head of Cyber at
ScotlandIS
Ciara is also the manager of

Scotland’s Cyber Cluster and a board
member of UKC3.
“Scotland’s Cyber Cluster has played a

key role in supporting the cyber security
community in Scotland. There is a
growing understanding of the expertise
in Scotland on cluster management and
the opportunity to build on a thriving
cyber sector. As the value of clusters
has become more recognised, I have
been delighted to take on a key role in
the new UK Cyber Cluster Collaboration
as Ecosystem Development Lead.
Through UKC3 there will be a greater
focus on collaboration, innovation and
skills development which provides
a platform to grow the UK cyber
security sector.”
51
Cyber Organisations (Locations representative)
UK Cyber Clusters
1 Bristol and Bath Cyber
2 Cyber North
3 Cyber Wales
4 CyNam (Cyber Cheltenham)
5 East of England Cyber Security Cluster
6 Midlands Cyber
7 ScotlandIS Cyber
8 South West Cyber Security Cluster
9 Yorkshire Cyber Security Cluster
10 NI Cyber (Northern Ireland)
11 North West Cyber Security Cluster
12 West of England Cyber Cluster
Academic Centre of Excellence GCHQ / NCSC site

in Cyber Security Education
Change Academic Centre of Devolved Authority Organisations

Excellence in Cyber Security Research*
*Red dot and black line denotes both CSE and CSR status
The Business Resilience The Cyber Resilience The Cyber Resilience

1 Centre for the North East 5 Centre for the South East 9 Centre for London
The North West Cyber The South West Cyber

2 Resilience Centre 6 Resilience Centre
The Cyber Resilience Centre The Cyber Resilience

3 for the East Midlands 7 Centre for Wales
The Cyber Resilience Centre The Eastern Cyber

4 for the West Midlands 8 Resilience Centre

Scottish Business
Resilience Centre
Abertay University
CyberScotland Partnership
Edinburgh Napier University
Queen’s 7 University of Edinburgh

University
Belfast
10
1 Northumbria University
2 Newcastle University
NI Cyber
Security Centre
Lancaster University 2 GCHQ Scarborough
National Cyber Force
9 GCHQ Manchester
11
3
University of Birmingham De Montfort
4 University
7 University
NCSC Cheltenham of Warwick
6 8
University of South Wales University of
4 Cambridge
Cardiff University 3 5
12 9 University of Oxford
University of the West of England
1 5
University of Bristol
King’s College
6 London
8
GCHQ Bude Imperial College
University London
Royal of Kent University College,
Holloway London
Kingston
University
University
of Surrey
University of
Southampton
53
Objective 2: 71. A significant increase in the
number of people who have the
Enhance and expand the skills they need to enter the cyber
nation’s cyber skills at every workforce, building on the work
level, including through a happening across all four nations
of the UK to ensure education and
world class and diverse skills policy meets the demands of
cyber security profession people and employers. We will do
that inspires and equips this through a number of measures
including the expansion post‑16 training
future talent programmes in line with the needs of
70. Central to the UK’s ambitions will the cyber workforce, funding a range
be developing a sustained and diverse of skills bootcamps in cyber security,
supply of highly‑skilled people into the the national rollout of the Institutes of
cyber workforce, capable of securing the Technology programme, and continuing
core elements of the digital economy, as the CyberFirst bursaries scheme for
well as innovating and developing new undergraduates. This builds on the
approaches. This will support our aim government’s work to align the majority
to lead by example through recognising of post‑16 education and training with
and retaining expertise across the public strengthened employer‑led standards
sector and increasing our capability by 2030. These will be developed in
in law enforcement, defence and conjunction with the UK Cyber Security
security, including the National Cyber Council for the wider cyber community
Force (NCF). As with other parts of this and underpin apprenticeships, T Levels
strategy we will work with the devolved and new higher technical qualifications.
governments of Scotland, Wales and This will ensure that employers have a
Northern Ireland to ensure that a central role in designing and developing
consistent approach is taken across the qualifications and training.
country on, UK government initiatives
72. A higher quality and more
on devolved matters, such as education
established, recognised and
and skills. We will achieve the following
structured cyber security profession.
outcomes by 2025:
Underpinned by Royal Charter the UK
Cyber Security Council will establish
professional standards and pathways
into and through a cyber career, built on
the world‑leading Cyber Security Body
of Knowledge (CyBOK). And we will
explore all government levers, including
legislation, to embed these standards
across the profession, ensuring that
excellence and expertise can be
recognised clearly and consistently
across the cyber workforce.

73. A more diverse cyber workforce, 75. Government is better able to
with underrepresented groups and identify, recruit, train and retain the
those from disadvantaged communities cyber professionals it needs. As
across the UK given more effective major employers of cyber professionals,
support to enter into and flourish government and the public sector will
in a career in cyber. Our range of need to lead by example, supporting
measures will include support for more and building on the measures outlined
women to enter the cyber workforce above. We will take a more coherent
and specific interventions to support and effective approach across the
underrepresented groups to progress public sector while also tailoring specific
to senior levels. And we will build on the measures to upskill civil servants and
successes of extracurricular activities senior leaders, and build our capability
delivered through our flagship CyberFirst in defence and security including the
programme, including the CyberFirst NCF, the NCSC and law enforcement.
Girls Competition. We will also increase This will include investment in early
access to education and career talent by expanding the Cyber Fast
opportunities for at‑risk young people Stream and offering more cyber
through the National Crime Agency’s security apprenticeships, supporting
Cyber Choices programme, diverting specialist skills programmes within the
them away from illegal cyber activity NCA including graduate and intern
towards more positive opportunities to placements, bespoke neurodiversity
make use of their talent and enthusiasm. programmes and summer diversity
programmes. It will build on the
74. A steady and diverse flow of successes of the Defence Cyber
highly‑skilled people coming through School by expanding it into the Defence
our education system. We will inspire Cyber Academy with a broader offer of
and support more young people to defensive and offensive cyber training,
follow a technology pathway through whilst collaborating with academic,
education, including an increase in industry and international partners.
the uptake and diversity of candidates
taking Computer Science GCSE and
equivalent qualifications in Scotland, and
going onto further education such as
T Levels in England and apprenticeships
and higher education opportunities. And
we will also upskill more teachers in
England through the National Centre for
Computing Education (NCCE), ensuring
they have access to the resources and
development opportunities that will help
them spark interest in more students.
55
The UK Cyber
Security Council
The UK Cyber Security Council The Council has four aims:
launched in March 2021 and is a world
first for the cyber security profession. • Thought leadership and professional
Its mission is to be the voice of the standards: leading the work to
profession, bringing clarity and structure develop and agree the standards
to the growing cyber workforce and the that define cyber security
range of qualifications, certifications and
• Careers and learning: supporting
degrees that exist across the field. This
employers and individuals as they
is a vital step, recognising that the cyber
make career decisions, with advice
profession incorporates a wide range of
on cyber security skills, professional
technical and non‑technical expertise
development and recognition
and specialisms across the economy,
similar in breadth to more established • Professional ethics: providing guiding
professions such as medicine and law. principles within which practicing
professionals and organisations
themselves can demonstrate ethical
practice in cyber security;
• Diversity and Inclusivity: promoting

cyber security as a career
opportunity for people of all ages
and backgrounds, making efforts
to remove barriers to entry and
progression within the field

The Council will look to grow and
establish its credibility and sustainability
as the professional authority throughout Simon Hepburn, CEO, UK Cyber
the lifecycle of this strategy. It will bring
together a range of existing professional
Security Council
and certification bodies, identifying and
empowering expert organisations who
can provide clarity over progression
and competency requirements to new
entrants, existing practitioners and
employers alike.
The Queen approved the award of a

Royal Charter to the UK Cyber Security
Council in November 2021. This
provides, for the first time, a bespoke
chartered recognition specifically for My work involves promoting the UK
cyber security, covering the range of Cyber Security Council as “the voice
specialisms that exist in the field. for the cyber security profession.” The
Council is the self‑regulatory body for
We recognise there is more work the UK’s cyber security profession,
to be done to embed professional and we aim to unite the industry to
standards and pathways across the develop, promote and steward nationally
cyber ecosystem, including across recognised standards for cyber to make
government, defence and law the UK the safest place to live and
enforcement. The Council will play a work online. The Council was officially
major role in this, supporting young launched in March 2021 following a
people and career changers to navigate successful formation project, and we are
their career in cyber. now open for membership applications.
The National Cyber Security Strategy
is a crucial element to ensure that
individuals and organisations can
work in a manner which furthers the
profession, with the Council a key
coordinating player.
57
Objective 3: 78. A cyber sector that has achieved
greater than average global growth
Foster the growth of a year on year, including through trade
sustainable, innovative and and cyber exports. We will help cyber
internationally competitive businesses to access new markets
at home and overseas by supporting
cyber and information world‑leading flagship cyber events in
security sector, delivering the UK and inviting our most innovative
quality products and cyber businesses to participate in
trade missions and international cyber
services, which meet the fairs. And we will use public sector
needs of government and procurement more effectively and
the wider economy establish a comprehensive directory
of NCSC accredited providers to
76. To enhance our national cyber encourage the demand for high quality
power and drive digital growth and cyber security products and services.
exports, the UK needs a vibrant
cyber sector made up of high quality, 79. An even more innovative cyber
trustworthy companies. UK firms sector that has seen a significant
provide world‑leading technologies, increase in early stage investment
training and advice to both industry and and more cyber businesses that have
governments in the UK and globally. But been able to launch, grow and scale.
to develop cutting‑edge technologies Our new Cyber Runway programme
some companies need support and gives businesses a single focal point
connections to investment to reach for support, learning lessons from our
the stage where they can offer a previous programmes such as the Tech
viable product. Nation Cyber Programme, Cyber101
and Hut Zero. We will transform the
77. Companies also need to feel Cheltenham Innovation Centre, which
confident they are innovating in line includes the cyber accelerator ‘NCSC
with government approved parameters for Startups’, into a true international
that other organisations are also centre of innovation: the National Cyber
following. And there is more we can do Innovation Centre. We will draw on the
to help buyers navigate the complex expertise of organisations that exist to
landscape, with a huge range of promote and enable co‑creation, such
products and services of varying quality. as the National Security Technology
This will in turn stimulate demand in and Innovation Exchange. And we will
the ecosystem and support further encourage higher‑risk investment in
growth. We will achieve the following early stage cyber start‑ups, including
outcomes by 2025: through the National Security Strategic
Investment Fund, in partnership with the
British Business Bank

80. A UK cyber economy that has
been levelled up significantly with
increased growth outside of the South
East, contributing to recovery from the
coronavirus (COVID-19) pandemic and
supporting wider regional economic
activity. We will establish the permanent
headquarters of the NCF in Samlesbury,
in the North West of England driving
growth in the technology, digital and
defence sectors outside of London and Berta Pappenheim, CEO and
helping create new partnerships in the founder, Cyberfish Company
region. We will increase our support for
innovators and entrepreneurs outside of
London and the South East to develop
their products and services, grow their
businesses and recruit skilled staff. This
includes the Golden Valley campus
led by Cheltenham Borough Council
dedicated to supporting the growth of
cyber-related technology businesses.
And we will increase the exporting
capabilities of cyber companies across
more regions of the UK through
engagement with the regional cyber
clusters and set piece events to
CyberFish took part in a government
showcase more of our cyber industry
cyber accelerator programme. Our
talent to international buyers.
mission is to help businesses and
81. A greater number of companies government teams prepare to better
able to offer cyber security handle business disruptions, like
technologies, products and services cyber incidents. We do this by running
that meet independently verified incident simulation exercises with
quality standards, increasing user them, observing their team dynamics
confidence. We will deliver this in line under stress, and coaching them
with The Future of NCSC Technology on how to make improvements.
Assurance white paper published by Many advisors are good at either the
the NCSC in September 2021, using technical side of incident response,
the NCSC brand and expertise to or the behavioural side of leadership
build a trusted marketplace that will and decision‑making. We do both,
help UK consumers buy services with together, with expert knowledge from
confidence, improve their security and both sides. Our exercises have helped
raise the national cyber security bar.23 almost 500 industry leaders working in
mission‑critical teams across the globe
to shift perspectives, improve their
teamwork, leading to improved crisis
response and decision‑making.
23
NCSC, White paper: The future of NCSC
Technology Assurance (2021)
59
Interested in joining the
cyber workforce or starting
your own business?
82. Our previous strategy placed 83. We have supported innovators
a major emphasis on growing the to grow and scale their businesses,
cyber skills base and cyber security ensuring the UK cyber ecosystem has
services sector in the UK. As outlined flourished over the last five years:
in the strategic context we have made
significant progress in growing the NCSC for Startups is pointing innovators
sector and exports: towards the most important strategic
challenges while its startups have
Helping cyber businesses find already taken part in over 160 new
international markets. The UK exported corporate trials.
£4.2billion of cyber services in 2020.
LORCA has helped 72 cyber innovators

Cyber Exchange, our online cyber raise over £200 million in investment and
portal, bringing together cyber earn over £37 million in revenue.
businesses across all regions of the UK.
Cyber Runway supports innovators

The Cyber Growth Partnership has to launch, grow and scale their
been bringing government and industry business – building on the success of
together to break barriers to growth. Hutzero and Cyber101.

84. We have been working to 85. We have been professionalising
narrow the annual shortfall of the cyber workforce, making it more
10,000 professionals entering the straightforward for organisations to
cyber workforce:24 understand what skills they need,
and making it easier for individuals to
The CyberFirst bursary scheme navigate what they need to know:
supports undergraduate students and
is delivering hundreds of individuals, The UK Cyber Security Council is a
with work experience, into the cyber world‑first professional authority for
workforce every year. cyber security. It has begun to set clear
and consistent professional standards,
building on all the work that existing
professional bodies have done to date.
The Council will look to clearly identify
effective qualifications from the myriad
currently available.
There are now four cyber apprenticeship

standards that have been designed by
industry and three cyber offerings for
initial learning outcomes offered through
the DfE ‘Courses for Jobs’ initiative.
The Cyber Security Body of Knowledge

(CyBOK) informs and underpins
education and professional training for
the cyber security sector.
There have been nine cyber bootcamps

supported through the recent National
Skills Fund, taking people into exciting
cyber careers and more of these are
planned for every year of the next
spending period.
24
DCMS, Understanding the cyber security recruitment pool (2021)
61
86. We have been working to ensure The UK Cyber Cluster Collaboration
that everyone can join the cyber is building partnerships between
workforce, tackling inequality in the industry, schools and colleges to ensure
sector where only 16% are female, opportunities and expertise are available
and only 3% of senior roles are held by across the regions.
women and ethnic minorities.25
The CyberFirst courses and Discovery

programme have engaged nearly
300,000 young people aged 11‑17 in
the last five years.
The NCA’s Cyber Choices programme is

helping young people to make informed
choices and use their cyber skills in
a legal way, raising awareness and
providing better alternatives such as
apprenticeships and work placements
25
HMG, Cyber security skillls in the UK labour market (2021)

63
Pillar 2:
Cyber
Resilience

Building a resilient and
prosperous digital UK
87. Cyber security and resilience are 90. We build on the foundations of the
foundational to our wider strategic aims previous strategy, evolve our approach
as a cyber power: without them we and shift the dial on UK cyber resilience
cannot hope to take full advantage of – placing particular emphasis on:
the transformational potential of digital
technologies to build back better, fairer • scaling up our work to make
and stronger, and to protect the UK’s the internet automatically safer,
strategic advantage in and through preventing attacks, building in
cyberspace. We must continue building basic protections to benefit all UK
strong cyber defences, taking action businesses, organisations and
to secure the UK’s digital networks, citizens, and increasing support
information and assets at a national, available to those least able to
local and individual level and ensure they protect themselves online
are resilient when incidents occur. • setting an ambition for government
88. And while we focus in this chapter to act as an exemplar of best
on cyber resilience, to be fully effective practice in cyber security
this will need to form part of a holistic, • embedding cyber security as a
whole‑of‑society endeavour to improve core part of good business through
UK resilience. The forthcoming better use of regulation and
National Resilience Strategy, a key other incentives, and harnessing
commitment of the Integrated Review, the power of our threat insight
will set out the overarching approach to to build communities that can
national resilience. defend themselves
89. Significant progress has been made • underpinning all of this with
in the last decade in improving our objectively‑measurable standards,
cyber resilience, with the establishment evidence and data and moving from
of the National Cyber Security Centre gathering to acting on that data
(NCSC), increased availability of advice,
guidance and other tools, and the 91. In this strategy the concept of
implementation of legislation including cyber resilience has three key aspects.
the Network & Information Systems First, the nature of the risk needs to be
Regulations (NIS regulations), General understood. Second, we need action
Data Protection Regulation and Data to secure systems to prevent and
Protection Act 2018. But serious resist cyber attacks. Third, recognising
gaps remain. Cyber breaches affect some attacks will still happen, we need
government, businesses, organisations to prepare for these, to be resilient
and individuals; many organisations still enough to minimise their impact and be
report high numbers of cyber security able to recover.
breaches or attacks.
65
92. Our approach will be tailored to 95. We require government
each audience, supported by national departments, the wider public sector
capabilities that enable us to address and regulated operators of critical
systemic risks. The audiences we national infrastructure (CNI), to raise their
seek to protect and influence are UK standards and manage their risk more
citizens, businesses and organisations, proactively. We expect large businesses
the government and public sector, and and organisations, including providers of
those who operate our critical national digital services and platforms to be more
infrastructure (providing the key services accountable for protecting their systems,
such as drinking water, electricity, services and customers as a core part
finance, transport and telecoms which of running their business. In return,
we all rely on). government will do more to secure the
digital environment and tackle systemic
93. We will focus first on steps to risks and provide support through
secure the digital environment for all advice, tools, accreditation in the
UK internet users, prevent attacks, marketplace, and developing the skills
build basic security in products and that enable improvement.
services, and help individuals and small
businesses and organisations with basic 96. Our efforts to promote cyber
actions to improve cyber security. As resilience in the UK must also form
we move through to those with greater part of our international engagement.
responsibility and capability to put in The deepening globalisation of supply
place additional layers of security and chains, IT platforms, multinational
resilience proportionate to the risk, this businesses, and the internet itself, mean
will culminate in the highest level of we cannot improve the UK’s cyber
protection expected for the key public security in isolation. To respond to this
and essential services our people and challenge we will need to continue
economy rely on. building a better understanding of the
linkages between UK and global cyber
94. This must be a shared endeavour resilience, addressing areas of high risk
between the government and all parts and working with international partners
of the economy and society. It is the to build resilience that facilitates digital
responsibility of boards of businesses transformation, security and trade, for
and organisations to manage their mutual benefit as set out in the Pillar 4:
own cyber risk. Our aim is to set clear Global Leadership chapter.
expectations underpinned by the right
framework of incentives, support and
regulation to enable improvement and
transfer the burden of cyber security risk
away from end users and towards those
best placed to manage it.

Reduce the burden on everyone
Work with providers to better protect UK internet
users and build basic protections into online
services for citizens
Expand Active Cyber Defence and prevent
and disrupt cyber crime and fraud
Citizen awareness and cyber hygiene
More resilient Businesses

and Organisations
Uptake of standards such as Cyber Essentials
and more transparency
Market incentives and more local support
Better regulation in targeted areas including
digital services and personal data
More resilient Public Services

All government organisations resilient to
known attack methods by 2030
Increased accountability, standards and
independent assurance
Investment to address legacy IT
More resilient Critical

National infrastructure
Resilience to common attack
methods and more advanced
protection according to
risk posture
Understand and address risk
arising from digitalisation and
new technologies
67
Objective 1: 99. Government is leading by
example in its understanding of cyber
Improve the understanding risk. We will adopt the NCSC’s Cyber
of cyber risk to drive more Assessment Framework (CAF) as the
effective action on cyber assurance framework for all government
departments, and critical systems and
security and resilience common suppliers will be mapped.
97. We will deliver a much closer We will establish a new Government
partnership between government, Cyber Coordination Centre (GCCC)
businesses and organisations to drive and cross‑Government Vulnerability
up collective understanding of the Reporting Service (VRS) to enable the
risk, guide prioritisation and establish government to ‘defend as one’ when
the case for action. We will support managing incidents, vulnerabilities
citizens by working with businesses and threats. The VRS will aim for
and organisations that provide services valuable and trusted relationships with
to consumers; and further strengthen the security researcher community,
the government’s ability to identify delivering a reduction in vulnerabilities
cross‑cutting risks. We will achieve the across the government estate. We will
following outcomes by 2025: also continue to support and coordinate
with similar initiatives in the devolved
98. Government has an up to date governments, such as the proposed
strategic understanding of the establishment of a central coordination
nation’s cyber risk and uses this function for cyber resilience in Scotland.
understanding to identify systemic
risk,communicate priorities and drive 100. Across the UK’s CNI, we
strategy and delivery. We will sustain will have a more sophisticated
and drive further value from significant understanding of cyber risk. We
investments made in ‘understanding will increase the adoption of the
the threat’ from the previous National Cyber Assessment Framework (CAF)
Cyber Security Strategy; and build on or equivalents across CNI sectors,
existing efforts to understand risk in and improve comparability with
an increasingly interconnected world. other cyber security assessment and
This will include identifying where digital reporting frameworks in use. We will
supply chains are too concentrated, complete criticality reviews and map
and working with international dependencies within CNI and its
partners to manage collective risks. supply chains. We will build stronger
We will also improve our recording of partnerships with CNI owners and
Computer Misuse Act (CMA) offences, operators to improve access to threat
understanding the links between data and risk information, and agree risk
breaches and downstream criminality, posture. And we will work to understand
and increasing our knowledge of how new risks or where new CNI is emerging
CMA offences are facilitating other types as a consequence of digitalisation
of criminal activity. and new technologies, including as
part of broader priorities such as the
transition to Net Zero.

101. UK businesses and
organisations have a better
understanding of cyber risk and their
responsibilities to manage them. We
will help organisations better understand
the risk to their customers, including
how the data they hold could be used to
facilitate crimes like fraud, identity theft
or extortion. And we will share more
insights from research and data on the
prevalence and impact of cyber attacks
and relative progress sectors are making
in improving cyber security.
69
Objective 2: 105. It will mean working more closely
with relevant sectors including online
Prevent and resist cyber service providers, telecommunications,
attacks more effectively technology, banking and retail, to better
by improving management protect UK internet users, including
to: make it more difficult to register
of cyber risk within websites for illegal purposes, increase
UK organisations, and the take down and blocking of malicious
providing greater protection content online, improve the recovery and
return of stolen credentials, and enhance
to citizens the security of UK telecommunications
102. Our approach to preventing and infrastructure. We will also develop
resisting cyber attacks assumes: (i) options to give statutory backing to
that organisations have a responsibility citizen protections should voluntary
to take action to manage their own arrangements prove insufficient.
cyber risk but stronger frameworks of
106. Our efforts to reduce harm
accountability and good governance
at scale will also include tackling
are needed at board level to make
systemic risks from the digital supply
this a priority; (ii) that there is a role
chain. Where necessary we will
for government to play working with
intervene to promote supply chain
industry in taking steps to directly
diversification, as we are doing in
reduce risk at scale where it is uniquely
telecommunications; we will strengthen
placed to do so; and (iii) we must ensure
our collective economic security with
support and guidance is available to
improved information‑sharing and
help individuals, sole‑traders and small
robust, predictable and proportionate
businesses and organisations manage
approaches to foreign direct investment
their cyber risk. We will achieve the
(FDI) screening in critical sectors, and
following outcomes by 2025:
establish clear requirements for critical
103. Government has reduced harm and common suppliers to government.
to the UK at scale and reduced
107. Government’s critical functions
the burden on UK citizens. We will
are significantly hardened to
increasingly act upstream on behalf of
cyber attack and all government
all internet users in the UK, expanding
organisations – across the whole
our Active Cyber Defence measures
public sector – will be resilient to
to support a wider range of sectors,
known vulnerabilities and attack
including charities, academia and
methods by 2030. Our aim is to
small-to-medium sized businesses
establish the UK’s public sector as an
and citizens. And we will strengthen
exemplar of best practice. In support
protections to online services through
of this outcome we will publish the first
increased engagement and information
dedicated Government Cyber Security
sharing with industry.
Strategy. This will focus on more
104. This work is complementary to effective risk management processes,
other government priorities aimed at governance and accountability; centrally
protecting UK citizens online, such as developed and employed capabilities
the draft Online Safety Bill and policy to (including Active Cyber Defence); more
counter economic crimes such as fraud. comprehensive monitoring of systems,

networks and services; rapid and scaled 110. Alongside this we will: enhance the
incident response; and investment in capability of regulators; invest in skills to
skills, knowledge and a culture that improve CNI operators’ ability to attract,
promotes sustainable change. develop, and retain cyber professionals
(see UK Cyber Ecosystem chapter);
108. Cyber risks to UK critical and support operators’ management
national infrastructure are more of supply chain risk by stepping up
effectively managed. Such services engagement with critical suppliers and
are by definition those that the country exploring the full range of levers, from
relies on most. We will continue to guidance to legislative and procurement
work closely with operators to achieve related proposals.
resilience against common attack
methods as quickly as possible and to 111. The infrastructure on which
put in place more advanced protections our data use relies is secure and
where appropriate. For Operators of resilient. This infrastructure is a vital
Essential Services designated under national asset – one that supports our
the NIS regulations this means at least economy, delivers public services and
meeting the baseline standard set by drives growth. We will take a greater
the relevant Competent Authorities role in ensuring that data is sufficiently
for each sector. protected when processed, in transit, or
stored at scale, for example in external
109. In support of this outcome, we data centres. We will build a stronger
will review the government’s ability risk management framework to ensure
to hold CNI operators to account to higher security and resilience standards
ensure they invest in the cyber security across the sector and implement the
of critical systems and effectively provisions in the National Security and
manage their risk, including from their Investment Act 2021 to strengthen
supply chains. We will strengthen the investment screening. We will strengthen
regulatory framework, to improve its our work with international partners
coverage, powers, and agility to adapt, to ensure that increased global data
within the context of broader national access and flows do not increase the
security risk and rapidly changing security risks facing the UK, and also
threat and technology. This will start address the security challenges posed
with a consultation on reforms to by mass data collection.
the NIS regulations, implementing
the new security framework for UK 112. We will also consider the
telecommunications providers and increasing criticality of UK data
developing a proportionate regulatory infrastructure services in underpinning
framework to ensure that the future the economy and its role within critical
smart and flexible energy system the national infrastructure. These measures
UK requires to deliver Net Zero will be are in line with the commitments set out
secure and resilient to cyber threats. in the National Data Strategy and the
Integrated Review.
71
113. A greater number of UK 115. Targeted legislation will primarily
businesses and organisations are focus around sectors where the
proactively managing their cyber potential impact of a cyber attack
risks and taking action to improve is greatest, including providers of
their cyber resilience. We will provide certain essential and digital services,
support and drive behaviour change data protection in the wider economy,
through the development of market and for larger businesses. This will
incentives that encourage effective be complementary to the Plan for
cyber security. Where necessary this Digital Regulation, initially focussing
will be complemented by targeted on regulations governing the security
legislation to ensure that cyber risk is of Network and Information Systems
managed effectively by those who have (NIS) – as outlined above and in the
the greatest responsibility to do so, and Technology chapter and the next steps
that the UK’s cyber security legislation for reforming the UK’s regime for the
remains effective in the light of evolving protection of personal data.
risk and technologies.
116. Further detail outlining the action
114. In support of these aims, we will we will take to improve business
increasingly work with market influencers resilience and cyber security across UK
(procurers, financial institutions, businesses and organisations will be set
investors, auditors and insurers) to out in the Cyber Security Regulation and
incentivise good cyber security practices Incentives Review.
across the economy. We will propose
improvements to corporate reporting of
resilience to risks, including cyber risks.
This will give investors and shareholders
better insight into how companies are
managing and mitigating material risks
to their business. And we will continue
to promote take‑up of accreditations
and standards such as the Cyber
Essentials certification scheme and
promote board level engagement in
cyber risk management.

117. Technical advice, self‑help tools Elis Power, Cyber Protect and
and assured products and services Prevent Officer, Tarian Regional
to improve cyber resilience are easy Cyber Crime Unit
to find and continually improving,
with a particular emphasis on helping
citizens, sole‑traders and small
organisations. We will continue to
develop technically accurate, timely
and actionable guidance and self‑help
tools through the NCSC. We will ensure
messages are consistent, clear and
provided through the most effective
channels, whether via the Cyber
Aware campaign, NCSC website,
government, law enforcement networks
or partnerships with industry; and we will
make more support available at a local Tarian Regional Cyber Crime Unit
level. Through the ‘Digital Entitlement’, is a multidisciplinary team of police
we will continue to fully fund Essential officers and staff seconded from the
Digital Skills qualifications for adults Welsh Police forces. Their mission is
who need them, ensuring learners have to contribute towards the provision
the basic digital skills they need to be of a safer and more secure cyber-
safe and responsible online. And we environment in Southern Wales.
will help businesses and organisations
Cyber Protect/Prevent Officer Elis Power
navigate the complex cyber security
works for the engagement team:
market, extending our frameworks
for assured products and services, “It’s a cliché but there is no such thing
and developing commercial offerings as a typical day on the unit. From day to
around Cyber Essentials which will day, I could be responsible for delivering
make it easier for small businesses to presentations containing advice for
access basic advice. internal police departments, or external
organisations, to ensure that they
have a solid understanding of how to
protect themselves and their workplace
against cyber threats. I could also be
presenting to young people in schools
on topics ranging from internet safety
through to the Computer Misuse Act
1990. I frequently attend meetings with
partner agencies and forces to discuss
new threats and associated guidance
for our audiences. I also engage with
organisations from which we’ve received
vulnerability alerts, take part in national
operations, guest appear at relevant
events and conferences, and find time
to continually upskill my abilities and
knowledge base”.
73
Objective 3: 120. It is easier to report cyber
incidents and victims of cyber crime
Strengthen resilience at receive better support. Reporting
national and organisational information will also be used to help
level to prepare for, respond prevent future incidents and support
law enforcement to investigate, disrupt,
to and recover from and prosecute cyber criminals. In
cyber attacks support of this we will deliver a new
national fraud and cyber crime reporting
118. Despite efforts to understand and analysis service to replace Action
the risk and take preventative actions Fraud by 2025. We will encourage
some incidents will still occur. We need more reporting of cyber incidents in
to strengthen capabilities for incident other ways, including through a new
management and response across all business reporting capability in the
organisations, to minimise the harm City of London Police. In regulated
caused and provide better support to sectors we will enable regulators to
victims. We will achieve the following require reporting of a broader range
outcomes by 2025: of incidents including ‘near misses’.
The roll out of the National Economic
119. The UK’s strategic management
Crime Victim Care Unit will improve
and coordination of the response to
the support and guidance available to
nationally significant cyber incidents
victims after what can be a stressful and
is even more effective. We will build
harmful experience.
upon the government’s experience of
responding to significant cyber incidents, 121. Government and CNI are more
ensuring that lessons identified are used prepared to respond to and recover
to improve our policies and processes. from incidents, including through
We will share crisis management better incident planning and regular
experience with international partners exercising. We will help UK government
and industry and, in turn, identify best and CNI operators find the cyber
practice from elsewhere to enhance our exercising and incident management
preparedness and processes. We will services they need from the marketplace
ensure that NCSC and law enforcement by expanding the NCSC’s accredited
incident management teams have the scheme for Cyber Incident Response
requisite expertise and tools to respond and introducing a new scheme
to the full range of evolving incident for exercising.
types and co‑ordinate a national
response to priority threats.

122. Within government, monitoring
and detection capabilities will be
improved within departments and
across the government digital estate.
We will ensure lessons are identified
and used to improve our policies and
processes; share crisis management
experience with international partners
and industry; and ensure that our
incident management teams have
the requisite expertise, capacity and Daniel Ng, CEO, CyberOwl
capabilities to respond to the full range
of evolving incident types.
123. Within CNI we will set out clear

requirements for exercising and testing
or adversary simulation across CNI
operators, and stimulate innovation and
collaboration in incident response and
exercising, considering application of
models such as the Financial Sector
Cyber Collaboration Centre. And as part
of our ambitions on technology (outlined
CyberOwl benefited from the
in the next chapter) we will establish
government’s cyber development
a national laboratory for operational
programme. We provide cyber security
technology security as a centre of
monitoring and analytics for operational
excellence for testing, exercising and
assets in the maritime and CNI sectors.
training on critical industrial technologies
The drive towards sustainability
to build capability in this area, in
demands more connectivity and
collaboration with industry, academia
digitalisation of field assets, exposing
and international partners.
them to cyber risks. CyberOwl helps
124. UK businesses and operators identify and map their assets,
organisations have a clearer gain early warning of cyber risks and
understanding of what to do in the prove to themselves and regulators
event of an incident, who to call, that they have secured it. We work
who can help and how to recover. with the world’s largest maritime asset
We will improve access to training operators across EMEA and Asia
and exercising, supported by assured Pacific to improve resilience of the
industry services, including a new Cyber global shipping logistics supply chain.
Incident Response scheme and Cyber In 2021, we have grown bookings by
Incident Exercising service. We will 14 times and doubled operations in the
ensure access to consistent nationwide UK and Singapore.
law enforcement support for individual
victims of cyber crime and encourage
small businesses and organisations to
take advantage of local support, such as
their regional Cyber Resilience Centre.
75
Jen Ellis, Vice President of
Community and Public Affairs,
Rapid7
My work involves talking to security

professionals and leaders in
organisations of all sizes and sectors
to understand the challenges they face
and try to identify solutions to help
them advance their cyber security. I
consistently hear that organisations are
overwhelmed and don’t know where
to focus, how to get started, or how
to make progress. It can also be hard
for technical staff to get buy‑in from
leadership. Having a clear, consistent,
transparent cyber strategy from the
government can help address this.
It gives technical staff something to
point to as part of their discussions
with leadership. It also identifies core
areas of focus and a potential path
towards maturity. Cyber security is still
hugely complex and never ending, but
with the widespread cyber strategy
there is a greater understanding of its
importance and a feeling that we are all
in this together.

77
Pillar 3:
Technology
Advantage

Taking the lead in the
technologies vital to
cyber power
125. Some technologies will be critical our strategic advantage. This strategy
in shaping the future of cyberspace. supports the work of the National
Countries that are able to establish a Science and Technology Council and
leading role in these technologies will be the Office of Science and Technology
better positioned to influence the way Strategy in pursuing that goal, as well
that they are designed and deployed, as complementing the UK’s strategies
more able to protect their security and in areas such as Artificial Intelligence,
economic advantage, and quicker to Quantum Technologies and Data.
exploit opportunities for breakthroughs
in cyber capabilities. As technology 128. We will strengthen our ability,
becomes an increasingly important tool led by the technical expertise of the
of geopolitical power, competition in this National Cyber Security Centre (NCSC)
arena will intensify. and others across government, to
identify the areas of technology most
126. For the UK, pursuing strategic critical to our cyber power. We will
advantage through science and take national‑level strategic decisions
technology, and the data access it about priorities, working within the
depends on, will be a precondition Own‑Collaborate‑Access framework
for achieving our wider goals as a set out in the Integrated Review.
cyber power. The government has In select areas we will invest in the
taken steps in previous strategies to research and development activity
stimulate research and innovation in and strategic partnerships needed to
cyber security technologies, such as develop the UK’s domestic capabilities,
through accelerator programmes for and where we rely on global markets
start‑ups and the Academic Centres of we will work with industry, regulators
Excellence in Cyber Security Research, and international partners to encourage
and to encourage the development of trustworthy and diverse supply chains,
consumer devices that are ‘secure by and to shape standards to ensure
design’. However, we now need a more technologies are secure and open.
ambitious and proactive approach to We will also strengthen the UK’s ability
maintain a stake in critical technologies to exploit and protect the growing
and avoid becoming overly dependent quantities of data and information
on competitors and adversaries. generated by and driving innovation in
emerging technologies, building on the
127. The Integrated Review set out framework set out in the National Data
plans to make the UK a Science and Strategy to maximise the benefits for our
Tech Superpower and use science economy and society.
and technology to build and sustain
79
Technologies vital to
Cyber Power
A variety of existing and emerging • Quantum technologies,
technologies will be critical to the UK’s including quantum computing,
cyber power and we need to be able quantum sensing and
to anticipate, assess, and act on these post‑quantum cryptography
developments. We expect to prioritise a
range of technologies and applications This work will support, and be aligned
as we deliver the strategy, such as to, the delivery of a number of strategies
those set out below. This is not intended and outcomes across government, for
as an exhaustive or static list and our example, the National Data Strategy, the
priorities will continue to evolve in National AI Strategy and the Integrated
consultation with industry, academia and Review, as well as the technology
technical experts: focussed outcomes within this Pillar.
• 5G and 6G technology, and other

emerging forms of data transmission
• Artificial intelligence (AI), including

the need to secure AI systems
and the potential for the use of
AI to enhance cyber security in a
wide array of applications such as
network monitoring
• Blockchain technology
and its applications such
as cryptocurrencies and
decentralised finance
• Semiconductors, microprocessor
chips, microprocessor architecture,
and their supply chain, design, and
manufacturing process
• Cryptographic authentication
including for identity and access
management and high assurance
cryptographic products
• Internet of Things and technologies

used in consumer, enterprise,
industrial and physical environments
such as connected places

Objective 1: 130. Government is better able to
analyse new and developing science
Improve our ability to and technology and understand the
anticipate, assess and implications for UK cyber policy and
act on the science and strategy. We will expand our research
capabilities including the NCSC’s new
technology developments applied research hub in Manchester,
most vital to our with a focus on emerging technology
cyber power in areas such as connected places and
transport, working alongside experts in
129. To build and sustain a competitive the Government Office for Science and
edge in cyber‑related technologies elsewhere. We will draw on expertise
we need a coordinated, rigorous and from outside government, supporting
consistent approach to identify and the four Cyber Security Research
analyse critical areas of science and Institutes and nineteen Academic
technology and prioritise national Centres of Excellence in Cyber
effort. This will require us to develop Security Research, funding Pathfinder
our research and technical expertise Awards for researchers in priority
within government and academia even subjects, and leveraging our overseas
further. We will integrate this with new footprint and international partnerships
government structures for science more effectively.
and technology horizon‑scanning
and intelligence whilst drawing on 131. This improved understanding
the insights of industry experts and is more quickly and effectively
leveraging our overseas network to informing the government’s wider
understand the priorities and systems of horizon‑scanning, prioritisation
international partners and competitors. and decision‑making, allowing us
We will achieve the following to take a more proactive approach
outcomes by 2025: to exploit opportunities and mitigate
risks. We will establish a new internal
horizon‑scanning function to anticipate
science and technology advancements
and their cyber implications. We will take
more informed decisions to prioritise key
cyber technologies, directing R&D and
policy development that will advantage
UK security. Where appropriate, this
will inform wider decision‑making
on science and technology priorities
through the Office for Science and
Technology Strategy and National
Science and Technology Council.
81
Objective 2:
Foster and sustain
sovereign and allied
advantage in the security
of technologies critical to
cyberspace
132. Where the UK has the potential to
Máire O’Neill, Principal establish a leading position or secure
Investigator at the Centre a competitive advantage in key areas
of cyber technology, or where reliance
for Secure Information on non‑allied sources of supply poses
Technologies (CSIT) unacceptable security risks, we will seek
to develop our domestic industrial base.
There will be some areas where we need
to maintain a truly sovereign capability,
and others where we will collaborate
with international partners or seek a
leading position in one aspect of the
market. This will require a coordinated
approach to stimulating innovation and
R&D in collaboration with industry and
academia. We will achieve the following
outcomes by 2025:
133. The UK is more successful at

CSIT is one of the UK’s largest cyber translating research into innovation
security focused university technology and new companies in the areas of
research centres. Led by Principal technology most vital to our cyber
Investigator Professor Máire O’Neill, it power. We will support academics
was as a result of being selected as across the UK to commercialise and
one of the country’s first Innovation & operationalise their research by adopting
Knowledge Centres in 2009. CSIT’s a more challenge‑based approach in
successful research, innovation and collaboration with industry partners.
industry engagement have led to the This will identify ideas with the highest
significant growth of its reputation both potential and stimulate investment
nationally and internationally over the from funders. And we will build on the
past decade. CSIT has been a critical approach set out in the Innovation
factor in the success of the Northern Strategy, supporting the development
Ireland Cyber Security Cluster through of more established ecosystems around
its support of spinout activity, indigenous key technologies, ensuring that the
business scale‑up and FDI in the UK’s advantage is more robust and
region. From a standing start in 2009 difficult to copy.
Northern Ireland’s cyber sector now
employs 2,300 people across 104
companies, generating £110 million in
salaries each year.

134. The UK is in an even stronger 136. The government is better
position as a world leader in secure able to protect UK innovation and
microprocessor design.26 We will intellectual property in critical cyber
build on the Digital Security by Design technologies against hostile activity,
programme that has developed a sustaining our competitive edge.28 We
new, more secure technology for will invest in the resources and expertise
computer chips to protect software we need to provide technical leadership
from vulnerabilities. We will bring on the security of these technologies
this experience to bear on Artificial as they develop, including advising on
Intelligence processors to give UK foreign direct investment risks in line
vendors an international advantage. And with the goals of the National Security
we will work with the National Quantum and Investment Act 2021. And we
Technologies Programme to design a will continue to work with businesses
security model for quantum computers and academia to create a trusted
and to ensure that UK companies are environment in key areas of research
world leading in this technology. and development, and develop robust
measures to prevent the theft of data
135. The UK is regarded as a world and intellectual property.
leader in research into the security
of operational technologies and
critical industrial control systems,
and in our ability to test and exercise
them in the UK. We will establish
a national laboratory for operational
technology security in partnership with
industry and academia. It will host
world leading research programmes
and provide government, military,
industry and international partners with
the facilities for exercising and testing
these technologies here in the UK.
And as confirmed in the 5G Telecoms
Supply Chain Diversification Strategy,
we will establish the UK Telecoms Lab,
bringing together the government and
the regulator with industry to support
the new telecoms security framework
and help to increase the diversity of
telecoms equipment vendors in the
UK’s supply chain.27
26
Microprocessors are the brains of many of the devices we use today. They are ubiquitous, including
in critical areas such as telecoms, defence, healthcare and across our major industries. Technological
advances in systems design are currently held back by security and safety concerns, which are
magnified by increasing system complexity.
27
DCMS, 5G Supply Chain Diversification Strategy (2020)
28
With a particular focus on those sectors identified in the National Security and Investment Act
2021: advanced robotics, artificial intelligence, communications, computing hardware, cryptographic
authentication, and quantum technologies
83
Digital Security by Design
Seventy per cent of current cyber
security vulnerabilities exploit a flaw in
how microprocessors are designed that
has been known about since the 1970s.
These microprocessors are found in Phil Wilson, Director,
every digital device from televisions to Research & Development at
telecoms. The government has been
The Hut Group
working with the tech sector to fix this
and by 2025 a new microprocessor
design will be available for smartphones,
and a growing list of other devices.
Changing the design of microprocessors

requires global partnerships and
investment. With UK leadership, and
£70 million of investment from the
government, security is being designed
into future devices, hugely reducing the
risk of a successful cyber attack.
This game changing technology was

The Hut Group is an e-commerce
researched and developed in the UK.
business focused on fast moving
Tech leaders including Microsoft, Google
consumer goods. We have over 200
and others are investing to bring these
websites running on a common platform
new security benefits to their products.
with up to 3000 orders per minute to
Researchers in universities across the
process so the security of our platform
UK are working to find new ways to use
and our customers is a top priority.
this secure technology better and the
We invest huge amounts of effort to
government is supporting UK SMEs to
ensure that any cyber attack can be
find new markets for products that have
contained and that is why we are so
this new security built in.
excited by the possibility of using Digital
Security by Design (DSbD) tech in our
systems. Running our systems on these
new microprocessors, developed in
a £180 million government-industry
partnership, would make our systems
more resilient but managing that
transition is complex as we cannot
adopt new tech unless it meets our
performance requirements. It has been
a privilege to be the first demonstrator
project for the DSbD programme
and we hope to benefit from this new
security across all our systems in
the near future.
Objective 2a: 139. A more resilient and secure
UK Crypt‑Key enterprise with a
Preserve a robust and more sustainable, world‑leading
resilient national Crypt‑Key industrial base, supplying the full
enterprise which meets the range of solutions that the UK needs
and exporting to chosen partners and
needs of HMG customers, allies. We will combine the capabilities
our partners and allies, and and expertise of government and
has appropriately mitigated industry more effectively, and take a
more rigorous, national approach to
our most significant risks managing the enterprise. This will ensure
including the threat from our that we grow the distinct, specialist
most capable of adversaries skills that we need.
137. Crypt-Key is the term used to 140. The UK has stronger Crypt‑Key
describe the UK’s use of cryptography capabilities and services in
to protect the critical information and government, able to meet the evolving
services on which the UK government, needs of the UK and our allies and
military and national security community ensuring we remain at the forefront
rely, including from attack by our most of Crypt‑Key development. We will
capable adversaries. It underpins provide strong technical leadership
our ability to choose how we deploy to understand user requirements and
our national security and defence improve our core services, including
capabilities. To be a world-leading provision of key material and assurance
Crypt-Key nation we need the right skills of products and systems. We will
and technologies both in government also transform Crypt‑Key services,
and in the private sector. harnessing new technologies so that
they become more flexible and invisible.
138. We will continue to invest in our
capabilities in government and work 141. The UK has advanced its
with our domestic Crypt‑Key industry to global leadership in Crypt‑Key and
ensure the UK remains one of a handful increased exports to our partners and
of nations able to develop sovereign allies. We will maintain our leadership
Crypt‑Key into the future. We will also role in the Five Eyes, NATO and other
continue to provide global leadership international partnerships and shape
in Crypt‑Key, including supporting the development of internationally
NATO as a supplier of key material. recognised standards to enable UK
This leadership will bring second order Crypt‑Key solutions to be interoperable.
benefits in sustaining a highly skilled And we will work with the industry to
industry in the UK and preserving our maximise export opportunities.
strength in highly resilient engineering,
with the potential to enable new robust
capabilities for other high assurance
contexts such as critical national
infrastructure. We will achieve the
85
Objective 3: 144. Consumer connectable
products sold across the UK
Secure the next generation meet essential cyber security
of connected technologies, standards. We will introduce and
mitigating the cyber security implement the Product Security and
Telecommunications Infrastructure Bill
risks of dependence to enable enforcement of minimum
on global markets and security standards in all new consumer
ensuring UK users have connectable products sold in the
UK. We will support a cyber secure
access to trustworthy and transition to a smart and flexible energy
diverse supply system, including smart electric vehicle
charge‑points and energy smart
142. Over the next decade we will appliances. We will work with standards
continue to see computing power, bodies, industry and international
internet connectivity and automation partners to influence the global
embedded into more and more parts consensus on technical standards.
of our environment, including physical And we will help UK organisations to
objects and infrastructure and, in the procure, deploy and manage connected
longer‑term, humans themselves. This devices in a more secure way, including
will extend the scope of cyberspace by means of new security guidance for
and vastly increase the volume of data enterprise connected devices.
generated. The ability to manage data
safely and securely will become ever 145. Major providers of digital
more critical to the secure running services, including cloud, software,
of our economy. managed services and app stores,
are required to follow better
143. We need to ensure that wherever standards of cyber security, helping
possible the next generation of to protect organisations and consumers
connected technologies are designed, from cyber threats. We will strengthen
developed and deployed with security and expand the existing regulation
and resilience in mind and as part of a of digital service providers and boost
concerted effort to embrace a ‘secure the capability of the ICO to ensure
by design’ approach. The global nature digital providers are managing the
of technology supply chains means we risks associated with their services
will need to use all our available levers more proactively. We will continue
to more actively manage the risks of to engage with industry, including
technological dependence. Where the major technology companies, to
possible we will seek to ensure that harness market expertise and ensure
security is built in; where we cannot do that everyone plays a role in securing
this, we will implement robust measures the UK’s digital supply chains. And
to mitigate risk, including domestic we will lead the development of
regulation and international collaboration international policy solutions that focus
on standards. We will achieve the on digital suppliers.

146. The UK is at the forefront of Shadi A. Razak, CTO and
the secure and sustainable adoption co‑founder of Angoka
of connected places technology for
the benefit of citizens and businesses. The publication of secure connected
Connected places, sometimes known places guidance by the government
as smart cities, have the potential to and the increasing use of autonomous
provide tangible benefits to society: vehicles highlights the importance
managing traffic, reducing pollution, and of security in our society. Angoka
saving money and resources. However, is a proud alumni of the NCSC
the interconnectivity that allows places Cyber Accelerator programme. We
to function more efficiently also creates provide solutions for a wide range
cyber vulnerabilities and the potential of applications, from critical national
for cyber attacks. We will build on infrastructure to land and air mobility and
the NCSC’s security principles for more, ensuring end-to-end resilience
connected places to reduce the risks and security assurance.
posed to businesses, infrastructure,
the public sector and citizens.29 We The company mission is to ensure the
will strengthen the capability of local safety and resilience of Smart Cities
authorities and organisations such as and mobility, which are becoming more
ports, universities and hospitals, to buy complex and reliant on networks of
and use connected places technology connected devices and machine-to-
securely. And we will build an machine communication. Our solution
international consensus for a consistent allows the creation of trusted zones
and effective approach to the security of operating a decentralised, quantum-
connected places. proof security, dynamically updated
to always provide a moving target for
147. Cyber security is designed attackers. It means device owners can
into other emerging technologies take full control of their security.
deployed in the UK. We will identify
novel and emerging technology
applications that have the potential
to create cyber security risks, and
ensure the UK is at the forefront of
the safe and secure development of
these technologies. As the government
considers options for a UK capability in
digital twin and wider ‘cyber‑physical
infrastructure’ technology, we will ensure
that cyber security is at the heart of
decision‑making.30 And we will roll out
an assurance scheme to ensure that Angoka Team demonstrating
the UK is in a strong position for a wide their solution
range of connected and automated
vehicle deployments.31
29
NCSC, Connected Places Cyber Security
Principles (2021)
30
Announced in the Innovation Strategy (2021)
31
The Connected and Automated Vehicles
Process for Assuring Safety and Security
(CAVPASS)
87
Objective 4: 149. More engaged multistakeholder
participation in the global digital
Work with the technical standards ecosystem.
multistakeholder community We will reinforce multistakeholder
to shape the development participation in key standards
development organisations and lead
of global digital technical by example with our delegations to the
standards in the priority International Telecommunication Union.
areas that matter most for We will promote open discussions on
the key trends and considerations for
upholding our democratic policy makers through the UN Internet
values, ensuring our cyber Governance Forum and other forums.
security, and advancing UK And we will strengthen coordination and
information sharing with international
strategic interests through partners, including through the Digital
science and technology Standards Points of Contact Group, set
up during the UK’s G7 presidency.
148. Global digital technical standards
are a core part of the functioning of the 150. Global digital technical
internet, telecommunication networks, standards in priority areas for the UK
and emerging technologies. How that are shaped more effectively by
they are developed and deployed can democratic values, cyber security
impact our cyber security objectives, considerations and UK research and
economic prosperity, and our norms innovation in emerging technologies.
and values. Historically these standards We will work with industry, academia,
have been shaped by those with the technical experts and civil society in
most market power and there are areas such as internet protocols, future
material barriers to entry that prevent networks and Artificial Intelligence
some important stakeholders, including (AI), to raise awareness of important
SMEs, academics, and other experts, public policy considerations in technical
from participating. We will achieve the standards development. We will pilot an
following outcomes by 2025: AI standards hub to support the UK’s
global engagement in AI standardisation,
as set out in the National AI strategy.
151. All of this will be supported by

strategic coordination mechanisms
within the UK, such as the initiative set
out in the National AI Strategy between
the government, the British Standards
Institution (BSI) and the National Physical
Laboratory. This engagement will also
support UK prosperity by promoting
standards that enable innovation and
facilitate growth and levelling up.

89
Pillar 4:
Global
Leadership

Advancing UK global
leadership and influence for
a secure and prosperous
international order
152. A free, open, peaceful and 153. We will reinforce our core alliances,
secure cyberspace remains critical to whilst working with a wider range of
our collective security and prosperity, partners, including industry, global
and international engagement will technical standards bodies, civil society
continue to be vital for delivering all UK and academia as a problem‑solving,
cyber strategy objectives. However, burden‑sharing nation. We will
to respond to an era of systemic invest in deeper relationships with
competition, the UK will now take a partners in Africa and the Indo‑Pacific
more activist international leadership role and seize opportunities for new,
to promote our interests and values in more agile alliances. We will also
cyberspace. UK activity in cyberspace continue to enhance our diplomatic
and our cyber expertise will also be toolkit, connecting our overseas
placed at the heart of delivering the influence to our domestic strengths,
government’s broader foreign policy leveraging our operational and
agenda: we will use them proactively strategic communications expertise,
to help achieve an open, secure and skills programmes and economic
prosperous international order. partnerships as a global force for good.
Our approach is in the interests of global
security and prosperity, not just our own.
91
Objective 1: 155. The UK’s international partners
have stronger capabilities, political
Strengthen the cyber resolve, governance, and systems
security and resilience for investigating and disrupting
of international partners cyber threats, as well as for building
resilience. This will have resulted in
and increase collective a reduced threat from abroad to UK
action to disrupt and deter citizens. We will prioritise our cyber
adversaries capacity building assistance in Eastern
Europe, Africa and the Indo‑Pacific,
154. Collective action and mutual and continue to work with key allies
resilience are critical to countering in the Middle East and the Americas.
threats upstream, whilst also reducing We will develop a more integrated,
the incentives for cyber threat actors whole‑of‑government technical
to carry out attacks against the UK offer, with greater investment in law
and its partners. We will achieve the enforcement and defence expertise,
following by 2025: drawing more on UK industry and
academia. Our focus will be on
protecting critical international supply
chains and infrastructure, advancing
the secure use of digital technologies
and working with industry partners to
do so at scale.

156. We will also do more to build the 158. A broader international alliance
capacity of civil society organisations, that is willing and able to impose
enabling a values‑driven debate around more meaningful consequences on
technology and society and building the UK’s adversaries. We will improve
local mechanisms of accountability. international resolve and capabilities
And we will continue to work with through greater diplomatic engagement,
effective multilateral organisations operational collaboration, information
and partnerships including the United sharing and joint exercising. By working
Nations, Five Eyes, NATO, G7, European through policy, operational and law
Union, Commonwealth, OECD, Global enforcement channels we will increase
Forum on Cyber Expertise (GFCE), the impact of measures, such as
ASEAN Forum, African Union and targeted cyber sanctions, as well as
the World Bank. identify new tools for raising the costs
for cyber threat actors. We will build
157. To improve our protection of more mutual understanding across key
UK interests and citizens overseas allied and partner countries’ cyber forces
we will also develop and deliver an and better integrate cyber operations
international cyber hygiene campaign into allied operations across all domains:
for UK overseas missions that will be land, sea, air, space and cyberspace.
tailored and delivered locally. The aim
will be to raise the cost of malicious 159. And we will continue to support
activity, such as hacking, data and IP the development of the NATO
theft and ransomware. The campaign alliance’s cyber security capabilities
will be delivered through our diplomats, for strengthened collective action,
country-based staff, the local British including supporting the processes
business community and implementers to integrate sovereign cyber effects
of UK development programmes. provided voluntarily by the UK
and some other allies, into NATO
operations and missions.
93
Objective 2: the Budapest Convention, ensuring that
it strengthens international cooperation
Shape global governance and maintains human rights protections.
to promote a free, open,
peaceful and secure 162. We will also continue to promote
the Budapest Convention on cyber
cyberspace crime, working with international
partners to make a compelling case
160. States who do not share the UK’s
for it to remain the premier international
values exploit the challenges presented by
agreement for cooperation. And we
a free and open internet to push forward
will continue to promote and enhance
their authoritarian visions for cyberspace,
multistakeholder processes for the
under the guise of security. The UK will
governance of the internet, including
take a more proactive approach, working
ICANN and at the Internet Governance
with our allies and partners to ensure
Forum (IGF). These efforts will be
international rules and frameworks
complemented by our work to shape
develop in line with our democratic
global digital technical standards
values. We aim to support national
(described in the Technology chapter)
and global economic growth, enhance
and our work to expand UK cyber
collective security, encourage responsible
security exports (set out below) which will
use of offensive cyber tools and enable
also help to embed UK standards into
real consequences for malicious and
the cyber ecosystems of other nations.
irresponsible activities. We will achieve the
following outcomes by 2025: 163. Most ‘middle ground’
countries support and promote
161. Global governance of
the UK’s vision for cyberspace
cyberspace and the internet is
and the future of the internet,
protecting UK interests and values,
more successfully countering the
with the UK and our partners having
influence of authoritarian states
greater influence over the development
over the multi‑stakeholder system.
and implementation of international
We will demonstrate that it is possible
governance and standards frameworks.
to address challenges in cyberspace
We will take a more progressive and
without adopting authoritarian
proactive approach to shaping the
approaches while also enabling
frameworks that govern cyberspace
innovation, development and growth.
to promote global economic growth
We will support countries grappling
and security. We will design and
with digitalisation to build the full range
deliver practical steps that unblock the
of legal and strategic communications
international debate on the application
expertise they need to engage with the
of rules, norms and principles in
international debate and to implement
cyberspace and move it towards a
agreed frameworks. We will continue
consensus on effective constraints on
to expose irresponsible use of cyber
destructive and destabilising activity.
capabilities, building trust internationally.
We will do this through key regional
And we will continue to demonstrate
and specialist organisations including
an open and transparent approach to
the OSCE, ASEAN and the GFCE and
our use of offensive cyber capabilities
engage constructively with the UN
wherever we can, reinforcing the UK’s
process to develop a new international
reputation as a force for good.
cyber crime treaty which sits alongside

Objective 3: more effectively to protect democratic
values, systems and processes and
Leverage and export UK strengthen the rules‑based international
cyber capabilities and system (including the United Nations,
expertise to boost our World Health Organisation and the
global trading system) by investing
strategic advantage and further in our network of cyber officers
promote our broader foreign that stretch across six continents.
policy and prosperity We will enhance our use of strategic
communications to promote UK
interests. research collaboration and academic
164. In response to systemic exchange programmes and help
competition and rapid technological to ensure UK ideas translate into
change, UK cyber activity and practical applications.
capabilities will be considered
166. The UK is one of the top 3
alongside other sources of national
global exporters of cyber solutions
power to bolster our strategic
and cyber expertise, with our cyber
advantage and promote our foreign
industry regarded as the ‘go‑to’ provider
policy and prosperity goals. Our aim
of cyber security solutions for foreign
is to achieve an international order in
government and major commercial
which open societies and economies
clients. We will showcase the best of
can flourish and human rights are
UK cyber security through more active
defended, whilst driving prosperity at
international government‑to‑government
home. We will achieve the following
engagement, under the auspices of
outcomes by 2025:
the UK Cyber Security Ambassador
165. Our activity in and in relation Programme and our international
to cyberspace has enhanced network. We will support companies
global stability and protected the across the UK at every stage of the
rules‑based international system, innovation to export pathway to become
open societies and democratic competent exporters and attract inward
systems where they are being investment and provide more support to
undermined. We will deliver an SMEs, including through a new Export
international values‑based campaign Faculty.32 33 Alongside our work through
to champion human rights, diversity, the Cyber Growth Partnership and
and gender equality in the design, other efforts outlined in the UK Cyber
development and use of cyberspace. Ecosystem chapter we will also develop
This will include but not be limited to a new Cyber Capability Campaign
tackling internet shutdowns, bias in Office to provide more structured
Artificial Intelligence algorithms and and coordinated support to major
increasing online safety. We will compete export campaigns.
32
Described in the UK Innovation Strategy (2021)
33
The UK Defence & Security Exports (UKDSE) Export Faculty is an online learning and development
hub aimed at SMEs in the defence and security sector with specific modules for cyber security
companies. Registering for the Faculty provides access to a programme of curriculum based learning
modules and in addition, valuable information around UK Defence and Security Exports planned
events and activities.
95
Charles Juma, UK Digital
Access Programme in Nairobi
My name is Charles Wesonga Juma. I

lead, shape and deliver cyber security,
digital development, inclusion, and
entrepreneurship as part of the global
and cross-government UK Digital
Access Programme in Kenya. I also
support complementary projects under
the Conflict, Stability and Security Fund
(CSSF) Cyber Portfolio. The importance
of online safety, security, data protection
and responsible use of cyberspace
cannot be overemphasised. As we have
learnt from the COVID-19 pandemic,
online safety and hygiene can be as
important as public health and hygiene.
I am passionate about ensuring that
everyone is protected from online
threats and harms as part of the UK
government’s overall cyber power.

Sara Merchant, Cyber Officer at
the British Embassy, Tbilisi
I’m Sara and I’m posted to the

British Embassy Tbilisi as our Cyber
Officer, working closely with the
Georgian Government and NCSC
UK. My day‑to‑day work varies from
political engagement, to supporting
implementation of the new cyber
strategy, to leveraging UK specialists to
increase Georgia’s technical capability.
I feel privileged to be at the forefront of
projecting UK expertise and supporting
Georgia to build up resilience against
cyber threats. As a country who has,
unfortunately, a great deal of experience
in being on the sharp end of hostile
state activity there is a lot we can learn
here in Georgia. Our work makes
us both stronger, more resilient, and
better informed.
97
Pillar 5:
Countering
Threats

Detecting, disrupting and
deterring our adversaries
to enhance UK security in
and through cyberspace
167. The nature of the threat we face policy makers on the attribution of
is complex. We are concerned about attacks against UK interests, which
threats in cyberspace (for example is a critical part of our approach to
to our online activities), threats to the deterring cyber threats. We have
UK and partners through cyberspace significantly invested in our offensive
(for example to networked UK critical cyber capabilities, through the National
national infrastructure), and threats Offensive Cyber Programme and now
to the functioning of underpinning the new National Cyber Force (NCF).
international cyber infrastructure. All of We have also developed an integrated
these threats can impact the availability National Crime Agency (NCA)-led
of services that people rely on, or national law enforcement response
the confidentiality or integrity of data and have sought to disrupt and raise
and information that passes through the cost of hostile and criminal activity
those systems. The foundations of in cyberspace. We have created world
our approach to countering the threat class threat detection and assessment
are in promoting cyber resilience as capabilities with the means to translate
outlined earlier in this document. This the resultant insight into impactful
chapter focuses on how we will raise the mitigations across the public and private
costs and risks of attacking the UK in sector. And we have developed an
cyberspace and ensure we achieve our autonomous cyber sanctions regime as
full potential as a cyber power. another lever to impose costs on hostile
actors. In combination, our diplomatic
168. Since the National Cyber engagement, the NCSC, our security
Security Strategy 2016-2021, we have and intelligence agencies, the NCA,
transformed our approach to mitigating wider law enforcement and the NCF
the threat. We have established world have reduced the real‑world impact
class cyber threat detection and analysis caused by threats, by taking action
capabilities as part of the National to directly counter adversaries, help
Cyber Security Centre (NCSC). The prevent attacks, and reduce harm.
NCSC works with partners across
the public and private sector, at home
and overseas, to detect and respond
to threats and incidents. As part of
the wider intelligence community the
NCSC has also been able to inform
99
169. But the threats have also grown • new investment to enable law
in sophistication, complexity and enforcement to pursue investigations
severity; and our efforts have not yet at scale and pace and to maintain a
fundamentally altered the risk calculus of technical edge over our adversaries
attackers who continue to successfully in order to prevent and detect
target the UK and its interests. Cyber serious criminals and the enabling
attacks against the UK are motivated services they rely upon
by espionage, criminal, commercial,
financial and political gain, sabotage • a major step up in data sharing
and disinformation. Attackers develop across government and industry as
capabilities that evade mitigations; outlined in the Resilience chapter
increasingly sophisticated cyber 171. Cyberspace presents opportunities
tools and related enablers have been for the UK, creating new ways to
commoditised in a growing industry, actively pursue our national interests.
lowering the barriers to entry for all For example, offensive cyber operations
types of malicious actors. And rewards offer us a range of flexible, scalable, and
are increasing as the ability of actors de‑escalatory measures that will help the
to steal and encrypt valuable data and UK to maintain our strategic advantage
extort ransomware payments continues and to deliver national priorities, often
to grow, disrupting businesses and key in ways that avoid the need to put
public services. The result has seen individuals at risk of physical harm.
attackers increasingly benefit financially,
exploit privacy and freedom of speech, 172. We will continue to develop and
and attempt to manipulate events invest in our offensive cyber capabilities,
through disinformation. through the NCF. The NCF will transform
the UK’s ability to contest adversaries
170. The UK’s approach will therefore in cyber space and the real world, to
now shift to a more integrated and protect the country, its people and
sustained campaign footing that will our way of life. These capabilities will
involve making routine, integrated and be used responsibly as a force for
creative use of the full range of levers good alongside diplomatic, economic,
and capabilities available to impose criminal justice and military levers of
costs on our adversaries, pursue and power. They will be used to support and
disrupt perpetrators and deter future advance a wide range of government
attacks. The key supporting elements of priorities relating to national security,
this approach will be: economic wellbeing, and in support
• the continued development of the of the prevention and detection of
NCF as the next step in the UK’s serious crime.
ability to conduct offensive cyber
operations against its adversaries
• tailored cross‑government
campaigns to tackle threats
to the UK – making use of our
diplomatic, military, intelligence, law
enforcement, economic, legal and
strategic communications tools

Objective 1: 175. Our work to enable faster
and easier reporting of cyber
Detect, investigate and incidents and crimes, outlined in the
share information on state, Resilience chapter will also help to
criminal and other malicious achieve this outcome.
cyber actors and activities 176. Most serious state, criminal
in order to protect the UK, and other threats are routinely and
its interests and its citizens comprehensively investigated,
drawing on all sources of information
173. We will achieve the following and bringing together expertise across
outcomes by 2025: government, law enforcement and
the private sector. We will build the
174. The government has a intelligence, operational and technical
comprehensive understanding of the capabilities of the UK’s law enforcement
cyber capabilities of state, criminal cyber network. We will invest in the
and other malicious cyber actors NCA’s cyber intelligence capability, used
and their strategic intent towards to target organised crime groups, the
the UK. We will sustain and grow the regional intelligence build initiative, which
considerable investments made under will enhance intelligence access and
the 2016 strategy in the intelligence movement across the UK, and the skills
agencies and law enforcement for and capability that law enforcement
understanding the cyber threat. need to investigate and disrupt cyber
In particular, we will increase law and digital crimes.
enforcement’s capability to understand
and tackle the cyber crime threat, 177. Investigations will be supported
including its links to state and other by intelligence from all sources
international and domestic threats and and leverage skills and knowledge
its technological enablers, helping us to across the private sector, including
develop more effective policy responses. by helping businesses to share data
We will improve how we coordinate more easily with law enforcement.
threat detection across government, And we will continue to implement the
with a joint data access and exploitation recommendations of the HMICFRS on
strategy across the intelligence agencies the policing response to cyber crime
and law enforcement. And we will focus to ensure the cyber crime network at
even more on understanding the intent the national, regional and local levels
and decision‑making criteria of our remains on a secure footing.34
adversaries and the impact our activities
are having on them, including how
individuals become cyber criminals and
what action we can take to prevent this
from happening.
34
Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services
101
178. Information and data on the 179. The NCSC are also investigating
threat is routinely shared at scale ways to track emerging threats and
and pace and those who receive it continue to work with the Alan Turing
are more able to take action. The Institute to explore whether machine
NCSC has trialled a range of initiatives learning can be used to detect certain
to build up more effective communities types of cyber attack. This research will
of network defenders, across a wide continue to improve our understanding
variety of sectors, who not only receive of how we can use artificial intelligence
and are able to share threat information, to detect malicious activity.
but are increasingly capable at using
it for collective benefit. We will expand
this work, with an initial focus on
helping government defend itself better,
supported by the Government Cyber
Coordination Centre (described in the
Resilience chapter). The Financial Sector
Cyber Collaboration Centre is already
leading the way in the private sector.35
35
NCSC, Financial sector cyber collaboration centre (FSCCC) (2021)

Stopping cyber crime
also means tackling other
types of criminal activity
Cyber crimes (defined as Computer For citizens, cyber crimes often manifest
Misuse Act offences) occur when there in the further crimes they enable and
is unauthorised access to computers, facilitate. Unauthorised computer
networks, data and other digital access can lead to a wide range of
devices, associated acts that cause frauds, theft, sextortion, and in some
damage or the making or supplying of cases facilitate stalking, domestic abuse
tools to commit these offences. This and harassment. All of these crimes
can allow cyber criminals to commit cause significant harm to UK citizens on
further malicious cyber activities such a daily basis, destroying businesses and
as ransomware attacks, unauthorised ruining lives. Cyber crimes are therefore
account access, intellectual property distinct and different from wider online
theft, denial of service attacks, or the safety issues such as bullying and
stealing of large personal data sets – harassment, hate speech, the spreading
these are significant and growing crimes. of disinformation, promotion of gang
culture and violence, or underage
access to pornography. The government
is addressing these issues through the
online harms white paper and draft
online safety bill.
103
Objective 2: 183. State, criminal and other
malicious cyber actors are less
Deter and disrupt state, able to target the UK as a result of
criminal and other malicious our disruption and denigration of
cyber actors and activities their activities and capabilities. We
will review the government’s policy
against the UK, its interests, and operational approach to tackling
and its citizens. ransomware, adopting this as one of
our priority campaigns, collaborating
180. We will achieve the following with industry and our international
outcomes by 2025: partners. We will maximise the
partnerships between the NCF, NCSC,
181. It is more costly and higher risk
NCA and wider law enforcement
for state, criminal and other malicious
and the diplomatic and intelligence
cyber actors to target the UK. We
communities to counter threats that
will implement sustained and tailored
disrupt the confidentiality, integrity and
deterrence campaigns that leverage the
availability of cyberspace or data and
full range of UK capabilities (including
services in cyberspace. In particular
diplomatic, economic, covert and overt
we will invest in capabilities to target
levers) to influence the behaviour of
cybercriminal infrastructure and deploy
malicious and criminal cyber actors. In
our law enforcement and offensive cyber
particular we will improve our signalling
capabilities to disrupt malicious cyber
to adversaries of our capability and
activity. Our adversaries are building
willingness to impose meaningful
cyber capabilities and increasingly using
costs, including through sanctions,
them for malign purposes. We will make
law enforcement and NCF operations.
full use of the NCF, where we deem it
And through NCA’s Cyber Choices
appropriate, to disrupt these efforts and
programme we will divert individuals
defend and protect the UK.
from becoming involved in cyber crime,
working with industry and academia 184. We will also counter the
to offer potential offenders better proliferation of high‑end cyber
alternatives such as apprenticeships and capabilities to states and organised
work placements. crime groups via commercial and
criminal marketplaces, tackling forums
182. We will also provide the tools
that enable, facilitate, or glamorise
and powers law enforcement and the
cyber criminality.
intelligence agencies need through the
Counter State Threats Bill, by updating
existing legislation and introducing
new offences to account for how state
threats have evolved. And we will amend
the Proceeds of Crime Act 2002 to
optimise law enforcement’s ability to
identify, seize and recover the proceeds
of cyber crime. In particular, we will do
this by creating a civil forfeiture power to
mitigate the risks posed by those who
cannot be prosecuted.

185. An increase in criminal justice Susan Moody, Police Service
and other disruptive outcomes for of Northern Ireland (PSNI)
cyber criminals with improved criminal Prevent Officer
justice capability used to prosecute
cyber criminals in the UK. We will
review the Computer Misuse Act (CMA)
and relevant powers to ensure that
law enforcement agencies have the
ability to investigate new and emerging
threats from criminals and introduce
more specialist prosecutors to deal
with the increasing number of cyber
cases. We will also improve specialist
law enforcement skills, exercising and L-R Susan Moody (PSNI), Sarah
mainstreaming to ensure a continuing Travers (TV presenter) and Joe Dolan
supply of officers with required (Head of the Northern Ireland Cyber
cyber specialist knowledge, through Security Centre)
the National Police Chiefs’ Council
(NPCC) cyber skills prospectus and Computers and mobile devices are part
the College of Policing Cyber Digital of a young person’s everyday life. They
Career Pathways. provide great opportunities but also
dangers if misused. The prevent function
within PSNI provides a much needed
early intervention with young people and
helps them understand the law around
using and misusing computers. This
highlights the danger signs for potential
criminal activity and also highlights the
great opportunities through initiatives
such as CyberFirst and cyber as a
career, which can give those who have
a curiosity or talent an alternative to
offending, and prevent abuse by others
for criminal ends. Susan has worked
tirelessly in developing a schools cyber
information programme available for all
secondary schools and has engaged
directly with more than 40 primary
schools, numerous secondary schools,
young people’s organisations and
uniformed groups. These young people
could well be our cyber ambassadors
and defenders of the future.
105
Objective 3: 188. We will also scale up and
develop law enforcement technical
Take action in and through capabilities against infrastructure and
cyberspace to support our cryptocurrency, which can be deployed
national security and the against other threats.
prevention and detection of 189. UK cyber capabilities are
serious crime integrated across the full breadth
of defence operations in line with the
186. We will achieve the following Integrated Operating Concept 2025.36
outcomes by 2025: This will maintain our competitive
warfighting edge over adversaries and
187. The UK’s cyber capabilities enable greater collaboration with our
have a greater impact in deterring allies and partners. We will continue
and disrupting non‑cyber threats. to progress the Defence Multi‑Domain
We will scale-up and develop the NCF, Integration Change Programme, which
delivering on our long-term vision for will bring together capabilities across
this key capability, ensuring that it is the domains, and deliver greater
fully integrated with GCHQ, MOD, SIS integration with other instruments of
and Dstl and working closely with law our national power, bolstering our
enforcement and wider government. military advantage over our adversaries.
We will deliver legal and proportionate Cyber will be a mainstream part of
offensive cyber operations through the defence business enabled by highly
NCF, acting responsibly in cyberspace skilled cyber specialists, an overall
and leading by example. Offensive cyber cyber awareness across the defence
operations will continue to support the workforce and cutting‑edge and resilient
UK’s national security, including our cyber capabilities.
defence and foreign policy, and in the
prevention of serious crime.
36
Ministry of Defence, Integrated Operating Concept (2020)

107
Major law enforcement
cyber crime investigations
Operation Imperil: Op Imperil was a Operation Nipigon: This was a Met
joint South East Regional Organised Police investigation into a Bulgarian
Crime Unit (SEROCU) investigation National who was suspected of creating
with the FBI into a website selling bespoke phishing pages estimated
compromised personal and banking to have caused losses to the UK in
information of victims of cyber‑attacks. excess of £40 million. He was identified
This enabled others to purchase following an investigation into another
personal data to commit frauds and well known cyber criminal previously
further computer misuse offences. sentenced to 10 years custodial in
Significant investigation led to the 2018, who was using the phishing
identification of bank accounts and pages created by the Bulgarian National
payments used for the technical to enable his own criminality. The
infrastructure, identifying that the investigation was opened following
website owner was based in Pakistan. the identification of a significant email
This enabled the FBI to covertly seize address linked to the suspect which
the website and then subsequently after a number of protracted and
take it down. The South East Regional complex enquiries led to engagement
Organised Crime Unit arrested with the Bulgarian authorities and the
the primary UK suspect who was suspect was arrested, extradited and
discovered to have opened a US based following comprehensive disclosure,
bank account on behalf of the website pleaded guilty to all criminal charges
owner for the laundering of criminal receiving a nine and a half year
funds. The UK suspect committed custodial sentence.
significant fraud using some of the
compromised victim data, opening Operation Leasing: In 2020, the NCA
bank accounts in other names, utilising led an investigation into terrorist bomb
compromised bank accounts to pay for threats made against the NHS at the
luxury holidays and false Department height of the COVID‑19 pandemic,
of Work and Pensions claims resulting demanding payments in Bitcoin (BTC).
in a loss to the state of in excess of Working with German authorities,
£90,000. The suspect was charged the NCA identified and apprehended
with nine counts and sentenced to the suspect, who was successfully
four years imprisonment reduced convicted in a German court.
due to an early guilty plea. The judge
On 12th April 2020, an Italian national,
awarded the investigative team a
living in Germany, sent an email via
Judge’s Commendation. Confiscation
the TOR network stating his intention
and a lifetime Proceeds Of Crime
to bomb an NHS hospital unless he
Act application is in progress at time
received £10 million in Bitcoin.
of publication.

This was rapidly identified as a high- In collaboration with German authorities,
priority by the NCA and specialist NCA officers identified that the emails
cyber crime officers were tasked to were sent from a computer at an
identify the perpetrator and prevent any address in Berlin. Through international
potential attack. collaborative working, and despite
significant efforts to mask his identity
The perpetrator had also sent emails and location, the suspect was identified
threatening to attack MPs and bomb and placed under surveillance by
Black Lives Matter protestors in London. German law enforcement. On 15 June
Despite writing his emails in English, 2020 the suspect was arrested, charged
NCA investigators used specialised with attempted extortion and remanded
cyber techniques and behavioural in custody. He was convicted on
and linguistic analysis to deduce 26 February 2021 and sentenced to
that the offender was likely a native three years in prison.
German speaker.
109
Taking action through
cyberspace to
counter terrorism
Counter Daesh campaign: MOD and During the Battle of Mosul, the self-
GCHQ’s work against Daesh is an declared capital of Daesh, we used
example of how we have taken active cyber tools and techniques in operations
steps to counter threats from those who alongside the military in support of
misuse the power of the internet and the coalition and as part of a wider,
modern communications. full‑spectrum campaign. The outcomes
of these operations were wide-
Daesh devoted much time and energy ranging. Disruption of communications,
to technology, to create media content degradation of propaganda, causing
used to radicalise and attract new distrust within groups, and denial of
recruits and to inspire terrorist attacks equipment and networks used as
around the world. In recent years we’ve part of their operations were all ways
seen the impact of this approach all over in which Daesh’s effectiveness could
Europe, including attacks in London and be reduced. We could also use cyber
Manchester. Daesh also used modern techniques to promote UK government
communications systems to command messaging to targets, or to highlight
and control their battlefield operations. their activities to those who may
This allowed them to operate flexibly, at unsuspectingly be providing them with
scale and pace, and to pose an even assistance. These operations made
greater danger to the populations they a significant contribution to coalition
sought to control, and to maximise their efforts to suppress Daesh propaganda,
reach across their so‑called caliphate. hindered their ability to coordinate
attacks, and protected coalition forces
on the battlefield.

Andrew, a member of the
I’ve always been fascinated by the latest
cutting‑edge technology. Before working
for the intelligence services, I joined the
police and worked my way up from a
Constable on the beat to specialising in
digital forensics – looking at suspects’
electronic devices for evidence. I
loved it but wanted to see what other
opportunities were out there.
I didn’t go to university after leaving

school and my career so far has been
led by a natural curiosity, and that’s true
of all my colleagues who are joining the
National Cyber Force. They come from
all kinds of backgrounds. You have deep
technical experts at the heart of it all,
as well as a former supermarket branch
manager, a primary school teacher and
a fire fighter. The one thing we all have in
common is an open mind, a hunger to
learn and a shared goal of keeping the
country safe – seeing both the threats
and opportunities for national security
from emerging technology.
As a police officer I was immensely

proud to help people on a personal
level. Today, as part of this unique team
at the National Cyber Force, I’m part of
a force for good on a global scale.
111
Delivering Our Ambition
190. This strategy will mean nothing 192. All ministers play a role in ensuring
without a rigorous approach to that the UK cements its position as
implementing its objectives, monitoring a responsible and democratic cyber
and evaluating progress against them, power, able to protect and promote its
and having the mechanisms to adjust interests in and through cyberspace.
course where necessary. This chapter This list includes specific sets of
sets out our approach to delivery. responsibilities for ministers in leading
roles, either for implementing or
Roles and responsibilities coordinating one or more of the five
pillars of our National Cyber Strategy or
across Government overseeing our most important cyber
191. The National Cyber Strategy will capabilities and decisions.
be one of the sub‑strategies that will
• The Chancellor of the Duchy
collectively deliver the ambitions of
of Lancaster, supported by the
the Integrated Review. The National
Paymaster General, provides overall
Security Council will exercise ministerial
leadership across departments to
oversight of these strategies, monitoring
ensure an effective government
implementation and considering the
response to cyber threats, and
overall balance and direction of UK
fulfilment of our ambitions as a
strategy. Progress against the objectives
cyber power. This includes the
of the strategy will also be assessed
development and implementation
via the Government Planning and
of the National Cyber Strategy, the
Performance Framework and Outcome
supporting programme of investment
Delivery Plans.
and coordination of the government’s
efforts on cyber resilience. They also
have overall cross‑sector policy and
coordination responsibility for the

cyber security and resilience of the • The Secretary of State for Foreign,
UK’s critical national infrastructure. Commonwealth and Development
The Chancellor of the Duchy of Affairs and the Secretary of State
Lancaster is the default chair for for Defence have responsibility
ministerial COBR meetings on cyber for the National Cyber Force, as a
incidents, when these are necessary. joint endeavour between defence
and intelligence.
• The Secretary of State for the
Home Department has a key • The Secretary of State for Digital,
role in the delivery of the National Culture, Media and Sport leads on
Cyber Strategy as a whole, and the cyber security of organisations
in the response to cyber incidents in the wider economy as it relates
in line with their responsibilities for to digital policy, and the relevant
homeland security. They lead the growth, innovation and skills aspects
government’s work to detect, disrupt of the National Cyber Strategy.
and deter our adversaries alongside They lead the government’s work
the Secretary of State for Foreign, to strengthen the UK’s cyber
Commonwealth and Development ecosystem and to take the lead in
Affairs and the Secretary of State technologies vital to cyber power.
for Defence and provide overall
coordination of that work. They • Ministers of all Lead Government
also have specific responsibility to Departments for critical national
counter cyber crime. infrastructure have responsibility
for the cyber security and resilience
• The Secretary of State for Foreign, policy for their sectors.
Commonwealth and Development
Affairs has statutory responsibility • All ministers should provide
for GCHQ and thus for the National oversight of the cyber security
Cyber Security Centre. They lead of their departments and
the government’s work to advance implementation of appropriate
UK global leadership on cyber and mitigations. Where a department
have specific responsibility for the oversees an element of the public or
cyber attribution process, cyber private sector (for example DLUHC
sanctions regime and international and local government or DEFRA
engagement for high category and the water companies) they are
cyber incidents. They also lead the responsible for the cyber policy
government’s work to detect, disrupt and assurance activities relating
and deter our adversaries alongside to that sector.
the Secretary of State for the Home
193. The Deputy National Security
Department and the Secretary of
Adviser for Intelligence, Security and
State for Defence.
Resilience is the Senior Responsible
• The Secretary of State for Defence Owner for the strategy and will lead
leads the government’s work delivery across government at official
to detect, disrupt and deter our level, supported by the relevant senior
adversaries alongside the Secretary officials across departments.
of State for Foreign, Commonwealth
and Development Affairs and
the Secretary of State for the
Home Department.
113
National Cyber Strategy
Ministerial Responsibilities
Prime Minister
Chancellor All
Digital Foreign Defence Home Secretaries
of the Duchy
Secretary Secretary Secretary Secretary of State
of Lancaster*
Coordination and leadership of the strategic pillars
Ecosystem
Resilience
Risk oversight
Technology and supporting
policy reforms
Global
Leadership
Countering
Threat
Operations and delivery support across the strategy
National Cyber
Security Centre
National Crime
Agency
*provides overall leadership across departments to ensure an effective government

response to cyber threats, and fulfilment of our ambitions as a cyber power.

Investing in our cyber power 196. This performance framework will:
194. The government will be investing • Provide a clear pathway of how

£2.6 billion in cyber and legacy IT over activities will lead to the various
the next three years. This is in addition objectives outlined in the strategy
to significant investment in the National • Ensure accountability for the delivery
Cyber Force. It includes a £114 million of the strategy
increase in the National Cyber Security
Programme with annual spending • Provide transparency on the
on capability built under the 2016 progress the country is making
strategy moved under departmental towards the goals set out
management and put on a permanent in the strategy
footing. International programmes will
• Illustrate how activity needs to adapt
be delivered via the Conflict, Stability
to bring it in line with the strategy
and Security Fund (CSSF) to assist
partner countries, build their cyber • Understand what activities are
resilience and counter cyber threats. effective in achieving strategic
This is alongside increases in investment ambitions, so that these lessons can
also announced in R&D, intelligence, be applied in the future
defence, innovation, infrastructure and
skills, all of which will contribute in part • Provide a holistic view of activity
to the UK’s cyber power.37 across the five pillars, reducing
duplication and identifying strengths
Measuring success and weaknesses within the
country’s cyber power
195. The strategy will be governed by
a continuously evolving performance • Ensure the strategy is
framework that reports to senior providing cyber support to all
responsible officials and the National sections of society
Security Council. The framework
will be used to inform discussions
with parliamentary and other bodies
that oversee the national security
community’s work. Consistent with
the approach of the National Cyber
Security Strategy 2016-2021, it will
not be a public document due to the
sensitive information contained but
the government will publish annual
progress reports.
37
HM Treasury, Autumn Budget and Spending Review 2021 (2021)
115
Next steps
197. This strategy is intended as a
guide for action, not only for those in
government who have responsibility
for cyber and the wide range of other
related policies (see Annex A) but also
for every person and organisation across
the whole of our society with an interest
in and responsibility for our national
cyber effort. It is also the beginning of a
conversation that we want to continue,
to ensure our objectives and priorities
remain relevant over the next five to
ten years. We will use the publication
of this strategy as a platform for further
engagement with the public, private and
third sectors across the UK and invite
direct feedback to ukcyberstrategy@
cabinetoffice.gov.uk. We will report back
annually on the progress we are making
to implement this strategy.

117
Annex A: Cyber as part
of the government’s
wider agenda
The National Cyber Strategy is intended developed through our education
to support and amplify a range of other and skills system and our national
priorities for the Government across approach to digital and technology
security, defence, foreign policy and our industrial policy, research and business
economic agenda. In turn, this strategy growth. Key relevant strategies
will rely on the broader capabilities and plans include:

• The Integrated Review, including • The National AI Strategy, which
national efforts to improve resilience, aims to prepare the UK for the
tackle state threats, serious coming transformative decade in AI
organised crime and terrorism, by investing in the long‑term needs
sustain our strategic advantage of the AI ecosystem, supporting
through science and technology and the transition to an AI‑enabled
shape the international order economy, and ensuring the UK
gets the national and international
• The National Data Strategy, which governance of AI technologies right.
sets out our vision to harness the This also includes measures to
power of responsible data use support cyber‑secure innovation in
to boost productivity, create new AI‑enabled systems while protecting
businesses and jobs, improve public the public and building trust in its use
services, support a fairer society, and
drive scientific discovery, positioning • The forthcoming National
the UK as the forerunner of the next Resilience Strategy, which will in
wave of innovation.This includes part focus on how the UK will stay
transforming the government’s use of on top of technological threats and
data to drive efficiency and improve remain resilient in cyberspace
public services by addressing
barriers to data sharing between • The forthcoming Digital Strategy,
departments and improving the which will set out a clear vision
quality of the data they hold. This will of the government’s ambitions
be essential in supporting our cyber to harness new appetite for
agenda such as ensuring we are digital transformation, accelerate
able to collate and use good quality growth, and continue to build a
data on cyber incidents more inclusive, competitive and
innovative digital economy for the
• The plan for growth, which is future;which will build on DCMS’s
helping us to Build Back Better Ten Tech Priorities to further set
through additional support and out the government’s ambitions in
investment for infrastructure, skills the digital sector
and innovation and the Innovation
Strategy, which sets our ambitions • The Net Zero Strategy, ensuring our
for an innovation‑led economy prosperous, innovation‑led economy
is a low carbon one
• The Plan for Digital Regulation,
which sets out our pro‑innovation • The Beating Crime Plan, which
approach to regulating digital sets out how we will restore
technologies in a way that confidence in the criminal justice
drives prosperity and builds system and deliver our shared vision
trust in their use of a safer Britain with less crime
and fewer victims38
38
Home Office, Beating Crime Plan (2021)
119
Directly supporting the National Cyber
Strategy are two further publications
that set out how individual parts of the
strategy will be met.
• The forthcoming Government

Cyber Security Strategy, which
will set out more detailed plans for
improving the security of government
and the public sector, in support of
this national strategy
• The forthcoming Incentives &
Regulations Review 2021, which
will set out our findings on how
effective our work to incentivise
improvements in cyber security
within the wider economy have been,
and how we propose to implement
the business and organisational
elements of the resilience pillar

Annex B: NIS Regulations
– National Strategy
Introduction
NIS National Strategy 6. It applies to sectors which are vital
for our economy and society and
1. The National Cyber Strategy is which rely heavily on network and
designated as the UK’s national strategy information systems; energy, transport,
for the purposes of Regulation 2 of the drinking water, healthcare and digital
UK Network and Information Systems infrastructure.
(NIS) Regulations 2018.
7. Key digital service providers (search
2. This annex provides further engines, cloud computing services and
information including: online marketplaces) are also covered.
• the roles and responsibilities of 8. The NIS Regulations establish:

key authorities responsible for NIS
implementation in the UK; and • a national framework to support
the implementation, including a
• a list of the key authorities involved. national strategy;
UK NIS Regulations • sector‑specific competent

authorities acting as regulators;
3. In 2016, the European Commission
agreed a Directive with the aim of • the National Cyber Security
increasing the security of Network Centre (NCSC) as the Single
and Information Systems within Point of Contact (SPOC) and
the European Union (EU). This was Computer Security Incident
supported by the UK Government. Response Team (CSIRT).
4. On 20 April 2018, the Government 9. Progress is assessed through

laid the new Network and Information Post‑Implementation Reviews
Systems (NIS) Regulations 2018 in every 2‑5 years.
Parliament. These Regulations came
into force on 10 May 2018.
5. The NIS Regulations established a

new regulatory regime within the UK
that requires designated operators of
essential services (OESs) and relevant
digital service providers (RDSPs) to put
in place technical and organisational
measures to secure their network and
information systems.
121
Key roles and Computer Security Incident
responsibilities Response Team (CSIRT)
13. The National Cyber Security Centre
National Framework
is the UK’s CSIRT. It is responsible for
10. The Cabinet Office is responsible monitoring cyber security incidents
for the National Cyber Strategy, which at a national level; providing real‑time
comprises the NIS National Strategy. threat analysis, defence against national
The Cabinet Office also has overall cyber‑attacks, technical advice, and
responsibility for improving the security response to major cyber incidents to
and resilience of critical national help minimise harm.
infrastructure.
14. NCSC maintains the
11. The Department for Digital, outcome‑based Cyber Assessment
Culture, Media and Sport (DCMS) Framework (CAF) and provides
is responsible for the overall extensive guidance on cyber security
implementation of the NIS Regulations, matters as National Technical Authority.
including co‑ordinating the relevant
authorities and NCSC. DCMS Competent Authorities
issues guidance for competent
15. These are responsible for
authorities to support wider NIS
oversight and enforcement of the NIS
implementation across the UK.
Regulations in their sectors, designating
and assessing the compliance of OESs
Single Point of Contact (SPOC)
and RDSPs to the requirements of the
12. The national contact point NIS Regulations. They are set out in
for engagement with international Schedule 1 of the NIS Regulations and a
[EU] partners on NIS, coordinating list is provided in section 3.
requests for action or information and
submitting annual incident statistics.
The National Cyber Security Centre
is the UK’s SPOC.

Operators of Essential Services Other relevant authorities:
(OESs) and Relevant Digital
18. The UK Government works closely
Service Providers (RDSPs) with the Devolved Administrations and
16. OESs or RDSPs which meet the other relevant authorities, including
designation thresholds for that sector, Lead Government Departments, on the
or have been designated by the relevant implementation of the NIS Regulations.
authority under Regulation 8(3) of the
19. The Centre for the Protection
NIS Regulations, must comply with the
of the National Infrastructure (CPNI)
requirements of the NIS Regulations.
provides advice on related physical and
17. These involve: personnel security.
• taking appropriate and proportionate

technical and organisational
measures to manage risks posed
to the security of the network and
information systems;
• taking appropriate and proportionate
measures to prevent and minimise
the impact of incidents affecting
the security of the network and
information systems;
• notifying the relevant competent
authority about any incident
which has a substantial impact on
their services;
• meeting the inspection requirements
under the NIS Regulations; and
• complying with information,
enforcement, and penalty notices.
• RDSPs are also required to
register with the ICO.
123
List of key authorities for NIS implementation
National Authorities
UK NIS Regulations Department for Digital, Culture, Media and Sport

UK National Cyber Strategy Cabinet Office
UK Single Point of Contact (SPOC) National Cyber Security Centre
UK Computer Security Incident National Cyber Security Centre
Response Team (CSIRT)
Competent Authorities
Sector Subsector England Wales Scotland Northern
Ireland
Energy Electricity Joint: Department for Business, Energy, and Department of
Industrial Strategy and the Gas and Electricity Finance
Markets Authority (Ofgem)
Oil Department for Business, Energy, and Department of
Industrial Strategy Finance
Gas Joint: Department for Business, Energy, and Department of
Industrial Strategy and the Gas and Electricity Finance
Markets Authority (Ofgem)39
Transport Air Joint: Department for Transport and The Civil Aviation
Authority (CAA)
Rail Department for Transport Department of
Finance
Water Department for Transport
Road Department for Transport Scottish Department of
Ministers Finance
Healthcare Healthcare Department of Welsh Scottish Department of
settings Health and Ministers Ministers Finance
Social Care
Drinking Drinking Department Welsh Drinking Department of
Water Water for Ministers Water Quality Finance
Environment, Regulator for
Food and Scotland
Rural Affairs
Digital Digital Office of Communication (Ofcom)
Infrastructure Infrastructure
39
For certain exceptions the Department for Business, Energy, and Industrial Strategy is the sole
Competent Authority. For further detail see Schedule 1 and 2 of the Network and Information Systems
Regulations 2018.

Annex C: Glossary
Action Fraud – the reporting centre for COBR – Cabinet Office Briefing Rooms.
fraud and cyber crime where citizens The UK central government response
and organisations should report fraud to emergencies is underpinned through
if they have been scammed, defrauded use of COBR; the physical location,
or experienced cyber crime in England, usually in Westminster, from which the
Wales and Northern Ireland. In Scotland, central response is activated, monitored
reports go to Police Scotland. and co-ordinated and which provides
a focal point for the government’s
Active Cyber Defence (ACD) – response and an authoritative source of
helps organisations to find and fix advice for local responders.
vulnerabilities, manage incidents or
automate disruption of cyber-attacks. Competent Authorities – regulatory
Some services are designed primarily bodies as described in the Network and
for the public sector, whereas others are Information Systems (NIS) Regulations
made available more broadly to private 2018. There are multiple competent
sector or citizens, depending on their authorities responsible for different
applicability and viability. sectors covered by NIS.
Artificial Intelligence – a technology in Connected Places – a community

which a computing system is coded to that integrates information and
‘‘think for itself’, adapting and operating communication technologies and IoT
autonomously. AI is increasingly used devices to collect and analyse data
in more complex tasks, such as to deliver new services to the built
medical diagnosis, drug discovery, and environment, and enhance the quality of
predictive maintenance. living for citizens.
Authentication – the process of Critical National Infrastructure – Those

verifying the identity, or other attributes critical elements of infrastructure (namely
of a user, process or device. assets, facilities, systems, networks or
processes and the essential workers
Autonomous System – a collection that operate and facilitate them), the loss
of IP networks for which the routing or compromise of which could result in:
is under the control of a specific
entity or domain. a. major detrimental impact on the
availability, integrity or delivery
Blockchain Technology – a particular of essential services – including
way of storing data. A blockchain is those services whose integrity,
an example of a distributed ledger – a if compromised, could result
type of append-only, tamper-proof in significant loss of life or
storage technology. casualties – taking into account
significant economic or social
impacts; and/or
125
b. significant impact on national Cyber Incident – an occurrence that
security, national defence, or the actually or potentially poses a threat to
functioning of the state. a computer, internet-connected device,
or network – or data processed, stored,
Crypt-Key (CK) – the term used to or transmitted on those systems –
describe the UK’s use of cryptography which may require a response action to
to protect the critical information and mitigate the consequences.
services on which the UK government,
military and national security community Cyber Resilience – The overall ability of
rely, including from attack by our most systems, organisations and citizens to
capable adversaries. withstand cyber events and, where harm
is caused, recover from them.
Cryptocurrency – a digital currency and
payment system, e.g. Bitcoin. Cyber Risk – The potential that a
given cyber threat will exploit the
Cryptography – the science or study vulnerabilities of an information system
of analysing and deciphering codes and and cause harm.
ciphers; cryptanalysis.
Cyber Security – The protection of
Cyber Assessment Framework internet-connected systems (to include
(CAF) – provides a systematic and hardware, software and associated
comprehensive approach to assessing infrastructure), the data on them,
the extent to which cyber risks to and the services they provide, from
essential functions are being managed unauthorised access, harm or misuse.
by the organisation responsible. This includes harm caused intentionally
by the operator of the system, or
Cyber Attack – deliberate
accidentally, as a result of failing to
exploitation of computer systems,
follow security procedures or being
digitally-dependent enterprises and
manipulated into doing so.
networks to cause harm.
Cyber Security Body of Knowledge
Cyber crime – cyber-dependent
(CyBOK) – A unique resource, providing
crime (crimes that can only be added]
for the first time an underpinning body of
committed through the use of ICT
knowledge encompassing the breadth
devices, where the devices are both the
and depth of cyber security, showing
tool for committing the crime and the
that cyber security encompasses a wide
target of the crime); or cyber–enabled
range of disciplines.
crime (crimes that may be committed
without ICT devices, like financial fraud, Cyber Threat – anything capable of
but are changed significantly by use of compromising the security of, or causing
ICT in terms of scale and reach). harm to, information systems and
internet connected devices (to include
Cyber ecosystem – the totality of
hardware, software and associated
interconnected infrastructure, persons,
infrastructure), the data on them and
processes, data, information and
the services they provide, primarily
communications technologies, along
by cyber means.
with the environment and conditions that
influence those interactions.

Data Breach – the unauthorised Government Cyber Coordination
movement or disclosure of information Centre (GCCC) – Proposed joint
on a network to a party who is not venture between GSG, CDDO and
authorised to have access to, or see, NCSC bringing together their respective
the information. functions and areas of expertise to
better coordinate operational cyber
Domain – a domain name locates security efforts across government,
an organisation or other entity on the transform how cyber security data
Internet and corresponds to an Internet and threat intelligence is used across
Protocol (IP) address. government and truly enhance
government’s ability to ‘defend as one’.
Devolved government or devolved
administration – The separate Horizon-scanning – a systematic
legislatures and executives in Scotland, examination of information to identify
Wales and Northern Ireland following potential threats, risks, emerging issues
devolution, responsible for many and opportunities allowing for better
domestic policy issues with the power to preparedness and the incorporation
make laws for these areas. of mitigation and exploitation into the
policy-making process.
Digital Twin – a virtual replica or
representation of assets, processes, ICANN – Internet Corporation for
systems, or institutions in the built, Assigned Names and Numbers.
societal, or natural environments that It coordinates website names
provides insight into how complex and IP addresses.
physical assets and citizens behave,
helping organisations improve decision- Incident Management – the
making and optimise processes. management and coordination of
Changes in the real world are reflected in activities to investigate, and remediate,
the twin, and changes in the twin can be an actual or potential occurrence
replicated automatically in the real world. of an adverse cyber event that may
compromise or cause harm to a
Five Eyes – Five Eyes is the name system or network.
of the intelligence alliance between
the USA, UK, Canada, Australia and Incident Response – the activities that
New Zealand which helps share address the short-term, direct effects
information to keep its citizens as safe of an incident, and may also support
as possible from threats. short-term recovery.
GCHQ – Government Communications Industrial Control System (ICS) –

Headquarters; the centre for the an information system used to
Government’s signals intelligence control industrial processes, such
activities and Cyber National Technical as manufacturing, product handling,
Authority (NTA). production and distribution, or to control
infrastructure assets.
GFCE –Global Forum on
Cyber Expertise.
127
Integrated Review – ‘Global Britain in a National Cyber Security Centre
Competitive Age, the Integrated Review (NCSC) – the UK’s technical authority
of Security, Defence, Development for cyber threats, providing a unified
and Foreign Policy’, describes the national response to cyber incidents to
government’s vision for the UK’s role in minimise harm, helping with recovery
the world over the next decade and the and learning lessons for the future.
action government will take to 2025.
Network and Information Systems
Integrity – in information (NIS) Regulations 2018 – UK
security, integrity means that regulations that provide legal measures
information has not been changed to boost the level of security (both cyber
accidentally, or deliberately, and is & physical resilience) of network and
accurate and complete. information systems for the provision of
essential services and digital services.
Internet – a global computer network,
providing a variety of information and OECD – The Organisation for
communication facilities, consisting Economic Co-operation and
of interconnected networks using Development, an intergovernmental
standardised communication protocols. economic organisation.
Internet of Things – the totality of Offensive Cyber – adding, deleting

devices, vehicles, buildings and other or manipulating data on systems or
items embedded with electronics, networks to deliver a physical, virtual
software and sensors that communicate or cognitive effect. Offensive cyber
and exchange data over the Internet. operations often exploit technical
vulnerabilities, use systems or networks
Legacy IT – Legacy IT refers to systems in ways that their owners and operators
and their component software and would not intend or condone, and may
hardware that are outside of vendor rely on deception or misrepresentation.
support, on extended support and/or on
bespoke support arrangements Operational Technologies (OT) –
combine hardware and software to
Managed Service Providers – third monitor, control and automate physical
parties that provide a set of defined processes, particularly in industrial
services to a customer and assume the sectors such as energy, manufacturing,
responsibility of running, maintaining, water, and transport.
and securing those services.
Operators of Essential Services –
Microgeneration – the small-scale organisations within vital sectors which
generation of energy by households, rely heavily on information networks,
small businesses and communities. for example utilities, healthcare,
transport, and digital infrastructure
NATO – North Atlantic
sectors as identified by the criteria in the
Treaty Organisation.
Network and Information Systems (NIS)
NCA – National Crime Agency. Regulations 2018.

Plan for Digital Regulation – sets out
the government’s overall approach for
governing digital technologies in order to
drive growth and innovation.
Quantum Technologies – Quantum

technology relies on the principles
of quantum physics. The advancing
understanding and control of what
are known as ‘quantum effects’ such
as superposition and entanglement
will lead to a new wave of advances
that will underpin our economy and
society: sensing, data transmission and
encryption, timing and computing.
Ransomware – malicious software

that denies the user access to their
files, computer or device until a
ransom is paid.
Secure by Design – software, hardware

and systems that have been designed
from the ground up to be secure.
Vulnerability – bugs in software

programs that have the potential to be
exploited by attackers.
Vulnerability Reporting Service –

A mechanism through which an
organisation can be alerted to
security flaws before they are
exploited by attackers.
129

National Cybersecurity Strategy 2022 For UK

Uploaded by

Copyright:

Available Formats

You might also like

National Cybersecurity Strategy 2022 For UK

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

National Cybersecurity Strategy 2022 For UK

Uploaded by

Copyright:

Available Formats

National

Our National Response 32

Pillar 3: Technology Advantage  78

Pillar 4: Global Leadership 90

Pillar 5: Countering Threats 98

Delivering Our Ambition  112

6 National Cyber Strategy

Annex C: Glossary 125

8 National Cyber Strategy

As a government, we have committed As a society, cyber is for everyone.

The creation of the National Cyber Force

10 National Cyber Strategy

• Pillar 3: Taking the lead in the

Pillars and objectives

1. Improve the 2. Prevent and resist 3. Strengthen resilience

1. Improve our ability to 2. Foster and sustain 2a. Preserve a robust

14 National Cyber Strategy

1. Detect, investigate 2. Deter and disrupt 3. Take action in and

Supporting national goals

Security and resilience Science and Tech Superpower

Economic prosperity Shaping the international order

16 National Cyber Strategy

11. Cyberspace also transcends

18 National Cyber Strategy

THE EXPERIENCE OF CYBERSPACE

20 National Cyber Strategy

22 National Cyber Strategy

24 National Cyber Strategy

26 National Cyber Strategy

28 National Cyber Strategy

30 National Cyber Strategy

32 National Cyber Strategy

34 National Cyber Strategy

36 National Cyber Strategy

38 National Cyber Strategy

40 National Cyber Strategy

• Countering threats from terrorists,

42 National Cyber Strategy

44 National Cyber Strategy

46 National Cyber Strategy

48 National Cyber Strategy

67. A more inclusive and strategic

50 National Cyber Strategy

Ciara is also the manager of

“Scotland’s Cyber Cluster has played a

1 Bristol and Bath Cyber

4 CyNam (Cyber Cheltenham)

5 East of England Cyber Security Cluster

8 South West Cyber Security Cluster

9 Yorkshire Cyber Security Cluster

10 NI Cyber (Northern Ireland)

11 North West Cyber Security Cluster

12 West of England Cyber Cluster

Academic Centre of Excellence GCHQ / NCSC site

Change Academic Centre of Devolved Authority Organisations

The Business Resilience The Cyber Resilience The Cyber Resilience

The North West Cyber The South West Cyber

The Cyber Resilience Centre The Cyber Resilience

Our National Response 32

Pillar 3: Technology Advantage 78

Pillar 4: Global Leadership 90

Pillar 5: Countering Threats 98

Delivering Our Ambition 112

Annex C: Glossary 125