Tag Archives: national security

CYBERUK 2026: From Policy to Practice and the System Inbetween

Leave a Reply

CYBERUK 2026 signals a shift from building a cyber ecosystem to operating a national cyber system. Across a series of analyses, a consistent pattern emerges: policy is coherent, execution is demanding, and outcomes are uneven. This article draws those strands together to show that the gap between strategy and delivery is not incidental; it is structural, and it defines how the system behaves.

Continue reading

CYBERUK 2026: The Missing Layer Between Strategy and Execution is Regional Capability Infrastructure

Leave a Reply

CYBERUK 2026 defines a clear national cyber strategy, but leaves a critical gap between ambition and execution. This article identifies the “missing layer”: the regional capability infrastructure required to translate policy into scalable organisational resilience. Without it, capability remains uneven, SMEs struggle to progress, and the system evolves by default rather than design, undermining the goal of distributed national resilience.

Continue reading

CYBERUK 2026: System Ambition vs Operational Reality and the Rise of a Two-Speed Cyber Economy

Leave a Reply

CYBERUK 2026 reveals a coherent but challenging shift in UK cyber strategy: from building a policy ecosystem to operating a national cyber system. While the government drives system-level resilience and AI-enabled defence, organisations are expected to execute fundamentals under increasing pressure. The result is a growing gap between ambition and capability, driving the emergence of a two-speed cyber economy where cyber security becomes a condition of market access.

Continue reading

CYBERUK 2026: The Perfect Storm and the Limits of Fundamentals

Leave a Reply

Richard Horne’s CYBERUK 2026 keynote frames cyber security as operating in a “perfect storm” of rapid technological change and rising geopolitical tension. While reinforcing the importance of fundamentals, the speech highlights how AI and evolving threats are reshaping the landscape. The core challenge is whether organisations can maintain baseline security as capability gaps widen, raising the risk of a two-speed cyber economy.

Continue reading

CYBERUK 2026: From Policy Ecosystem to Operational Doctrine

Leave a Reply

The UK’s Security Minister, Dan Jarvis MBE’s CYBERUK 2026 speech, signals a shift from building a cyber ecosystem to actively operating a national cyber system. It elevates baseline security expectations, embeds supply chain enforcement, and positions AI as central to defence. However, this transition risks concentrating market power, potentially excluding SMEs while increasing dependence on a small number of large firms and frontier AI providers.

Continue reading

The UK Cyber Security and Resilience Bill 2025: What It Means and Why It Matters

Leave a Reply

The UK Cyber Security and Resilience Bill 2025 represents a major shift from sector-based cyber regulation to a broader national resilience framework. By expanding the NIS regime to data centres, managed service providers and critical suppliers, strengthening incident reporting, and introducing strategic governance and national security powers, the Bill closes long-standing gaps but raises challenges around proportionality, skills, regional delivery and SME impact.

Continue reading

The NCSC Annual Review 2025: Between Capability and Stasis

Leave a Reply

The article examines the NCSC Annual Review 2025 as both a testament to accomplishment and a warning. It praises the NCSC’s technical competence but questions its identity: regulator, delivery agency, or state-backed market player? It highlights contradictions — DSIT hailing it as “the jewel in the crown” while eroding its remit, diluting CyberFirst into TechFirst, ending its startup work, and overstating the benefits of Cyber Essentials. The piece concludes that the NCSC is overextended and under-defined, needing clarity of purpose more than new initiatives — less performance, more direction.

Continue reading

Systems in Tension: Britain’s China Crisis Spy Farce and the Architecture of Denial

Leave a Reply

A forensic if mordant look at how the “Chinese spies in Parliament” case collapsed.  I don’t think it was lies, more a system that’s eating itself. Legal, political, and economic silos each told their own version of the truth until coherence disappeared into the vortex. Between Cummings’ claims, Martin’s rebuttals, the embassy standoff, and Kemi Badenoch’s attack on Starmer, it’s a living portrait of Britain’s institutions locked in tension. Prosperity versus protection; diplomacy versus denial. But it doesn’t mean the system is broken; it might be working exactly as intended. Get the money in at all costs?

Continue reading

Military Theatres and Battlefield Tech: Archetypal OT, Misgoverned as ICT

Leave a Reply

This article examines how military theatres, battlefield systems, and drone technologies are quintessential Operational Technology (OT) environments, yet are often mismanaged under traditional ICT frameworks. It highlights the real-time, cyber-physical, and life-critical nature of defence systems, and argues for a shift toward mission-aware OT security governance to prevent strategic and kinetic failures.

Continue reading

A Brief History of the Term Cyber (Meaning Cybersecurity)

Leave a Reply

This article explores how the word cyber evolved from its academic roots in cybernetics to its current role as shorthand for cybersecurity. It traces the rise of cyberpunk fiction, the growing association with digital threats in the 1990s, and how UK policy frameworks adopted and institutionalised the term, culminating in the creation of the National Cyber Security Centre (NCSC). From Greek etymology to modern geopolitics, cyber has shifted from describing control to denoting risk.

Continue reading

Driving Cyber Resilience in the Defence Supply Chain: Summary of Key Actions and Recommendations and Some Thoughts

Leave a Reply

The Ministry of Defence (MOD) has issued a call to action for Defence industry CEOs and Defence Leads, underlining the critical importance of enhancing cyber resilience across the Defence supply chain, “Letter from the Second Permanent Secretary, DG Chief Information Officer and DG Commercial to Defence industry CEOs/Defence Leads“. The letter, signed by Paul Lincoln, Second Permanent Secretary; Charles Forte, DG Chief Information Officer; and Andrew Forzani, DG Commercial, stresses the heightened global cyber threat landscape and the need for immediate and robust action to safeguard the UK’s Defence capabilities.

Continue reading

Navigating the Defence and National Security Sector: Lessons from James Gayner MBE

Leave a Reply

James Gayner MBE provides a comprehensive overview of how startups can engage with the defence and national security sectors. Learn how to navigate the complex procurement landscape, build relationships with prime contractors, and overcome the hurdles faced by SMEs in this challenging but rewarding space.

Continue reading

Sun Microsystems Leads the Charge on Cloud Sovereignty and Security: Wayne Horkan, Sun CTO for the UK and Ireland, to form Cloud Security Forum

Leave a Reply

In May 2009, at the Cloud Expo Europe in London, I announced my intention to form a cross-sector forum aimed at addressing the pressing security issues surrounding cloud computing. The goal was to ensure that cloud computing, especially as it becomes a critical part of the UK’s national infrastructure, remains secure and compliant with UK laws and regulations.

Continue reading