The second National Cyber Strategy published at the end of 2019 sets out a broad suite of measures to strengthen the security of Government networks and ICT systems. The Strategy defines the role of the National Cyber Security Centre (NCSC) – situated in my Department – to support Government Departments and other public bodies to improve the resilience and security of their IT systems, to better protect services that people rely upon and their data. Recognising the growing dependence on digital services and the evolving global cyber threat landscape, earlier this year Minister Ryan commissioned external consultants to conduct a Capacity Review and to benchmark the NCSC with similar agencies in Europe and internationally. Minister Ryan and I received the consultants’ report in June and in July the Government agreed a number of measures to support the continued development of the NCSC over the coming five years, including:
- Increasing the overall fulltime staffing complement of the NCSC to at least 70 over the next 5 years with a first tranche of an additional 20 staff recruited by end 2022 bringing the serving complement to 45.
- That the General Scheme of a Bill be prepared for Government approval, to establish the NCSC on a statutory basis and provide for related matters including clarity around its mandate.
- That the new role of Director of the NCSC be established at a salary level equivalent to that of Deputy Secretary in the Civil Service.
- That the existing cross-Government group overseeing the implementation of the National Cyber Security Strategy 2019-2024, chaired by the Department of the Environment, Climate and Communications be tasked with developing an action plan for key elements of the capacity review, sponsoring implementation of the review, and reporting to the Minister/Government as necessary.
- That the future capital budget for the NCSC be informed by a 5-year NCSC technology strategy.
- The NCSC will be accommodated within the Department’s new Headquarters (HQ) in Beggars Bush.
- In addition to the creation of 20 new permanent posts in the NCSC, a cyber security graduate training programme would be initiated.
Implementation of the programme of work to deliver on these measures is well underway.
My Department has recently published a baseline cyber security standard to be applied by all Government Departments and key agencies. The NCSC has worked with colleagues across Government to develop the standard which will support public bodies to identify cyber risks, deploy appropriate mitigation measures, and protect personal and other important data. In addition, the Computer Security Incident Response Team (CSIRT) based within the NCSC has developed and deployed technology on the infrastructure of Government Departments to detect and warn of certain types of threat.