Government Archives - Page 2 of 2 - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Government

UK businesses looking for more cybercrime support from government

960 640 Stuart O'Brien

Research has revealed that UK businesses are looking to the Government for greater support to safeguard them from the ongoing threat of cybercrime.

According to RedSeal, nearly three-quarters (68%) of IT bosses polled for the survey said that their business had suffered at least one attack in the past 12 months, while almost a third (31%) said that the Government didn’t offer enough support or guidance on best cybersecurity practices.  

Other statistics included 19% of businesses polled admitting to not having a plan in place to deal with a cyberattack, along with 65% of IT teams  suggesting that senior management needed to take more notice to cybersecurity in 2019.

“We commissioned this research to explore how prepared businesses are to continue operating during an attack,” said Ray Rothrock, CEO of RedSeal.  “The number of high profile breaches has meant that 2018 has become the year where businesses are left wondering what more they can do to protect themselves, how to remain resilient, to keep operating and minimise customer damage.

“Our research highlights the fact that that senior IT bosses want the UK government direct more attention, money and resource to supporting their businesses in the face of cyberattacks.”

The research follows recent revelations from the National Cyber Security Centre which found that only 30% of UK businesses have a board member with responsibility for cybersecurity and only 10% require their suppliers to adhere to any cyber standards.

UK Government cyber security efforts ‘lack clear political leadership’

960 640 Stuart O'Brien

The cyber threat to the UK’s critical national infrastructure (CNI) is as credible, potentially devastating and immediate as any other threat faced by the UK, according to the Joint Committee on the National Security Strategy.

The Committee’s latest report says the Government is not acting with the urgency and forcefulness that the situation demands, with the UK’s CNI a natural target for a major cyber attack because of its importance to daily life and the economy.

The Report on Cyber Security of the UK’s Critical National Infrastructure says that as some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing.

In fact, the head of the National Cyber Security Centre has said that a major cyber attack on the United Kingdom is a matter of ‘when, not if’.

The state-sponsored 2017 WannaCry attack greatly affected the NHS even though it was not itself a target and demonstrated the potential significant consequences of attacks on UK infrastructure.

Ministers have acknowledged that more must be done to improve the cyber resilience of CNI and the Government has taken some important steps in the two years since the National Cyber Security Strategy was published.

It set up the National Cyber Security Centre as a national technical authority, but the Joint Committee says its current capacity is being outstripped by demand for its services.

The Joint Committee added that while a tightened regulatory regime, required by an EU Directive that applies to all member states, has been brought into force for some, but not all, CNI sectors, it will not be enough to achieve the required leap forward across the thirteen CNI sectors (including energy, health services, transport and water).

Chair of the Committee, Margaret Beckett MP, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat.

“It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.

“There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.

“My Committee recently reported on the importance of also building the cyber security skills base.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

UK government introduces ‘Minimum Cybersecurity Standard’

960 640 Stuart O'Brien

The UK government has outlined the minimum cybersecurity standards that it expects for its own day-to-day operations in a new document developed in collaboration with the National Cyber Security Centre.

Over time, the measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of new Active Cyber Defence measures.

The new standard will be incorporated into the Government Functional Standard for Security, obliging government departments and suppliers to comply.

The Minimum Cybersecurity Standard was published last week – you can view/download it here.

The HMG Security Policy Framework (SPF) provides the mandatory protective security outcomes that all Departments are required to achieve. The document defines the minimum security measures that Departments shall implement with regards to protecting their information, technology and digital services to meet their SPF and National Cyber Security Strategy obligations.

The Standards comprise 10 sections, covering five categories: Identify, Protect, Detect, Respond and Recover, and also set expectations for governance, such as obliging government departments to create “clear lines of responsibility and accountability to named individuals for the security of sensitive information and key operational services”.

Other elements of the Standard include the requirement for departments to identify and catalogue sensitive information they hold, implement access controls, and also implement TLS encryption standards for email. In addition, departments will be required to have cyber-incident response plans, as well as cyber-attack detection measures.

Fines of up to £17m if UK infrastructure firms neglect cyber security

960 640 Stuart O'Brien

The Government has announced plans to fine Infrastructure firms up to £17m if they don’t have adequate cyber security measures in place.

Under a new directive, UK regulators will be able to inspect cyber security at premises operated by transport, energy water and health companies, checking for any threat to public safety and possibility of significant adverse or economic impact resulting from a disruptive incident.

The announcement follows plans last year from the Department for Digital, Culture, Media and Sport to bring the UK in line with the EU Network and Information Systems (NIS) Directive, which comes into effect in May.

The directive will also cover threats affecting IT services, hardware failures and environmental attacks.

Margot James, Minister for Digital and the Creative Industries, said: “Today we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online.

“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.”

Discussing the directive, Jens Monrad, analyst at cyber security company FireEye, said: “With so many nations, including the UK, now relying on digitalisation, hackers may look to cause mass disruption by targeting critical national infrastructure,” said Jens Monrad, at cyber-security company FireEye.

“This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity.”

Armour Comms enjoys sales boost

960 640 Stuart O'Brien

Armour Communications, a provider of specialist, secure communications solutions, has seen unprecedented growth in the last few months following a flurry of new high profile deals.

The firm has installed its flagship Armour Mobile at three Government departments, while its US division has also signed a number of new agreements.

Armour is now working with 15 technology and innovation partners to deliver its higher assurance solution Armour Black, and its Push To Talk variant Armour Blue. In order to support partners and customers, Armour has also launched a new website which will include portals for specific content and marketing material for partner and customer audiences.

David Holman, a director at Armour Communications said: “We’ve had a very strong quarter. As well as three major contracts signed, we have pilot projects running with several more Government departments and law enforcement agencies. We have a number of new technology partners, who will be instrumental in our development of further higher assurance solutions through our Armour Black family of products. To support all this growth and development we have recruited several new members of staff for development, quality and testing.”

Armour Mobile provides secure voice calls, video calls, one-to-one and group messaging, voice and video conference calls, file attachments and sent/received/read message status. It is FIPS-140-2 validated and has been awarded many other certifications including CPA (Commercial Product Assurance) from the National Cyber Security Centre (NCSC) and is included in the NATO Information Assurance catalogue.

UK Cyber Attacks

UK company bosses ‘not trained to deal with cyber attacks’

960 640 Stuart O'Brien

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68 per cent) despite more than half saying cyber threats were a top risk to their business (54 per cent).

One in ten FTSE 350 companies said they operate without a response plan for a cyber incident, while less than a third of boards receive comprehensive cyber risk information.

The Department for Digital, Culture, Media & Sport says the report highlights the scale of the cyber security and data protection challenge in the UK, with only six per cent of businesses completely prepared for new data protection rules.

However, there has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53 per cent up from 33 per cent) and more than half of businesses having a clear understanding of the impact of a cyber attack (57 per cent up from 49 per cent).

The Government says it is fully committed to defending against cyber threats and a five-year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9 billion of transformational investment. This includes opening the National Cyber Security Centre and offering free online advice as well as training schemes to help businesses protect themselves.

Minister for Digital Matt Hancock said: “We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.

“These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.”

The FTSE 350 Cyber Governance Health Check is carried out in collaboration with the audit community, including Deloitte, EY, KPMG and PWC.

UK Hacking Fines

UK firms to face fines of up to £17m if they fail to protect against hackers

960 640 Stuart O'Brien

The UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill.

The aim is to give consumers the confidence that their data will be managed securely and safely. Research shows that more than 80 per cent of people feel that they do not have complete control over their data online.

Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood. The reliance on default opt-out or pre-selected ‘tick boxes’, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.

Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or four per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will:

  • Make it simpler to withdraw consent for the use of personal data
  • Allow people to ask for their personal data held by companies to be erased
  • Enable parents and guardians to give consent for their child’s data to be used
  • Require ‘explicit’ consent to be necessary for processing sensitive personal data
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
  • Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
  • Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
  • Make it easier for customers to move data between service providers

New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.

Elizabeth Denham, Information Commissioner, said: “We are pleased the Government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.

The Bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit.

Julian David, CEO of techUK, offered: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.

“This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”

Smart Car

UK government issues smart car security guidelines

960 640 Stuart O'Brien

A new generation of internet-connected cars will have to be better protected from hackers, under tough new UK government guidance issued this week.

Smart vehicles are increasingly becoming the norm on British roads – allowing drivers to access maps, travel information and new digital radio services from the driving seat.

But while smart cars and vans offer new services for drivers, it is feared would-be hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons.

The new government guidance has been written to ensure engineers developing smart vehicles will have to toughen up cyber protections and help ‘design out’ hacking.

The government is also looking at a broader programme of work announced in this year’s Queen’s speech under the landmark Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.

It is claimed the legislation will put Britain at the centre of the new technological developments in smart and autonomous vehicles – while ensuring safety and consumer protection remain at the heart of the emerging industry.

Measures to be put before Parliament mean that insuring modern vehicles will provide protection for consumers if technologies fail.

This comes alongside new guidance that means manufacturers will need to design out cyber security threats as part of their development work.

This, the government says, will cement the UK as a world-leading location for research and development for the next generation of vehicles. And it forms part of the government’s drive to ensure the country harnesses the economic and job-creating potential of new tech industries.

Transport Minister Lord Callanan said: “Our cars are becoming smarter and self-driving technology will revolutionise the way in which we travel. Risks of people hacking into the technology might be low, but we must make sure the public is protected. Whether we’re turning vehicles into wifi connected hotspots or equipping them with millions of lines of code to become fully automated, it is important that they are protected against cyber-attacks.

“That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations.”

NHS faces staff retention crisis

960 692 Stuart O'Brien

Figures released by the Nursing and Midwifery Council have revealed that more nurses and midwives are leaving the profession than joining, up to 51% in a four year period.

Low pay, poor working conditions, long hours and a shortage of qualified staff are all blamed for the decision to leave.

For the first time ever, the Royal College of Nursing (RCN) figures show that more have left the register than joined during 2016/17.

With over 40,000 nursing vacancies in England, the RCN and Royal College Of Midwives (RCM) have called on the Government to scrap the pay cap to help halt the loss of talent.

In an interview with Sky News, Saffron Cordery, director of policy and strategy at NHS Providers, said: “This goes beyond the concerns over Brexit – worrying though they are.

“The reduction in numbers is most pronounced among UK registrants. And it is particularly disappointing to see so many of our younger nurses and midwives choosing to leave.”

Janet Davies, chief executive of the Royal College of Nursing, said: “With more people leaving than joining, the NHS will be further than ever from filling the 40,000 vacant nurse jobs in England alone.

“The 1% cap means nursing staff can no longer afford to stay in the profession and scrapping student funding means people can no longer afford to join it.”

  • 1
  • 2