The UK’s National Cyber Strategy signals a more ‘proactive’ approach to cyber power

The UK government unveiled its long-awaited National Cyber Strategy yesterday, outlining how it plans to improve the resilience of UK institutions and businesses while protecting the country’s interests in ‘cyberspace’. The strategy signals a more interventionist stance from the government, experts told Tech Monitor, which has previously looked to the private sector for leadership. Its commitment to a ‘whole of society’ approach, meanwhile, risks overlooking the need for more diverse perspectives in the cybersecurity workforce.”

I added my quick two cents to a Tech Monitor article on the UK National Cyber Strategy 2022, which can be found here.

Then I provided a more detailed breakdown of the strategy for CircleID…

The 2016 UK Cyber Security Strategy was largely focused on deeper involvement by the government across a broad range of activities, including building cyber offensive capabilities, skills development across key sectors, enhancing coordination and incident response (including the creation of the National Cyber Security Center), promoting innovation, and incubating the UK cyber commercial sector. The 2022 strategy seeks to sustain and build upon the progress from 2016, but taking a ‘cyber ecosystem’ approach that integrates a broader range of stakeholder groups across society in developing cyber risk responses. Think of it as an acknowledgment that cyber security issues are so broad, complex and interlinked that they need to be knitted into the very fabric of national policymaking, including education strategy, regulatory/legal reform, foreign policy, and industrial policy, among others.

The government has come to terms with the fact that it doesn’t have the resources or the depth of skills to tackle all the UK’s cyber-related problems on its own and that private-sector leadership won’t necessarily achieve the desired outcomes. The 2022 Cyber Security Strategy signals the government’s intention to carve out key roles—coordinator, convener, and enabler—in the UK’s cyber ecosystem. The 2016 National Cyber Security Strategy received heavy criticism from the Public Accounts Committee, which maintained there was a lack of evidence and no solid business case to justify the £1.9 billion funding it received—making it nearly impossible to measure success. The ‘whole of society’ approach outlined in the 2022 document illustrates a deeper understanding of cyber issues and brings together the full range of cyber activities domestically and internationally into a seemingly cohesive vision with more measurable outcomes and outputs […]

Feel free to view the entire blog article on the CircleID website.

Five Cybersecurity Takeaways from the ARIN 48 Keynote and Panel

“During the Q&A, Harper also pointed out that the European Union Agency for Cybersecurity (ENISA) has adopted a cybersecurity certification framework where certain Internet of Things (IoT) devices must be validated from a privacy and security perspective, and said the US is working on a similar initiative.”

Insecure IoT devices continue to be major contributors to Internet (in)security, particularly with regards to increasing attack vectors for enterprises, distributed denial of service (DDoS), critical infrastructure (CI) resilience, and personal data protection, among other risk areas.

ENISA is doing some great work with their Guidelines for Securing the IoT Supply Chain, Cybersecurity Certification Framework, Risk Assessment Tool for IoT, and the Good Practice for Connected Cars.

Still, there’s a lot more to be done through increased stakeholder collaboration. I definitely have time for these types of initiatives!

Caribbean Security & Resilience Awards Winners Announced

The winners of the 2021 Caribbean Security & Resilience Awards have been announced!

Congratulations to the other award recipients:

  1. Peter Bäckman (Dominican Republic)
  2. Kwailan M. Bridgewater (Trinidad & Tobago)
  3. Lysandra Capella (Curacao)
  4. Rosa Damaris Diaz de Tejada (Dominican Republic)
  5. Gavin Dennis (Jamaica)
  6. David Gittens (Barbados)
  7. Stevez Gomes (British Virgin Islands)
  8. Garth Gray (Jamaica)
  9. Norval West (Jamaica)

I was quite surprised to be recognised for my contributions, and deeply humbled to be in such esteemed company.

Thank you all for what you do day in and day out to keep the Caribbean region #cybersecure!!!!

The official announcement on the International Security Journal’s website can be found here.