New national cyber strategy aimed at protecting UK against ransomware attacks

The UK Government has unveiled a new national cyber strategy aimed at increasing internet security and protecting against the kind of so-called ransomware attacks that emanate out of countries such as Russia and China.

As part of the strategy, which is focused in part on developing technologies and creating jobs, the government is calling on all parts of society to help reinforce the UK’s position in cyberspace by “prioritising cyber security in the workplace, boardrooms and digital supply chains”.

It is launching an online training platform called Cyber Explorers to teach young people cyber skills and has also created a business incubator scheme called Cyber Runway that will provide support to 107 tech-focused companies.

The strategy, which also outlines plans to strengthen law enforcement for cyber crimes, is being funded by £2.6bn of investment that was announced at this year’s spending review.

Government minister Steve Barclay said the strategy “transforms how the UK will advance its national interests in cyberspace”.

“It sets out a clear vision for building cyber expertise in all parts of the country, strengthening our offensive and defensive capabilities and ensuring the whole of society plays its part in the UK’s cyber future, and comes with record funding to match,” he said.

In its strategy document the government said that ransomware – a type of software that paralyses computer systems until a ransom is paid – “became the most significant cyber threat facing the UK in 2021”.

“During 2021, the UK continued its work with global partners to detect and disrupt shared threats, the most consistent of these emanating from Russia and China,” it said.

“In addition to the direct cyber security threats posed by the Russian state, it became clear that many of the organised crime gangs launching ransomware attacks against western targets were based in Russia.

“China remained a highly sophisticated actor in cyberspace with increasing ambition to project its influence beyond its borders and a proven interest in the UK’s commercial secrets.

“How China evolves in the next decade will probably be the single biggest driver of the UK’s future cyber security.

“While less sophisticated than Russia and China, Iran and North Korea continued to use digital intrusions to achieve their objectives, including through theft and sabotage.”

The paper cited the case of London borough Hackney Council, which suffered a ransomware attack in October 2020 that locked its systems and cost several million pounds to rectify, and noted the seriousness with which the National Cyber Security Centre (NCSC) views such attacks.

“Due to the likely impact of a successful attack on essential services or critical national infrastructure the NCSC assessed ransomware as potentially as harmful as state-sponsored espionage,” it said.

GCHQ director Sir Jeremy Fleming said the new strategy would allow the UK to “continue to prosper from the opportunities of cyberspace” while also “build[ing] alliances with democratic partners around the world to protect a free, open and peaceful cyberspace”.

Jude McCorry, chief executive of the Scottish Business Resilience Centre, welcomed the announcement and noted the importance of the ‘whole of society’ approach.

“The number of cyber attacks has been on the rise since the start of the pandemic, with both international and domestic cyber criminals taking advantage of our increased reliance on technology,” she said.

“We welcome the new national cyber strategy, particularly with its emphasis on a ‘whole of society’ approach. From a business perspective, the public and private sectors alone cannot drive the change needed to level up cyber security in the UK and keep us safe from cyber criminals both here and abroad - we must work in partnership.”