UK Gov Admits Cyber Policy FAILED!

At least they are admitting it. DoD is already doing part of this; the UK is going all in.

In an unusually candid admission, the UK government acknowledged that its years-long approach to its own cybersecurity was flawed and warned it will be impossible to meet a previous target of securing all government organizations by 2030.

They have presented a new Government Cyber Action Plan. If approved, this will be a major reset of UK government policy.

The “new” approach moves away from nonbinding guidance to a more mandatory model for cybersecurity – like DoD’s CMMC. Except the UK’s plan also impacts government agencies. Like CMMC, it will add new contractual requirements for strategic suppliers in addition.

They also propose to respond to the people who laughed out loud about the UK government’s 2023 proposed pay scale for cybersecurity talent with a new Government Cyber Profession to attract new talent.

The announcement came on the same day that the government’s Cybersecurity and Resilience Bill started being debated. That bill does not require the public security to implement any security practices – a bit of an oversight. This puts them at odds with the EU’s NIS2 which does include the public sector.

According to the new plan, senior leaders in government will be responsible for cyber outcomes, but the details are, shall we say, a bit light.

Last year the UK’s GCHQ (their NSA) said the government was basically losing the war with four times as many attacks in the last year than the year before.

The action plan says a big part of the UK government’s problem is reliance on legacy technology (like the US government’s reliance on systems implemented in the 1970s). This is what is known as technical debt.

The UK’s problem is no different than ours. MAYBE, just maybe, they are starting to look at it as a national security problem.

As we should as well.

Credit: The Record

by