From manifesto to material: What No. 10 needs to make reality

Working together to take down criminals

We need to focus on international and transnational working and cooperation. Keir Starmer has already been resetting relationships with NATO, the EU, and I expect more to follow suit.

This is important because cyber criminals act locally but hide globally. They can affect significant change from a small town on the other side of the world while stealing from someone’s house in southeast London. We need agreements so that we can extradite people to cooperate with law enforcement. There’s a lot of good indications from the new administration that this will improve.

The new government announced a new Cyber Security and Resilience Bill in the King’s Speech, which aims to address existing vulnerabilities and strengthen the UK’s defences against cyber-attacks. This includes extending the scope of the existing NIS regime to protect more digital services and supply chains and impose additional incident reporting obligations. There are also plans for significant investment in cyber security infrastructure and capabilities, which will enhance the UK’s ability to collaborate with international partners.

Working with big tech

We are now in a world where surveillance capitalism exists, where big tech can own, map and sell your identity and personal data, rather than governments – who can be voted out.

I started working in government when Tony Blair was leaving, and I recall a deeply passionate set of debates around surveillance, civil liberties, and technologies at the time. Back then, politically it wasn’t the right time or environment for ID cards. But if we as a country had stepped into that environment, I think things would be very different. Identity is a fundamental tenet of cyber security, and we now have a fragmented system where we don’t have an ‘identity ground truth’. Some may say this is for the best, while others will vocally disagree with my opinion.

One thing that will be crucial for the new administration’s success is holding government, companies, and big tech, to account.

Tackling cross-border cyber warfare

An interesting challenge is what to do about proxy groups. These cyber criminal groups work on behalf of governments, but this arrangement allows these countries plausible deniability. I feel that we’ve been quite remiss in challenging these governments beyond just sanctions. There hasn’t been anything of real consequence.

We are bound by Western democratic values in the UK – but are these threat actors bound by the same rules? What is the equivalent of ‘don’t attack hospitals or civilians’ in cyberspace? We only need to look at WannaCry to understand the same standards don’t apply. This needs to be addressed. But it needs time, money and innovation to understand how to regulate and manage it. There have been tentative steps in this direction, for example the International Committee of the Red Cross (ICRC) published rules of engagement in 2023 for civilian hackers involved in conflicts.

Matching ardour with ability

Finally, I personally hope the government meets these challenges head on with the right skills in the right roles. The new government is bringing in people that are competent and have done the job before. Science ministers that have a strong academic and scientific background, people that working in the Treasury who have economic degrees. I have a feeling that the people in the new administration are passionate about what they need to do and to do it in the long-run.  

Setting realistic expectations is important, too. Any new measures should be proportionate to what our nation and its organisations can reasonably put in place. But if we start on these building blocks and fundamentals, we can hopefully reap the benefits in five to 10 years’ time.