Public sector bodies must be cyber resilient by 2030, according to UK Government plan

The UK Government has published a plan for protecting the public sector against cyber attacks a month after unveiling its ambition to make the UK a leading cyber power.

In December, the government published a new National Cyber Strategy in which it underscored the importance of all organisations increasing internet security and protecting against the kind of so-called ransomware attacks that emanate out of countries such as Russia and China.

This week it revealed how governmental bodies will respond to that challenge, pledging in its Government Cyber Security Strategy that all “critical functions [will] be significantly hardened to cyber attack by 2025” and that “all government organisations across the whole public sector [will be] resilient to known vulnerabilities and attack methods no later than 2030”.

The aim is to take a two-pronged approach to driving improvements in cyber security, with the first being to ensure that “government organisations have the right structures, mechanisms, tools and support in place to manage their cyber security risks”.

“The second is to ‘defend as one’,” according to the strategy document. “Recognising that the scale and pace of the threat demands a more comprehensive and joined up response, government will harness the value of sharing cyber security data, expertise and capabilities across its organisations to present a defensive force disproportionately more powerful than the sum of its parts.”

While cyber security is a reserved matter, the paper confirms that responsibility for ensuring public sector bodies in the devolved nations are resilient to cyber risks will fall to the respective devolved governments.

In his ministerial foreword to the document, Prime Minister Boris Johnson wrote that it is crucial the government leads by example if the UK’s ambitions are to be met.

“As well as ensuring that government organisations can protect the services and functions that maintain and promote our economy and society, government must be an exemplar to the private sector, to ensure that the UK continues to enhance its reputation as one of the most secure and attractive digital economies in which to live, do business and invest in,” he said.

Cabinet Office minister Steve Barclay added that around 40 per cent of cyber incidents reported between September 2020 and August 2021 were aimed at public sector organisations.

“Building and maintaining our cyber defences is therefore vital if we are to protect the functions and services on which we all depend,” he said.

“As government, we have made a great deal of progress in recent years, but there is much more to do.

“To meet the threats we will face in the coming decade we must build on our successes and transform how we approach cyber security in government.”