Interview with Andrew Dinsley, Head of Program, Cyber Security at Foreign, Commonwealth & Development Office (FCDO), UK Government
The cyber security risk has not magically disappeared by 2030.
In 2030, the government is more digital. It is more automated. It is more sustainable. But we have not yet banished the malicious actors from the internet. And that, in turn, continues to create significant barriers to adoption and a full-scale digital transformation of government services.
Just as the government has become more sophisticated, so too have the malicious actors. The war in Ukraine in 2022 demonstrated that state actors wield cyber capabilities at a time of conflict. Attacks by non-state actors continue to grow, and newer and smarter hacking tools continue to be offered “as a service”. The cyber security risk has not magically disappeared by 2030; although, at the same time, our cyber security and resilience have also increased.
Taking steps to mitigate the risk
The government has been working diligently to improve resilience and reduce harm. We have much better education about cyber risk starting in school and stretching right out to retirement. People have a better understanding of what they should do if they are subject to a malicious action. The government has been investing heavily in research and development on cyber security. They have increased the level of legislation in the cyber arena. Yet, at the same time, they are trying not to stifle innovation and transparency.
What we have seen is a much better level of awareness and education — not only of the risks but also of the options for resilience and future technology opportunities. More recently, the government has added to trying to protect the population from harm, with more effort to ensure that the population is protecting itself and technology is built securely (secure-by-design). They are talking to companies about what situations may warrant insurance and/or additional and higher levels of resilience. They are paying particular attention to the vast majority of critical infrastructure that relies on public-private partnerships.
Unlocking adoption and value
The impact of the ongoing cyber risk on rates of digital government service adoption has been interesting. There are still many countries where more than half of voters show up to the physical polling booth on election day preferring to use paper and pencil to log their vote. There are many people across society who have been subject to a malicious cyber attack in the past and are now extraordinarily cautious about what they do online. Other services simply haven’t captured the public’s imagination as a digital services.
This ongoing cyber risk has frequently meant that adoption rates have been somewhat lower than anticipated. Simply put, the great benefits of having all of these new public services online have been somewhat countered by a more sophisticated and widespread cyber threat.
Security for all
It is not all doom and gloom. Indeed, there have been a number of significant advances in the global cyber security stance since the early 2020s. One has been the widespread adoption and utilization of automated and active cyber defence. That provided businesses and individuals with a much better baseline defence. At the same time, increasing levels of awareness, education and capabilities have greatly enhanced local and national resilience. And there has been a better understanding of how the development and deployment of technology must include marginalized and vulnerable groups so that they do not become victims of cybercrime.
Perhaps most encouragingly, we’ve also seen significant efforts to share best practices, threat intelligence and solutions across organizations and borders. It’s not good enough that the UK is protected from a threat — we need to make sure other countries are protected as well. And today, in 2030, we are taking steps to ensure the broad benefits of cyber security are enjoyed by all.