Government unveils national cyber strategy in bid to protect UK from hostile states and ransomware plots

The government is set to announce its new National Cyber Strategy aimed, it says, at protecting the country from attacks by hostile states and organised crime, while projecting “Global Britain” as a “world leader” in the field.

The programme, funded by £2.6bn allocated in the spending review, will carry out offensive operations against countries carrying out malign cyber activities and pursue criminals who are using the internet for ransomware plots to loot vast sums of money.

The new strategy has been presented as it is claimed that hackers, believed to be Chinese, have “fully weaponised” software vulnerability which is causing “mayhem on the web” through exploiting a flaw, Log4Shell, which allows them to steal data and plant malware.

Some of the world’s largest tech companies, including Microsoft, Cisco, IBM and Google, as well as state agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) in the US, have found some of their servers to be vulnerable. According to security firms, 37 per cent of the UK’s corporate sector has been targeted with illicit scans taking place to find weaknesses in their systems.

British officials in the cybersecurity field acknowledge, however, that bringing the hackers to justice is hugely problematic as they are often based in foreign jurisdictions and sponsored and protected at times by intelligence agencies.

The government declared that the new strategy “sets out how the UK will solidify its position as a global cyber power”. This is the first major milestone following the publication of the government’s Integrated Review earlier this year.

Measures put in place over the last five years have seen a rapid growth in the UK cybersecurity sector, with 1,400 businesses generating £8.9bn in revenue last year and creating 46.700 jobs, with significant investment from abroad.

The government is investing in the Cyber Runway scheme, which is helping 107 innovators develop their businesses, with the majority of member companies outside of London and the southeast, 45 per cent led by women and 52 per cent run by founders from black and minority ethnic groups.

“Funding for these growth and skills programmes will be reoriented away from large, often London-based initiatives to a regionally delivered model which will mean more jobs and better opportunities for people across the UK”, said the government.

A significant proportion of the investment, says the strategy papers, will be in the north in the former Labour ‘Red Wall’ seats taken by the Conservative Party.

Internationally, there will be particular focus on India, the Indo-Pacific and Africa, to strengthen alliances against “digital authoritarianism” and organised campaigns by hackers.

Priti Patel, the home secretary, said: “Cybercrime ruins lives and facilitates further crimes such as fraud, stalking, and domestic abuse. Billions of pounds are lost each year to cybercriminals who steal or hold personal data to ransom and who disrupt key public services or vital sectors of the national economy.

“This strategy will significantly improve the government’s response to the ever-changing threat from cybercrime and strengthen law enforcement’s response in partnership with NCSC and the National Cyber Force.”

The chief of strategic command, Gen Patrick Sanders, said: “This strategy builds upon the importance of the cyber domain as outlined in the Integrated Review and sets out a clear vision for how we as a nation will contribute to the UK’s cyber future. As we continue to face threats in cyberspace, it is essential that we continue to adapt, innovate, partner and succeed against evolving aggressive activity.”

Sir Jeremy Fleming, director of GCHQ, stressed the plans will continue building “on the country’s strong foundations in cybersecurity that GCHQ’s work has been part of, particularly through the NCSC”.

He added: “But it goes beyond that. It brings together the full range of cyber activities, from skills to communities, and to the use of offensive cyber capabilities through the newly established National Cyber Force.”