Government looks to boost resilience with new strategy and dedicated leader
Existing initiatives in cybersecurity picked out as shining example of cooperation with commercial sector
The government will create a new head of resilience role to oversee departments’ emergency planning work and improve cross-government working, as part of a new strategy announced by the Cabinet Office.
The strategy, published shortly before Christmas, has been created to help ensure government is better equipped for what is “an increasingly volatile world, defined by… rapid technological change”. The document sets out a range of objectives, including increasing access to expert technological advice and enabling departments to invest in emerging technologies to help address cyberthreats.
The newly appointed head of resilience, meanwhile, will guide best practice, encourage adherence to standards, and set guidance, with the aim of improving transparency and accountability, the Cabinet Office said.
Lead government departments will continue to take responsibility for individual national security risk assessments, with the head of resilience providing leadership for this system.
The government said it will clarify roles and responsibilities across government for each area of risk, but has only set itself a target of 2025 to do this. This review will aim to avoid a repeat of the Covid pandemic, where “treating [it] as a health emergency meant that there was limited planning outside of the healthcare sector”, the framework states.
The head of resilience will complement the existing role of the National Security Advisor. Devolved administrations will retain control over resilience, with the new head of resilience working with them in partnership.
To strengthen accountability, the government has committed to delivering an annual statement to parliament on civil contingencies risk and the UK government’s performance on resilience.
The Cabinet Office said the strategy will make resilience a national endeavour for the first time in what it dubbed a “whole of society” approach.
This is intended to complement existing plans to address specific areas of risk, such as the National Cyber Strategy and the Integrated Review of defence.
“Resilience has long been part of the UK’s approach to national security, but in an increasingly integrated world in which we cannot predict or prevent all of the challenges ahead, we need to refresh our approach – that’s why we are making resilience a national endeavour, so that as a country we are prepared for the next crisis, whatever it may be,” Cabinet Office minister Oliver Dowden said.
The strategy picked out the Cyber Essentials certification scheme run by the National Cyber Security Centre as “an excellent example of the partnership between the UK government and the private sector on risk”.
“Certification provides reassurance for both current and potential customers and enables organisations to better understand their current cyber security status,” it said. “For instance, certification is a requirement for UK government contracts involving the handling of sensitive and personal information. In providing certification, the Cyber Essentials programme also acts as a benchmark for wider good cyber security practice within organisations. We look for further opportunities to build on this type of good practice.
Other measures contained in the plan includes:
- Growing the government’s advisory groups made up of experts, academics and industry experts to inform risk planning and provide external challenge
- Creating a new sub-committee of the National Security Council to specifically consider issues relating to resilience
- Creating a UK Resilience Academy, built out from the Emergency Planning College, to make world class professional training available to all that need it
- Strengthening Local Resilience Forums in England by working across three key pillars of reform – leadership, accountability, and integration of resilience into the UK’s levelling up mission
External supplier brought in to run the rule over government systems as rollout begins of ‘GovAssure’ programme
Incident, which has been linked to Russian ransomware group, has left customers unable to send items overseas
Cyber intelligence unit reveals the government brands most often cited in attempted fraud and hacking
Specialist supplier will support in searching – and then attempting to take advantage of – ‘vulnerabilities and exploitable information’