Publication - Progress report

Cyber resilience strategy 2015-2020: progress report

This report entitled 'Firm foundations' highlights the progress of 'Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland' (2015-2020).

Cyber resilience strategy 2015-2020: progress report
1. Creating the right conditions for Scotland

1. Creating the right conditions for Scotland

1.1 The Strategy's vision

Safe, secure and prosperous: a cyber resilience strategy for Scotland (the Strategy) was published in November 2015[1]. It has, at its heart, the vision that Scotland could
be a world leader in cyber resilience and be a nation that could claim, by 2020, to have achieved the following outcomes:

1. our people are informed and prepared to make the most of digital technologies safely

2. our businesses and organisations recognise the risks in the digital world and are well-prepared to manage them

3. we have confidence in and trust our digital public services

4. we have a growing and renowned cyber resilience research community

5. we have a global reputation for being a secure place to live and learn, and to set
up and invest in business

6. we have an innovative cyber security goods and services industry that can help meet global demand

The Strategy's outcomes contribute to a number of national outcomes in Scotland's National Performance Framework (NPF). The figure on the next page shows how the Strategy contributes to the NPF, and how Scotland's NPF in turn contributes to the UN Sustainable Development Goals

Strategic Outcomes

Our people are informed and prepared to make the most of digital technologies safely

Contributes to

National Performance Framework Outcomes

We tackle poverty by sharing opportunities, wealth and power more equally

We are well educated, skilled and able to contribute to society

We live in communities that are inclusive, empowered, resilient and safe

Contributes to

UN Sustainable Development Goals

1. No poverty
10. Reduced inequalities

4. Quality education
10. Reduced inequalities

11. Sustainable cities and communities

Strategic Outcomes

Our businesses and organisations recognise the risks in the digital world and are well-prepared to manage them

Contributes to

National Performance Framework Outcomes

We live in communities that are inclusive, empowered, resilient and safe

We have thriving and innovative businesses, with quality jobs and fair work for everyone

We have a globally competitive, entrepreneurial, inclusive and sustainable economy

Contributes to

UN Sustainable Development Goals

9. Industry, innovation and infrastructure
11. Sustainable cities and communities

8. Decent work and economic growth
9. Industry, innovation and infrastructure

8. Decent work and economic growth
9. Industry, innovation and infrastructure

Strategic Outcomes

We have confidence in and trust our digital public services

Contributes to

National Performance Framework Outcomes

We live in communities that are inclusive, empowered, resilient and safe

We respect, protect and fulfil human rights and live free from discrimination

Contributes to

UN Sustainable Development Goals

9. Industry, innovation and infrastructure
11. Sustainable cities and communities

16. Peace, justice and strong institutions

Strategic Outcomes

We have a growing and renowned cyber resilience research community

Contributes to

National Performance Framework Outcomes

We are well educated, skilled and able to contribute to society

We have a globally competitive, entrepreneurial, inclusive and sustainable economy

Contributes to

UN Sustainable Development Goals

4. Quality education

8. Decent work and economic growth
9. Industry, innovation and infrastructure

Strategic Outcomes

We have a global reputation for being a secure place to live and learn, and to set up and invest in business

Contributes to

National Performance Framework Outcomes

We live in communities that are inclusive, empowered, resilient and safe

We have a globally competitive, entrepreneurial, inclusive and sustainable economy

We are open, connected and make a positive contribution internationally

Contributes to

UN Sustainable Development Goals

9. Industry, innovation and infrastructure
11. Sustainable cities and communities

8. Decent work and economic growth
9. Industry, innovation and infrastructure

17. Partnerships

Strategic Outcomes

We have an innovative cyber security, goods and services industry that can help meet global demand

Contributes to

National Performance Framework Outcomes

We have thriving and innovative businesses, with quality jobs and fair work for everyone

We have a globally competitive, entrepreneurial, inclusive and sustainable economy

We are open, connected and make a positive contribution internationally

Contributes to

UN Sustainable Development Goals

8. Decent work and economic growth
9. Industry, innovation and infrastructure

8. Decent work and economic growth
9. Industry, innovation and infrastructure

17. Partnerships

The Strategy also aligns to Scotland's Digital Strategy Realising Scotland's Full Potential in a Digital World which was published in March 2017. This had a number of ambitions, including our vision of Scotland as a country with a global reputation for being a secure place to work, learn and do business. 

The actions delivered under the Strategy align closely and contribute to the objectives of the UK's National Cyber Security Strategy (2016-2021), which are to:

  • defend our people, organisations and infrastructure
  • deter our adversaries
  • develop our research, skills and industry

Under the UK's National Cyber Security Funding Programme, funding was identified for delivering these objectives in Scotland amounting to £6.8 million between 2017 and 2021. 

This funding, plus an additional £3.48 million from the Scottish Government (a total of £10.28 million), has enabled a number of programmes, projects and interventions to be delivered across the country. We detail these, and their outcomes, throughout this report.

1.2 Leadership and Partnership Working 

Scotland's approach to policy development is collaborative. The Strategy and its linked action plans were developed with partners from a number of organisations across sectors. Organisations and individuals were able to have their voices heard through
a public consultation. Individual governance structures were put in place to oversee the development and delivery of each action plan. 

To provide strategic advice, challenge and support to Scottish Ministers, the National Cyber Resilience Leaders' Board was established in September 2016, chaired until December 2018 by Hugh Aitken CBE. In March 2019, David Ferbrache OBE became chair of a restructured Board, renamed the National Cyber Resilience Advisory Board. Bringing together leaders and influencers from across the private, public and third sectors, the Board has been an influential and important sounding-board for the Cyber Resilience Unit in the Scottish Government which has responsibility for coordinating the implementation of the strategy and action plans. 

1.3 The Action Plans 

Following the global "Wannacry" cyber attack in May 2017, Scottish Ministers asked the National Cyber Resilience Leaders' Board to work with the Scottish Government to put in place a suite of action plans which would accelerate the Strategy with the aims of improving cyber resilience across sectors, embedding cyber resilience in our education and lifelong learning system and driving the growth of our CyberSec products and services industry. Five actions plans were developed:

Public Sector Action Plan (2017-2018) aiming to:

  • establish a common, effective, risk-based approach to cyber resilience across Scottish public bodies
  • ensure that Scotland's Public Sector has technical measures in place to protect against cyber threats 
  • engage with the Public Sector to promote a consistent implementation of a risk-based supply chain cyber security policy
  • ensure that the Public Sector is regarded as an exemplar in cyber resilience

Private Sector Action Plan (2018-2020) aiming to:

  • strengthen awareness-raising and systems of advice and support
  • strengthen incentives to improve cyber resilience in Scotland's Private Sector

Third Sector Action Plan 2018-2020) aiming to:

  • strengthen communications, awareness-raising and systems of advice and support
  • strengthen partnership working, leadership and knowledge sharing in Scotland's Third Sector
  • strengthen incentives to improve cyber resilience in the Third Sector

Learning and Skills Action Plan (2018-2020) aiming to: 

  • increase people's cyber resilience through awareness raising and engagement
  • explicitly embed cyber resilience throughout our education and lifelong learning system
  • increase people's cyber resilience at work
  • develop the cyber security workforce and profession to ensure that skills supply meets demand and that skilled individuals can find rewarding employment in Scotland

Economic Opportunity Action Plan (2018-2021) aiming to:

  • develop the right market conditions to encourage continued growth of the cyber cluster
  • develop the right academic capability and capacity to grow business innovation
  • develop the right cluster management arrangements to ensure coordination and increase impact
  • develop the right supporting institutions to stimulate innovation and renewal within the cluster
  • develop the right brand to promote Scotland's cyber cluster globally, grow exports, and reflect Scotland's position as the place to be for researching, developing and supplying cyber goods and services

The table below shows how the action plans contributed to the strategic outcomes.

Action Plans

Public sector

Private sector

Third sector

Learning and skills

Economic opportunity

Strategic Outcomes

Our people are informed and prepared to make the most of digital technologies safely

Our businesses and organisations recognise the risks in the digital world and are well-prepared to manage them

We have confidence in and trust our digital public services

We have a growing and renowned cyber resilience research community

We have a global reputation for being a secure place to live and learn, and to set up and invest in business

We have an innovative cyber security, goods and services industry that can help meet global demand

Strategic Vision

Scotland is a world leader in cyber resilience

Partnership working

The following partners have been involved in developing, delivering and supporting
the implementation of all aspects of the Strategy:

  • The Scottish Government
  • National Cyber Resilience Advisory Board
  • National Cyber Security Centre
  • Police Scotland
  • UK Government

Our full list of partners involved in delivering the actions within the plans can be found in Annex A.


Contact

Email: cyberresilience@gov.scot