The United Kingdom Government issued a first-of-its-kind strategy document to assist the British public sector in building a strong foundation for cyber security resilience. According to a government press release, around 40% of the hundreds of cybersecurity incidents reported in the second half of 2020 and the first half of 2021, were aimed at the public sector.
The document presents five main guidelines:
- Manage cybersecurity risks: identify, assess, and understand the risks, and share information about vulnerabilities across government.
- Protect against cyberattacks: implement proportionate cybersecurity measures in the technology and services you use. Classify, handle and share data in a way that is commensurate with the risks it presents.
- Detect cyber security events: monitor systems, networks, and services to detect cybersecurity events before they become incidents.
- Minimize the impact of cyber security incidents: establish mechanisms to restore affected systems and resume their operation with minimal disruption.
- Develop the right cybersecurity skills, knowledge, and culture: know your cyber security skills requirements and cultivate a cybersecurity culture that empowers learning and improvement.
As part of the UK’s new strategy, the government established a new Government Cyber Coordination Centre to assist in the coordination of cyber security efforts across the public sector, and a new cross-government vulnerability reporting service, among other things.