The UK’s Integrated Review 2021 – while a positive step forwards – lacked detail and failed to provide a bridge between policy and achievable actions in cyber policy according to a new paper from the Henry Jackson Society.
The report details heightened challenges in the cyber world that increasingly threaten the democratic goal of building a free and open cyberspace. Despite efforts to engage with these challenges, the findings show that so-far threats have outpaced strategy. For the UK to engage meaningfully with these threats and take the opportunity to become a leader in shaping the future of cyberspace, the report suggests that politically there needs to be a more detailed response and robust engagement with these issues.
The Future National Cyber Security Strategy engages with the pressing threats, not only to UK national security, but also to the broader global implications to democratic values in cyberspace, and offers tangible recommendations for the next NCSS.
The report demonstrates that global financial losses to cybercrime have grown each year since 2016; 2017 saw the world’s first global ransomware attacks; and recently, Solarwinds proved how supply chain security can be detrimentally compromised. It argues that cyberspace is becoming increasingly hostile and that there is a limited window for the UK to adapt to its role outside of the EU and engage internationally to defend liberal values in this sphere.
The report’s author lays out five main challenges and potential responses:
- Digital authoritarianism – defending liberal values, recognising and engaging with the differences in views of cyber sovereignty between the West and its greatest challengers (Russia and China), and what this means for global cybersecurity.
- Allies and alliances – development of strategy in cyber has stalled whilst the risks have not. Aiming to foster a permanent presence of liberal values within the structures of cyberspace by nurturing grassroots cyber skills and recognition of the need to offer greater protection of British nationals and enterprises in the international cybersphere.
- Attribution – the need for consistent policy regarding attribution of cyber-attacks. Establishing a framework, with clearly defined penalties to demonstrate a strong response, and to offer a rules-based system in a currently ill-defined area.
- Setting red lines – linked to attribution – an appreciation that deterrence has yet to deliver due to a lack of sufficient clarity. The UK needs to clarify its red lines and formulate a system defining clear ramifications if these are overlooked.
- Global Britain and Cyber Power – the opportunity to craft a vision for the UK in cyberspace and position itself as a global leader in defence and expansion of free and open cyberspace. The UK needs to go beyond domestic resilience and become a responsible, democratic cyber power, developing cyber allies and reshaping the international order.
The report asserts that cybersecurity threats currently present unprecedented challenges and risk destabilising liberal global development. However, it indicates that the UK can counter this trend and become an international leader – reflecting and protecting democratic values globally – if it moves away from the status quo and focuses on bridging the gap between policy and strategy to build a free and open cyber future.
You can read the new report in full HERE
About the author:
Danny Steed is a research fellow who is particularly engaged in the Henry Jackson Society’s Centre for Cyber, Data, and Online Threats. Previously Danny was Lecturer in Strategy and Defence at the University of Exeter, where he created and delivered numerous courses specialising in national security strategy to student, professional, and military cadres. Danny has also worked in UK government service in an operational cyber security capacity. Since then, Danny has been in private industry as a Head of Strategy. During that time, he avidly continued his own scholarship, as a visiting fellow to both the University of Cranfield and the Cyber Norms Program at the University of Leiden in 2019, and continuing to contribute to taught courses, publications and academic events. He is the author of two books: ‘British Strategy and Intelligence in the Suez Crisis‘ (Palgrave, 2016) and ‘The Politics and Technology of Cyberspace‘ (Routledge, 2019).