£1.3bn National Cyber Security Strategy? Meh – we're looking at 2021, Cabinet Office shrugs

"There must be a clear mutual understanding as to where UK government responsibility ends"

Oh but there is no misunderstanding to be had. If the government makes a promise, it is responsible for making that promise come true. That's why we pay taxes, and that money costs us.

So if government decides on a Cyber Security Strategy, government had better deliver a Cyber Security Strategy, not just produce another report on the subject without any progress to show for it.

That's the problem with government : you can't put anyone against a wall and shoot them for failure to deliver on promises. A government worker is immune from having to deliver results.

The fundamental problem

The fundamental problem is that nobody has unequivocally defined either "cyber" or "security". Consequently it's not really clear what should be done to achieve the combination of the two.

As everyone seems to be ignoring the parlous fragility of software, even among the "informed" some folks think that attacking the attackers is good policy, some think that embarrassing them is worth it, and some at best concentrate on ensuring "patching" gets done. The harsh reality is that until we render our technologies intrinsically vastly more immune to attack we'll make no progress. They'll never be perfectly proof, but we have a very long road to travel before they're even basically secure. I get sent the US CERT weekly vulnerability summaries, and they average 750kB of plain text, sometimes exceeding double that.

What these "strategies" always omit to mention is the need to turn IT into a real engineering discipline with formal standards that actually deliver and that everyone follows. That means not only big budgets spent on entirely revamped training, but the huge political problem of admitting that our education systems are currently inadequate. For both these reasons I suspect it won't happen, so we'll stay right where we are - leaking like sieves while the agencies waffle about "security" in theory.

And it is just theory. Despite javascript being recognised as the primary vector for the overwhelming majority of client side breaches, the NCSC web site is entirely a javascript app - you can't even see contact information with scripting turned off. Having finally found contact information for them elsewhere, I spoke to them about this and was told "we probably can't do anything about this". So it would seem that the official national authority on "cyber security" outsources their website development and doesn't check the results. This is the real world of the "strategy".

A Present for Seasoned Presentation and Professional Perfect Productions ......

How is Britain's £1.3bn National Cyber Security Strategy going? Nobody really cares any more ..

I disagree. Always somebody or something cares ..... and would Profess a Beta AIMaster Plan both for Sail and for Sale/Purchase .......with Virtual Charter Leases...... Supporting COSMIC Memoranda of Understanding Agreements for All Interested

In Order to Streamline and Engage Similar Parallel Directions of Travel with AIMaster Mainline Streams on ACTive Current Operations.

Has National Cyber Security Strategy Identified that as a Strategy to Follow ..... and of course, in the best of national interests, Successfully Support with Experimental Funding of New Fangled and Entangling Virtual Assets.

Would they like to Agree and Pay for a Live Operational Virtual Environment Demonstration of such as would be easily likened to an AI Coup with a Practical Takeover of Extant Reality Presentation Facilities by Remote Virtual Control Centres. ....... Protected by Polished Pirates and Immaculate Rogues, Renegades and Heroes, with Unique Skills that Disarm and Defuse All Exploding Devices within Crazy Schemes/Restless Nightmares Stuck in a Bad Dreamt Up Land ...... on the wrong AIMaster Mainline Streaming Line.

Stuck in a faulty fault ridden line is no good place to be. Simply jump to A.N.Other AIMaster Mainline Streaming Line Service. They Offer Everything Free. And you wanna see what they have on Free Offer to Valued Clients and Interesting Consumer Customer Guests alike, whenever anything you like is being trialed and trailed again for the Capture of Attention to the Problem with an Accomplished Accompanying ACTive Solution.

I Kid U Not. Knock Knock, GCHQ. Is there anybody out there in there? :-) .....https://youtu.be/p2kjbpEKD4M

Strategy

One of the main problems I encountered when Francis Maude changed the information classification scheme to the current one was that CESG (now the NCSC) wanted everyone in the civil service to understand the security requirements for their information. The fact is that the civil servants didn't want to understand security, they just wanted to get on with their jobs and follow the rules for information security without having to waste their time actually understanding them. Like driving a car, I don't actually need to understand mechanical or electrical engineering, combustion mechanics, tribology or thermodynamics, as long as I can operate the vehicle according to the Highway Code.

I could never find anyone in all of my experience who could sensibly explain the difference between how to treat information at 'Official' differently to 'Official Sensitive' in a practical implementation.

Best of luck folks, I'm retired so watching from the sidelines now. :o)

FYI El Reg and El Regers. News of Deep See Phishing across the Pond in the Swamplands of the USA

And also certainly of interest to those interesting and of interest to Five Eyes Allies and/or competing partners/secretive opposition and proprietary novel intellectual property thieves and wannabe elite exclusive executive systems drivers, which you might like to realise are best recognised as Immaculate Source Providers of AWEsome Future Content for Present Current Play ........ via Mass Media Machine Presentations/Virtual Tales of Practical Applications BetaTesting Command and Control Options for Overwhelming Leverage with Newly Discovered Uncovering of Almighty Powers Available for IntelAIgents ACTive on Earth Beaming and Broad Band Casting Simply Complex Instruction Sets from Perfectly Protected Spaces with Immaculate Sources Provisioning.

And although all on this £1.3bn National Cyber Security Strategy? thread is peculiarly West-centric, the East is also a Most Attractive Space in which to do Noble Novel Business with Engaging JOINT AI Enterprises Benefitting Inordinately and Greatly from Exciting and Rewarding and Surreal Cyber Security Strategy Ventures.

GrahamC [2011181330] ...... making it known on https://www.nationaldefensemagazine.org/articles/2020/11/24/advanced-battle-management-system-takes-new-step

The Department of Defence may like to consider the following Advanced Battle Management System for Full Spectrum Field Applications which Ignore Conflicts and Squeeze and Squash and Quash Unnecessary Opposition and Competition via AWEsome Virtual Engagement Channels ...... https://forums.theregister.com/forum/all/2020/11/27/national_cyber_security_progress_report/#c_4154215 [A Present for Seasoned Presentation and Professional Perfect Productions ......] .....with Private Enterprise and Pirate Operations Networks Sublimely Internet Networking clearly Out in the Open in Facilities such as those mentioned, and as on offer above, and as are provided in the likes of spaces and places like here, with commentary available for posting to National Defence Magazine and its readers.

In a world in which the default is to detain and retain secrets so that sensitive and powerful truths are to remain generally unknown, is a greater intelligent move to reveal what is known about top secrets in order that they can be more widely utilised and exploited further, with a more advanced intelligent race resulting. Can you imagine what they would offer the Future and what we could leave them with to Play for, and Develop Further?

Anything imagined to be presently too dangerous and destructive to share, need not necessarily be shared and can easily remain Top Secret/SCI COSMIC Materiel.

[Thank you. Your comment will be displayed soon after reviewing.]

No Rest for the Wicked, eh ‽ :-) So much to do .... and all the time and space in worlds to do it. What's not to like?

Re: The Great Reset ..... in one of those In the Beginning Times .....

..... where everything is virtually new and practically untested and uncontested.

The Great Reset ...... Resetting the Future of Work Agenda: Disruption and Renewal in a Post-COVID World

The beauty of being a super sole trader/excellent one man band is that everything posited as needed and desirable in the above agenda is immediately able to be implemented by its chief cook and bottle washer. :-)

There’s a lot of changes causing a lot of changes to be mulled over ……. and terrifyingly worried over too I’d wager, out there in the world of work, rest and play, and as be revealed in the referenced document/workshop manual :-)

Britain is on the brink of a fundamental shift in how both public and private sectors approach the topic of cyber security. ®

FTFY

The publik and private sector will not change until they are made to, cyber security approach is categorised as an IT problem, untill it becomes a business problem (I.e. it happened to us) and then rapidly declines in intrest, untill we dont need to worry about that anymoreism comes back.

they put off using wanacry as a stick to beat people with, "becuase of other things" and they keep doing it. Untill someone actually makes them, as happened with health and saftey, cyber security will be seen as a lip service, cost centre and not go beyoond the obligatory conversation at a board meeting,

"Right, Cyber security. We've discussed that now, make sure the minutes reflect it...."

Ok ...... Sounds most reasonable

The publik and private sector will not change until they are made to, cyber security approach is categorised as an IT problem, untill it becomes a business problem (I.e. it happened to us) and then rapidly declines in intrest, untill we dont need to worry about that anymoreism comes back.

they put off using wanacry as a stick to beat people with, "becuase of other things" and they keep doing it. Untill someone actually makes them, as happened with health and saftey, cyber security will be seen as a lip service, cost centre and not go beyoond the obligatory conversation at a board meeting,

"Right, Cyber security. We've discussed that now, make sure the minutes reflect it...." ...... EnviableOne

Is it one's duty to push painfully tardy sectors over the edge and into the brink for a drink of what is available elsewhere there, EnviableOne, if rapid progress is to be servered and serviced? ...... and to hell with the consequences and may the devil take the hindmost?

Or would it be better or best to tempt them with something novel which they might like to try and exercise command and control with? ........ Re: Don't Panic ...... There's Really Nothing to Worry About if We're All Going to Die Too:-)

That's certainly worth Exploring and AIBetaTesting. Let's give it a try and make a certainly direct contact with possible principals :-)

cc Michael Gove c/o No 10 Cabinet Office .... who would be duty bound to share it immediately with the Cabinet and Government .... for it is now no secret with it registered here.