Government Report Critical Of National Cyber Security Programme

Even though more than 1,100 cyber attacks have been dealt with by the National Cyber Security Centre (NCSC) since its introduction in 2016, a recent Government report has been highly critical of the most recent National Cyber Security Programme, insisting that a lack of robust recorded evidence makes informed decision making extremely difficult.

The report claims that the evidence based used to measure progress is ‘extremely weak.’ Of the strategy’s 12 strategic outcomes, the recent National Cyber Security Programme report claims that they have ‘low confidence’ in completing the aims by the end of the five-year programme in all but one of the strategies.

The report claims the National Cyber Security Programme failed to carry out a ‘lessons learnt’ exercise between the completion of the 2011-2016 programme and the current programme running until 2021.

As cyber crime increases, the report found that the Government’s current efforts to enhance cyber security throughout the economy to better protect consumers has been inadequate.

The report highlighted organisations like British Airways who were hacked last year as an example of the difficulties in regulating cyber security in the various sectors of the economy. However, it has recommended that the department should outline how they intend to measure success in protecting consumers by November 2019.

Meg Hillier MP, Committee Chair, commented:

“With its world-leading digital economy, the UK is more vulnerable than ever before to cyber attacks. As the likelihood of these attacks continues to grow, the UK needs to protect itself against the risks created by more and more services going online.

“We welcome the National Cyber Security Strategy but are concerned that the Programme designed to deliver it is insufficient. As it currently stands, the Strategy is not supported by the robust evidence the Department needs to make informed decisions and accurately measure progress. On top of this, neither the Strategy or the Programme were grounded in business cases – despite being allocated £1.9bn funding.

“Looking longer term, we are disappointed that the Department was not able to give us a clear idea of what the Strategy will deliver by 2021. This does not represent a resilient security strategy.

“In the interest of national security, the Cabinet Office need to take a long-term approach to protecting against the risk of cyber attacks: future plans should be based on strong evidence, business cases should be rigorously-costed to ensure value for money, and strategic outcomes and objectives should be clearly defined.”