By Elly Savill
Titled Global Britain in a Competitive Age, the Review sets out the Government’s overarching national security and international policy objectives to 2025. Mentioned some 156 times, cyber is set to play an integral part in the Government’s international policy ambitions which form the building blocks for the Prime Minister’s vision for the UK in 2030. The framework to 2025 includes four overarching objectives:
1. Sustaining strategic advantage through science and technology
• The Government will adopt science and technology (S&T) as an integral part of their national security and international policy with the intention of becoming “a global S&T and responsible cyber power”.
• Cyber will be essential in gaining economic, political and security advantages in the coming decade.
2. Shaping the open international order of the future
• The Government will seek to establish norms in the future frontiers of cyberspace, emerging technology, data and space.
3. Strengthening security and defence at home and overseas
• As well as addressing physical threats to security, the Government also recognise challenges faced online.
• Although NATO will continue to have an important role in collective security, the Government is keen to place a greater emphasis on building a capacity of like-minded nations around the world.
4. Building resilience at home and overseas
• The Government will “place greater emphasis on resilience” by improving the UK’s ability to anticipate, prevent and prepare for security risks including cyber-attacks.
Adapting to a new normal
An underlying theme to both Boris Johnson’s vision for 2030 and the Review as a whole is Johnson’s belief that the UK must be willing to “change our approach and adapt to the new world emerging around us”. This includes a ‘modernisation programme’ within defence to look at newer domains like cyber and space. This policy will see the Government spend at least £6.6 billion over the next four years on R&D in defence areas including cyber.
Big plans for the future
As well as having an overtly international outlook, Johnson’s vision for the UK or ‘Union’ in 2030 includes some big tech ambitions. The overarching ambition is to have greater resilience to threats in the digital world, however Johnson also aims to see the UK as a recognised Science and Tech Superpower.
Alongside this, there is a clear ambition to put the UK (and its democratic credentials) at the forefront of global discussions about cyber norms and digital standards. The Prime Minister also aims to see the UK leading in critical areas such as artificial intelligence as well as at the forefront of global regulation on technology, cyber, digital and data- specialisms which Johnson says will be used to protect fellow democracies as well as well as the UK.
Cyber Strategy incoming
The Review provides an overview of the Government’s upcoming cyber strategy which will include the following priority actions:
- To strengthen the UK’s cyber ecosystem by a ‘whole-of-nation’ approach to cyber. This will include cementing the partnership between Government, academia and industry and investing in integrated education and training to grow talent.
- To build a resilient and prosperous digital UK through continued investment in the NCSC and by addressing vulnerabilities in the public sector.
- To take the lead in the technologies vital to cyber power, the Government will look to work with others to influence the rules and standards governing digital technologies so that they reflect democratic values.
- To promote a free, open, peaceful and secure cyberspace. This includes broadening international partnerships to create cyber resilience as a way of influencing international norms.
- To detect, disrupt and deter our adversaries. The Government will look to make the UK a more difficult operating environment for attackers and strengthening the criminal justice response to cyber-attacks.
China’s perceived influence on British telecoms and subsequent threat to cyber security have been a growing area of concern, culminating in the Government’s decision last Summer to remove Huawei from the UK’s 5G infrastructure and limit their presence in fixed networks. Since then, legislation to limit China’s influence in British telecoms and businesses more broadly (see the Telecommunications Security Bill and National Security and Investment Bill) have begun their journey through Parliament.
The Review mirrors the current conflicting mood towards China within Westminster. For example, the Review labels the nation’s increasing power “the most significant geopolitical factor of the 2020s” and hints at the Chinese militaries’ cyber expertise as a threat to UK interests. However, the document also calls for the UK to remain open to Chinese trade and investment. This balancing act is largely due to China’s integral role in tackling global warming- an ambition at the forefront of this Government’s priorities and one which can not be achieved alone.
A ‘whole-of-cyber’ approach
The Government has long been shifting focus towards cyber security as both a defensive and offensive mechanism. However, the report states that the Government will now aim to take a ‘whole-of-cyber’ approach. The exact meaning behind this term is vague but the National Cyber Force (NCF), which was established last year and conducts targeted, offensive cyber operations is likely to play an important role. This is because the NCF was established to be used in combination with diplomatic, economic, political and military capabilities resulting in a broad range of operations including preventing cyberspace from being used for serious crimes. The Review also announced a new Ministerial group to oversee cyber decision-making across Government.
In 2021 the Government will publish a national resilience strategy with the aim of pinpointing weaknesses and improving national preparedness. The strategy will include four priorities, namely, establishing a ‘whole-of-society’ approach to resilience. This incorporates sector-specific legislation, such as the Telecommunications Security Bill and the role of the new cyber strategy which looks to improve the UK’s resilience to cyber risks by raising the level of cyber security across critical national infrastructure sectors.