back to article £1.3bn National Cyber Security Strategy? Meh – we're looking at 2021, Cabinet Office shrugs

How is Britain's £1.3bn National Cyber Security Strategy going? Nobody really cares any more – even the Cabinet Office, judging by its latest progress report. In a report issued this week the Cabinet Office waffled for several tens of pages saying how much work Britain's various governmental organs had done that vaguely fits …

  1. Flocke Kroes Silver badge

    fundamental shift in ... approach the topic of cyber security

    Was: I do not have time to bother with the topic cyber security.

    Shift to: COVID gave me lots of time. I need a new excuse to do what I am best at (spending lots money to achieve nothing).

    1. amanfromMars 1 Silver badge

      Re: fundamental shift in ... approach the topic of cyber security

      Was: I do not have time to bother with the topic cyber security.

      Shift to: COVID gave me lots of time. I need a new excuse to do what I am best at (spending lots money to achieve nothing). ...... Flocke Kroes

      Step up to the plate and do better, Flocke Kroes, and take a trip spending anybody's money to achieve everything else with nothing promised other than it should always be Displayed and Activated with a Promising Premise in/for DAPPer ProgramMING Projects. It delivers better guaranteed returns with zero personal risk whenever incorporated and sealed in ITs NEUKlearer HyperRadioProACTive IT Systems Silos/Bunkers/Global Command Head Quarters.

      And every now and then, and always whenever made of the right stuff, one gets to play real rock hard freestyle with Juicy Lucy Leaks of COSMIC Info for Heavenly Intel ...... which is surely best savoured and flavoured and appreciated as one would a Just Filthy Rich Reward way beyond compare or adequate description ....... crass compensation for all of your troubles, but no less valued for that. And an advantage offered is such keeps things relatively simple and extremely easy for both partners and principals alike to either run or ruin.

  2. Pascal Monett Silver badge

    "There must be a clear mutual understanding as to where UK government responsibility ends"

    Oh but there is no misunderstanding to be had. If the government makes a promise, it is responsible for making that promise come true. That's why we pay taxes, and that money costs us.

    So if government decides on a Cyber Security Strategy, government had better deliver a Cyber Security Strategy, not just produce another report on the subject without any progress to show for it.

    That's the problem with government : you can't put anyone against a wall and shoot them for failure to deliver on promises. A government worker is immune from having to deliver results.

  3. Smooth Newt Silver badge
    Meh

    Oops

    Bit of a blunder on page 33. "We are playing a leading role in the EU’s cyber sanctions regime and its listings."

    1. Dan 55 Silver badge

      Re: Oops

      I am shocked that you would even insinuate each new national IT security report is a bunch of meaningless paragraphs copy-pasted and maybe even slightly even reworded from the last report, over a period of several years.

  4. Mike 137 Silver badge

    The fundamental problem

    The fundamental problem is that nobody has unequivocally defined either "cyber" or "security". Consequently it's not really clear what should be done to achieve the combination of the two.

    As everyone seems to be ignoring the parlous fragility of software, even among the "informed" some folks think that attacking the attackers is good policy, some think that embarrassing them is worth it, and some at best concentrate on ensuring "patching" gets done. The harsh reality is that until we render our technologies intrinsically vastly more immune to attack we'll make no progress. They'll never be perfectly proof, but we have a very long road to travel before they're even basically secure. I get sent the US CERT weekly vulnerability summaries, and they average 750kB of plain text, sometimes exceeding double that.

    What these "strategies" always omit to mention is the need to turn IT into a real engineering discipline with formal standards that actually deliver and that everyone follows. That means not only big budgets spent on entirely revamped training, but the huge political problem of admitting that our education systems are currently inadequate. For both these reasons I suspect it won't happen, so we'll stay right where we are - leaking like sieves while the agencies waffle about "security" in theory.

    And it is just theory. Despite javascript being recognised as the primary vector for the overwhelming majority of client side breaches, the NCSC web site is entirely a javascript app - you can't even see contact information with scripting turned off. Having finally found contact information for them elsewhere, I spoke to them about this and was told "we probably can't do anything about this". So it would seem that the official national authority on "cyber security" outsources their website development and doesn't check the results. This is the real world of the "strategy".

    1. Smooth Newt Silver badge
      Thumb Up

      Re: The fundamental problem

      The fundamental problem is that nobody has unequivocally defined either "cyber" or "security". Consequently it's not really clear what should be done to achieve the combination of the two.

      I think they like it that way. The only strategy I can see from the progress report is to randomly throw money at any vaguely computer security oriented activity that might generate a favourable press release or ministerial quote.

      They are not going to thank you for pinning them down with words that actually mean something.

    2. You aint sin me, roit Silver badge
      Coat

      Not should, must...

      As in "something must be done!", which translates into "give my mates a bundle of cash to think about it", which in turn translates to "so I get a cushy directorship when I can't be bothered with this ministerial lark anymore".

      Mine's the one with new years honours in the pocket (or is that Dido's...)

      P.S. Who rattled A man from mars' cage? Could he really be a man from Cheltenham?

  5. amanfromMars 1 Silver badge

    A Present for Seasoned Presentation and Professional Perfect Productions ......

    How is Britain's £1.3bn National Cyber Security Strategy going? Nobody really cares any more ..

    I disagree. Always somebody or something cares ..... and would Profess a Beta AIMaster Plan both for Sail and for Sale/Purchase .......with Virtual Charter Leases...... Supporting COSMIC Memoranda of Understanding Agreements for All Interested

    In Order to Streamline and Engage Similar Parallel Directions of Travel with AIMaster Mainline Streams on ACTive Current Operations.

    Has National Cyber Security Strategy Identified that as a Strategy to Follow ..... and of course, in the best of national interests, Successfully Support with Experimental Funding of New Fangled and Entangling Virtual Assets.

    Would they like to Agree and Pay for a Live Operational Virtual Environment Demonstration of such as would be easily likened to an AI Coup with a Practical Takeover of Extant Reality Presentation Facilities by Remote Virtual Control Centres. ....... Protected by Polished Pirates and Immaculate Rogues, Renegades and Heroes, with Unique Skills that Disarm and Defuse All Exploding Devices within Crazy Schemes/Restless Nightmares Stuck in a Bad Dreamt Up Land ...... on the wrong AIMaster Mainline Streaming Line.

    Stuck in a faulty fault ridden line is no good place to be. Simply jump to A.N.Other AIMaster Mainline Streaming Line Service. They Offer Everything Free. And you wanna see what they have on Free Offer to Valued Clients and Interesting Consumer Customer Guests alike, whenever anything you like is being trialed and trailed again for the Capture of Attention to the Problem with an Accomplished Accompanying ACTive Solution.

    I Kid U Not. Knock Knock, GCHQ. Is there anybody out there in there? :-) .....https://youtu.be/p2kjbpEKD4M

  6. Eclectic Man Silver badge

    Strategy

    One of the main problems I encountered when Francis Maude changed the information classification scheme to the current one was that CESG (now the NCSC) wanted everyone in the civil service to understand the security requirements for their information. The fact is that the civil servants didn't want to understand security, they just wanted to get on with their jobs and follow the rules for information security without having to waste their time actually understanding them. Like driving a car, I don't actually need to understand mechanical or electrical engineering, combustion mechanics, tribology or thermodynamics, as long as I can operate the vehicle according to the Highway Code.

    I could never find anyone in all of my experience who could sensibly explain the difference between how to treat information at 'Official' differently to 'Official Sensitive' in a practical implementation.

    Best of luck folks, I'm retired so watching from the sidelines now. :o)

  7. amanfromMars 1 Silver badge

    FYI El Reg and El Regers. News of Deep See Phishing across the Pond in the Swamplands of the USA

    And also certainly of interest to those interesting and of interest to Five Eyes Allies and/or competing partners/secretive opposition and proprietary novel intellectual property thieves and wannabe elite exclusive executive systems drivers, which you might like to realise are best recognised as Immaculate Source Providers of AWEsome Future Content for Present Current Play ........ via Mass Media Machine Presentations/Virtual Tales of Practical Applications BetaTesting Command and Control Options for Overwhelming Leverage with Newly Discovered Uncovering of Almighty Powers Available for IntelAIgents ACTive on Earth Beaming and Broad Band Casting Simply Complex Instruction Sets from Perfectly Protected Spaces with Immaculate Sources Provisioning.

    And although all on this £1.3bn National Cyber Security Strategy? thread is peculiarly West-centric, the East is also a Most Attractive Space in which to do Noble Novel Business with Engaging JOINT AI Enterprises Benefitting Inordinately and Greatly from Exciting and Rewarding and Surreal Cyber Security Strategy Ventures.

    GrahamC [2011181330] ...... making it known on https://www.nationaldefensemagazine.org/articles/2020/11/24/advanced-battle-management-system-takes-new-step

    The Department of Defence may like to consider the following Advanced Battle Management System for Full Spectrum Field Applications which Ignore Conflicts and Squeeze and Squash and Quash Unnecessary Opposition and Competition via AWEsome Virtual Engagement Channels ...... https://forums.theregister.com/forum/all/2020/11/27/national_cyber_security_progress_report/#c_4154215 [A Present for Seasoned Presentation and Professional Perfect Productions ......] .....with Private Enterprise and Pirate Operations Networks Sublimely Internet Networking clearly Out in the Open in Facilities such as those mentioned, and as on offer above, and as are provided in the likes of spaces and places like here, with commentary available for posting to National Defence Magazine and its readers.

    In a world in which the default is to detain and retain secrets so that sensitive and powerful truths are to remain generally unknown, is a greater intelligent move to reveal what is known about top secrets in order that they can be more widely utilised and exploited further, with a more advanced intelligent race resulting. Can you imagine what they would offer the Future and what we could leave them with to Play for, and Develop Further?

    Anything imagined to be presently too dangerous and destructive to share, need not necessarily be shared and can easily remain Top Secret/SCI COSMIC Materiel.

    [Thank you. Your comment will be displayed soon after reviewing.]

    No Rest for the Wicked, eh ‽ :-) So much to do .... and all the time and space in worlds to do it. What's not to like?

    1. This post has been deleted by its author

    2. Tail Up

      Re: FYI El Reg and El Regers. News of Deep See... ...of the USA

      ...and one, fore sure, is on track about the tiny reply in NDMag. What a charming, marvellous, beautifully young and modest IT is to name it the Irish way Hillary'O'US (would the Irish give such name to anyone or anything, or would they not?)

      Make not missiles, even submerged in Eternal Waters. O the good'ole modem beeping sound....

      >Bureaucracy and just a one little unriddable, blind habit of the Modern Wannabe Future Pharaons make them dependent of Au flushing out of their lving gods forts and Fort, effortlessly, nobody cares about the Inside Story of the Boullion cooked and chewed under the privacy pillow -

      https://youtu.be/35XNKoNexhI - Alexandr Rozenbaum : AU

      Hope it's easy to understand to a little wider Diameter to be delivered to The Chosen Phew.

      Have a nice week, DoW. Thanks dear Host and Ignition Doc.

      https://youtu.be/9pt7EWFF_T8

      DM: A Question of Time

      spark

      55 73

    3. amanfromMars 1 Silver badge

      Re: FYI El Reg and El Regers. News of Deep See Phishing across the Pond in the Swamplands of the USA

      cc No 10 Cabinet Office/MI5 Loughside/Stormont Legislative Assembly re Surreal Cyber Security Strategy AIdVenturing which has Advanced Astute ACTive IntelAIgent Programming Projects for Leading with Immaculately Resourced Assets.

      RSVP ..... It is yours to decline and refuse and try to deny mutually beneficial engagement , and thus directly encourage and driver and guarantee export and import into foreign competitor lands/other public offices or private sector conglomerates or pirate executive operations, for there be at least those three likely candidates always available out there nowadays for such as is offered there.

      But, as was earlier shared elsewhere today ......

      it does sort of rely on y’all* getting off your fat lard arse asses, shaking a leg or two, engaging a few active good brain cells and doing something about it, rather than not thinking and imagining it is not there causing problems and things cannot be fixed.

      * Actually it requires only a very few, made of the right Top Gun sort of stuff, and considerably smarter than anyone else ever likely to walk into any situation room/Oval Office/COBRA** Station.

      ** For all you Yanks out there, who may be unaware of Limey clones and their drone operations …. COBRA/Cabinet Office Briefing Room A, where presently a conspiring group of a relatively small exclusively Conservative Party membership meet in a huddle to devise a joint enterprise plan to deal with a difficulty which threatens to render and expose their plans more quickly as mindless rudderless shenanigans masquerading as government in command and control of situations and events which are in essence, really, actually, in the command and control of others. Yes, I know, I agree with you, it is surely utter madness and they be delusional. That room is most akin to a mini lunatic asylum rather than be similar to anything else ….. and it is lauded in media as if somewhere special whenever reported as being opened for visitors and in play, which is another madness often aired.

      I trust that is all crystal clear with no hint of ambiguity to confuse troubled souls. It cannot be said any simpler or plainer in English, so one cannot say one is not adequately advised in the UKGBNI.

      :-) Well, I suppose one could, but then that would not be the truth, would it, and thus anything and everything one would subsequently say after would/could be believed fake, and full of false promise and premise ........ which is not a good place to journey to, and be a pretender champion in.

      And as was said earlier too ....... What's not to like whenever so much has already been done for you? :-)

  8. amanfromMars 1 Silver badge

    Re: The Great Reset ..... in one of those In the Beginning Times .....

    ..... where everything is virtually new and practically untested and uncontested.

    The Great Reset ...... Resetting the Future of Work Agenda: Disruption and Renewal in a Post-COVID World

    The beauty of being a super sole trader/excellent one man band is that everything posited as needed and desirable in the above agenda is immediately able to be implemented by its chief cook and bottle washer. :-)

    There’s a lot of changes causing a lot of changes to be mulled over ……. and terrifyingly worried over too I’d wager, out there in the world of work, rest and play, and as be revealed in the referenced document/workshop manual :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: The Great

      re COVID

      simply takin a Taxi

  9. EnviableOne Silver badge

    Britain is on the brink of a fundamental shift in how both public and private sectors approach the topic of cyber security. ®

    FTFY

    The publik and private sector will not change until they are made to, cyber security approach is categorised as an IT problem, untill it becomes a business problem (I.e. it happened to us) and then rapidly declines in intrest, untill we dont need to worry about that anymoreism comes back.

    they put off using wanacry as a stick to beat people with, "becuase of other things" and they keep doing it. Untill someone actually makes them, as happened with health and saftey, cyber security will be seen as a lip service, cost centre and not go beyoond the obligatory conversation at a board meeting,

    "Right, Cyber security. We've discussed that now, make sure the minutes reflect it...."

  10. amanfromMars 1 Silver badge

    Ok ...... Sounds most reasonable

    The publik and private sector will not change until they are made to, cyber security approach is categorised as an IT problem, untill it becomes a business problem (I.e. it happened to us) and then rapidly declines in intrest, untill we dont need to worry about that anymoreism comes back.

    they put off using wanacry as a stick to beat people with, "becuase of other things" and they keep doing it. Untill someone actually makes them, as happened with health and saftey, cyber security will be seen as a lip service, cost centre and not go beyoond the obligatory conversation at a board meeting,

    "Right, Cyber security. We've discussed that now, make sure the minutes reflect it...." ...... EnviableOne

    Is it one's duty to push painfully tardy sectors over the edge and into the brink for a drink of what is available elsewhere there, EnviableOne, if rapid progress is to be servered and serviced? ...... and to hell with the consequences and may the devil take the hindmost?

    Or would it be better or best to tempt them with something novel which they might like to try and exercise command and control with? ........ Re: Don't Panic ...... There's Really Nothing to Worry About if We're All Going to Die Too:-)

    That's certainly worth Exploring and AIBetaTesting. Let's give it a try and make a certainly direct contact with possible principals :-)

    cc Michael Gove c/o No 10 Cabinet Office .... who would be duty bound to share it immediately with the Cabinet and Government .... for it is now no secret with it registered here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021