The government has made progress against all five pillars of the National Cyber Strategy 2022, according to its annual progress report, published this week.
This is the first annual review of progress since the strategy was launched in December 2021. While it celebrates success in areas such as improving cyber education and skills and building resilience across the public and private sectors, it also says more progress is needed.
The report points out that events such as Russia’s invasion of Ukraine and the rapid development of artificial intelligence highlight the need for continuous improvement in cyber security.
In his ministerial foreword, deputy prime minister Oliver Dowden says: “Vital as it was in 2022, our cyber strategy is now more important than ever.”
The five pillars of the National Cyber Strategy are:
(1) Strengthening the UK cyber ecosystem by investing in people and skills and deepening relations between government, academia and industry
(2) Building resilience in the UK, including by reducing cyber risks
(3) Leading on technologies vital to cyber power and building industrial capability
(4) Advancing UK global leadership and influence in cyber security
(5) Detecting, disrupting and deterring adversaries to enhance UK security
The Annual Progress Report 2022-23 highlights key achievements against all five pillars.
For example, in relation to the first, it states that 2,000 schools, 2,500 teachers and 41,000 young people have been engaged through the Cyber Explorers programme.
It also reports that the cyber sector has generated 5,300 new jobs in the past year, with a 3% increase in total annual revenue to £10.5bn.
It points to the 12,000 small businesses that have used the National Cyber Security Centre’s Cyber Action Plan and the more than 15,000 that have used the “check your cyber security” tool as evidence of enhanced resilience, as per pillar 2.
Addressing progress in the third pillar, the report showcases achievements such as publication of the first App Store Privacy and Security Code of Practice, and the Secure Connected Places Playbook, as well as the launch of the AI Standards hub.
For pillar 4, it references the £7.3m provided in cyber support to Ukraine following Russia’s invasion, in addition to “formal cyber dialogues with more than 10 countries across the world, as well as the EU”.
And in relation to the fifth pillar, the report says the government “took down the GENESIS marketplace”, which was the “go-to service for cyber criminals”, as well as sanctioning seven Russian cyber criminals through coordinated action with the US.
Despite these achievements, the report acknowledges that the strategic context for cyber security has moved on since 2022. This necessitated publication of the Integrated Review Refresh (IR2023), which reaffirms the vision of the National Cyber Strategy while setting out the priorities for the future.
Such priorities include doing more to build the UK’s own resilience and ensuring “we are competing at the front of the pack in the technologies that will define the next decade”.
To achieve this, Dowden says the government will continue to “work with partners to shape a cyberspace that reflects our democratic values, and to use our world-class cyber capabilities to influence the behaviour of adversaries.”
At the same time, the government will continue to address the cyber skills gap and work ever more closely with industry to keep pace with technological change.