3 minute read
METRICS
9. METRICS
9.1. Cyber security remains an area of 1. The UK has the capability effectively relative immaturity when it comes to the to detect investigate and counter the measurement of outcomes and impacts threat from the cyber activities of our – normally referred to as metrics. Already adversaries. the science of cyber security has been obscured by hyperbole and obstructed 2. The impact of cybercrime on the by an absence of calibrated data. This is UK and its interests is significantly a source of frustration for policy-makers reduced and cyber criminals are and businesses alike, who have struggled deterred from targeting the UK. to measure investment against outcomes. The Government assesses that the effective 3. The UK has the capability to manage use of metrics is essential for delivering this and respond effectively to cyber strategy and focussing the resources that incidents to reduce the harm they underpin it. cause to the UK and counter cyber adversaries.
Advertisement
9.2. We will ensure that this strategy is founded upon a rigorous and
4. Our partnerships with industry on comprehensive set of metrics against active cyber defence mean that large which we measure progress towards the scale phishing and malware attacks outcomes we need to achieve. As well are no longer effective. as being a major deliverable under the Strategy in its own right, the NCSC will 5. The UK is more secure as a result of play a crucial role in enabling other parts of technology products and services Government, industry and society to deliver having cyber security designed into all of these strategic outcomes within this them and activated by default. strategy.
6. Government networks and services 9.3. Annex 3 sets out how the success will be as secure as possible from the measures set out in the strategy will moment of their first implementation. contribute to the strategic outcomes, The public will be able to use which will be reviewed annually to ensure government digital services with they accurately reflect our national goals confidence and trust that their and requirements. The headline, strategic information is safe. outcomes are as follows:
7. All organisations in the UK, large and small, are effectively managing their cyber risk and are supported by high quality advice designed by the
NCSC, underpinned by the right mix of regulation and incentives.
8. There is the right ecosystem in the
UK to develop and sustain a cyber security sector that can meet our national security demands.
9. The UK has a sustainable supply of home grown cyber skilled professionals to meet the growing demands of an increasingly digital economy, in both the public and private sectors, and defence.
10. The UK is universally acknowledged as a global leader in cyber security research and development, underpinned by high levels of expertise in UK industry and academia. 11. The UK government is already planning and preparing for policy implementation in advance of future technologies and threats and is
‘future proofed’.
12. The threat to the UK and our interests overseas is reduced due to increased international consensus and capability towards responsible state behaviour in a free, open, peaceful and secure cyberspace.
13. UK Government policies, longer term outcomes are allocated beyond organisations and structures are 2021 to industry, regulators, auditors, simplified to maximise the coherence insurers and other parts of the public and and effectiveness of the UK’s private sector, as the effective management response to the cyber threat. of cyber security risks is integrated into
9.4. We recognise that some of our ambitions for this strategy go beyond its five year timescale. In order that any future investment in cyber beyond 2021 can continue to deliver the maximum transformative effect, we intend that these standard management activity for all.
