The future of the UK’s security and prosperity rests on digital foundations. The challenge of our generation is to build a flourishing digital society that is both resilient to cyber threats, and equipped with the knowledge and capabilities required to maximise opportunities and manage risks.

We are critically dependent on the Internet. However, it is inherently insecure and there will always be attempts to exploit weaknesses to launch cyber attacks. This threat cannot be eliminated completely, but the risk can be greatly reduced to a level that allows society to continue to prosper, and benefit from the huge opportunities that digital technology brings.

The 2011 National Cyber Security Strategy, underpinned by the British Government’s £860m National Cyber Security Programme, has delivered substantial improvements to UK cyber security. It achieved important outcomes by looking to the market to drive secure cyber behaviours. But this approach has not achieved the scale and pace of change required to stay ahead of the fast moving threat. We now need to go further.

Our vision for 2021 is that the UK is secure and resilient to cyber threats, prosperous and confident in the digital world.

To realise this vision we will work to achieve the following objectives:

• DEFEND We have the means to defend the UK against evolving cyber threats, to respond effectively to incidents, to ensure UK networks, data and systems are protected and resilient. Citizens, businesses and the public sector have the knowledge and ability to defend themselves.
• DETER The UK will be a hard target for all forms of aggression in cyberspace. We detect, understand, investigate and disrupt hostile action taken against us, pursuing and prosecuting offenders. We have the means to take offensive action in cyberspace, should we choose to do so.
• DEVELOP We have an innovative, growing cyber security industry, underpinned by worldleading scientific research and development. We have a self-sustaining pipeline of talent providing the skills to meet our national needs across the public and private sectors. Our cutting-edge analysis and expertise will enable the UK to meet and overcome future threats and challenges.

Underpinning these objectives, we will pursue INTERNATIONAL ACTION and exert our influence by investing in partnerships that shape the global evolution of cyberspace in a manner that advances our wider economic and security interests. We will deepen existing links with our closest international partners, recognising that this enhances our collective security. We will also develop relationships with new partners to build their levels of cyber security and protect UK interests overseas. We will do this both bilaterally and multilaterally, including through the EU, NATO and the UN. We will deliver clear messages about consequences to adversaries who threaten to harm our interests, or those of our allies, in cyberspace.

To achieve these outcomes over the next five years, the UK Government intends to intervene more actively and use increased investment, while continuing to support market forces to raise cyber security standards across the UK. The UK Government, in partnership with the Devolved Administrations of Scotland, Wales and Northern Ireland, will work with the private and public sectors to ensure that individuals, businesses and organisations adopt the behaviours required to stay safe on the Internet. We will have measures in place to intervene (where necessary and within the scope of our powers) to drive improvements that are in the national interest, particularly in relation to the cyber security of our critical national infrastructure.

The UK Government will draw on its capabilities and those of industry to develop and apply active cyber defence measures to significantly enhance the levels of cyber security across UK networks. These measures include minimising the most common forms of phishing attacks, filtering known bad IP addresses, and actively blocking malicious online activity. Improvements in basic cyber security will raise the UK’s resilience to the most commonly deployed cyber threats.

We have created a National Cyber Security Centre (NCSC) to be the authority on the UK’s cyber security environment, sharing knowledge, addressing systemic vulnerabilties and providing leadership on key national cyber security issues.

We will ensure that our Armed Forces are resilient and have the strong cyber defences they need to secure and defend their networks and platforms, continuing to operate and retaining global freedom of manoeuvre despite cyber threats. Our military Cyber Security Operations Centre will work closely with the NCSC and we will ensure that the Armed Forces can assist in the event of a significant national cyber attack.

We will have the means to respond to cyber attacks in the same way as we respond to any other attack, using whichever capability is most appropriate, including an offensive cyber capability.

We will use the authority and influence of the UK Government to invest in programmes to address the shortage of cyber security skills in the UK, from schools to universities and across the workforce.

We will launch two new cyber innovation centres to drive the development of cutting-edge cyber products and dynamic new cyber security companies. We will also allocate a proportion of the £165m Defence and Cyber Innovation Fund to support innovative procurement in defence and security.

We will invest a total of £1.9 billion over the next five years to transform significantly the UK’s cyber security.

GBR0005s