Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Government

Government strives to increase diversity in cyber security

960 640 Stuart O'Brien

The third round of funding through the Cyber Skills Immediate Impact Fund (CSIIF) has been launched by Cyber Security Minister Nigel Adams.

The Fund aims to increase the number and diversity of people entering the cyber security profession, with training providers able to bid for up to £100,000 to work with employers and design training programmes which retrain a diverse range of individuals for a career in cyber security.

Alongside this Adams has also announced that after a competitive grant competition, the Institution of Engineering and Technology (IET) has been appointed the lead organisation in charge of designing and delivering the new UK Cyber Security Council, alongside a wider alliance of cyber security professional organisations.

The UK Cyber Security Council will aim to coordinate the existing professional landscape, to make cyber security a well structured and easy to navigate profession which represents, supports and drives excellence going forward.

Cyber Security Minister Nigel Adams said: “The UK is a world leader in tackling cyber attacks but we must make sure we continue to develop the talent we need to protect the public and business online.

“This latest round of funding demonstrates our commitment to make sure the UK’s cyber security industry has a skilled and diverse workforce and, through our new Cyber Security Council, there are clear paths for those wishing to join the profession.”

Simon Edwards, IET Director of Governance and External Engagement, said: “It’s fundamental that cyber security is seen as a nationally recognised and established profession with clear career pathways. The IET, alongside an alliance of professional cyber security organisations, will bring together the credibility and knowledge across a wide range of disciplines to further strengthen the UK’s leadership position in cyber security innovation and resilience on the global stage. With cyber skills shortages already emerging at every level, we are committed to working with the Government and the National Cyber Security Centre on delivering the rapid, yet capable development of specialist cyber skills to meet the growing needs of the industry, manage risk and secure the next generation of talent.”

Jacqueline de Rojas, President, techUK said: “As businesses become ever more reliant on digital tools, the need for a skilled and professional cyber workforce in the UK has increased. Yet the Government’s National Cyber Security Skills Strategy found that more than half of all businesses and charities in the UK have a basic cyber security skills gap.

“Increasing diversity in the sector is one way in which we can seek to plug the growing cyber skills gap, and that is why initiatives like the Immediate Impact Fund are so important. Coupled with the creation of a new Cyber Security Council that will create clearer pathways for people entering the sector, these announcements will go a long way to ensuring that we create and nurture our cyber professionals and continue making the UK the safest place to be online.”

The deadline for applications to the Cyber Skills Immediate Impact Fund (CSIIF) is the 27th September.

Twelve initiatives have already received support from CSIIF with more than 400 people benefitting from training opportunities.

Google, Microsoft back UK government on cyber security

960 640 Stuart O'Brien

Major businesses including Google and Microsoft have pledged to help the UK tackle the most damaging cyber security threats.

Up to £117 million of private industry investment will be combined with £70 million of government funding through the modern Industrial Strategy to develop new technologies.

These will range from a new and secure hardware prototype that can cope with cyber-attacks, to software protected from new vulnerabilities appearing online.

The government says that with cyber threats constantly evolving, the best defence in the future is seen as developing innovative solutions that can work independently and protect against threats even during attacks. It also wants to ensure that every UK organisation is as cyber secure and resilient as possible.

Nearly all UK businesses are reliant on digital technology and online services, yet more than 30% have experienced a cyber-security breach or attack in the last 12 months, according to the government’s own data.

For example, hackable home wifi routers can be used by attackers in botnets to attack major services and businesses.

The government says businesses are having to spend increasing amounts on cyber security, up to 20 to 40% of their IT spend in some cases. And as more and more systems are connected, whether in the home or businesses, there is a need for security that is secure by design.

Business Secretary Greg Clark said: “Digital devices and online services are powering more of our daily lives than ever before, from booking a doctors’ appointment to buying online shopping. While these devices and services bring great benefits to businesses and consumers, they come with the associated risks of cyber-attacks and threats that are becoming increasingly complex to tackle.

“As we move to a more data-driven economy, nearly all UK businesses and organisations are reliant on these digital technologies and online services – but the threat of cyber-attacks is ever-present, with more than 30% of businesses having experienced a cyber-security breach or attack in the last 12 months.

“With government and industry investing together as part of our modern Industrial Strategy, we will ensure that the UK is well placed to capitalise on our status as one of the world leaders in cyber security by ‘designing in’ innovative measures into our technology that protect us from cyber threats. This will also help us bring down the growing cybersecurity costs to businesses.”

This expected joint investment will create projects to develop new solutions to cyber security over the next 5 years, with the aim of applying the findings in real-world markets through dedicated demo-projects led by business.

For example, these demo projects could include testing the new technology in the health sector to ensure a higher level of protection for patient data, or in consumer markets to ensure consumers’ personal data is fully protected as far as possible.

Dr Ian Levy, National Cyber Security Centre’s Technical Director said: “The National Cyber Security Centre is committed to improving security from the ground up, and we have been working closely with government to promote adoption of technology and practices to protect the UK.

“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”

Developing innovative solutions to cyber security will help put the UK at the forefront of the AI and data revolution, in support of the government’s AI and Data Grand Challenge.

Details on the upcoming rounds of funding for this Digital Security by Design challenge, which will likely bring together academics, research institutions, start-ups, SMEs and large businesses, will be announced later this year.

Image by Gerd Altmann from Pixabay

Redscan criticises new Government cybersecurity stats

960 640 Stuart O'Brien

Redscan has disputed the findings of the Department for Digital, Culture, Media and Sport’s latest Cyber Security Breaches Survey.

The firm has argued that response bias and the sample of participants makes it impossible to fully trust the data.

The DCMS report found that the cost of breaches has gone up for the third year in a row and suggests that fewer breaches are taking place (due to businesses being more secure).

Redscan has taken issue with that conclusion, with CTO Mark Nicholls stating that while the Government’s latest cybersecurity survey figures provide some interesting insights, response bias of the participants means we should avoid drawing any firm conclusions.

He said: “The finding that many businesses can identify a data breach instantly, for instance, just doesn’t ring true. Interpreting the results is also clouded by the fact that half of organisations surveyed were micro businesses with fewer than 9 employees. 

“While the report suggests that cyber security is becoming a higher priority among businesses, evidenced by more senior management buy in, businesses still struggle to properly assess the risks as well as identify and respond to breaches. 

“Despite an increase in the cost of breaches, the figures are still surprisingly low– likely due to businesses self-reporting, as well as the fact that these numbers don’t consider hidden costs such as reputational damage. 

“Nowhere near enough businesses have undertaken cyber risk assessments and less than a third made changes because of the GDPR’s introduction. These are very worrying statistics, no matter how you look at them. 

“The proportion of businesses identifying breaches or attacks (32%) is now lower than in 2018. The report suggests that this may be due to businesses being more secure, but many simply aren’t aware they’ve been breached. Attackers are getting stealthier and staying on the network undetected for longer. 

“As to the statistic that two third of business businesses can identify a breach instantly, this is patently false. Real-world data from the ICO suggests it takes closer to 60 days on average.” 

Government wants to ‘design out’ cyber threats

960 640 Stuart O'Brien

Business Secretary has announced measures for the UK to become a ‘world leader’ in the race against cyber security threats.

The government says businesses and consumers will benefit from increased security and protections built into digital devices and online services with the help of up to £70 million in government investment through the Industrial Strategy Challenge Fund, backed by further investment from industry.

This investment will support research into the design and development of hardware so that they will be more secure and resilient from the outset.

The ambitious aim is to ‘design out’ many forms of cyber threats by ‘designing in’ security and protection technology/solutions into hardware and chip designs, ultimately helping to eradicate a significant proportion of the current cyber risks for businesses and services in future connected smart products.

Clark said the best defence in the future is seen as developing innovative solutions that can work independently and protect against threats even during attacks and that the government wants to ensure that every UK organisation is as cyber secure and resilient as possible.

A further £30 million of government investment will aim to ensure smart systems, such as doors and central heating systems, are safe and secure, with more than 420 million such devices in use across the UK within the next 3 years.

The government is aiming for R&D investment to reach 2.4% of GDP by 2027.

Clark said: “This could be a real step-change in computer and online security, better protecting businesses, services and consumers from cyber-attacks resulting in benefits for consumers and the economy. With businesses having to invest more and more in tackling ever more complex cyber attacks, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut the growing cybersecurity costs to businesses.

Nearly all UK businesses are reliant on digital technology and online services, yet more than 40% have experienced a cyber-security breach or attack in the last 12 months. Hackable home Wi-Fi routers can be used by attackers in botnets to attack major services and businesses. Moreover, consumers are often the worst affected by mass information leaks than the organisation that held their data. Businesses are having to spend increasing amounts on cyber security, up to 20-40% of their IT spend in some cases. And as more and more systems are connected, whether in the home or businesses, there is a need for security that is secure by design.

Digital Minister Margot James said: “We want the UK to be a safer place to live and work online. We’re moving the burden away from consumers to manufacturers, so strong cyber security is built into the design of products. This funding will help us work with industry to do just that, improving the strength and resilience of hardware to better protect consumers from cyber-attacks.”

Dr Ian Levy, National Cyber Security Centre’s Technical Director, said: “The National Cyber Security Centre is committed to improving security from the ground up, and we have been working closely with government to promote adoption of technology and practices to protect the UK.

“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”

UK businesses looking for more cybercrime support from government

960 640 Stuart O'Brien

Research has revealed that UK businesses are looking to the Government for greater support to safeguard them from the ongoing threat of cybercrime.

According to RedSeal, nearly three-quarters (68%) of IT bosses polled for the survey said that their business had suffered at least one attack in the past 12 months, while almost a third (31%) said that the Government didn’t offer enough support or guidance on best cybersecurity practices.  

Other statistics included 19% of businesses polled admitting to not having a plan in place to deal with a cyberattack, along with 65% of IT teams  suggesting that senior management needed to take more notice to cybersecurity in 2019.

“We commissioned this research to explore how prepared businesses are to continue operating during an attack,” said Ray Rothrock, CEO of RedSeal.  “The number of high profile breaches has meant that 2018 has become the year where businesses are left wondering what more they can do to protect themselves, how to remain resilient, to keep operating and minimise customer damage.

“Our research highlights the fact that that senior IT bosses want the UK government direct more attention, money and resource to supporting their businesses in the face of cyberattacks.”

The research follows recent revelations from the National Cyber Security Centre which found that only 30% of UK businesses have a board member with responsibility for cybersecurity and only 10% require their suppliers to adhere to any cyber standards.

UK Government cyber security efforts ‘lack clear political leadership’

960 640 Stuart O'Brien

The cyber threat to the UK’s critical national infrastructure (CNI) is as credible, potentially devastating and immediate as any other threat faced by the UK, according to the Joint Committee on the National Security Strategy.

The Committee’s latest report says the Government is not acting with the urgency and forcefulness that the situation demands, with the UK’s CNI a natural target for a major cyber attack because of its importance to daily life and the economy.

The Report on Cyber Security of the UK’s Critical National Infrastructure says that as some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing.

In fact, the head of the National Cyber Security Centre has said that a major cyber attack on the United Kingdom is a matter of ‘when, not if’.

The state-sponsored 2017 WannaCry attack greatly affected the NHS even though it was not itself a target and demonstrated the potential significant consequences of attacks on UK infrastructure.

Ministers have acknowledged that more must be done to improve the cyber resilience of CNI and the Government has taken some important steps in the two years since the National Cyber Security Strategy was published.

It set up the National Cyber Security Centre as a national technical authority, but the Joint Committee says its current capacity is being outstripped by demand for its services.

The Joint Committee added that while a tightened regulatory regime, required by an EU Directive that applies to all member states, has been brought into force for some, but not all, CNI sectors, it will not be enough to achieve the required leap forward across the thirteen CNI sectors (including energy, health services, transport and water).

Chair of the Committee, Margaret Beckett MP, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat.

“It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.

“There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.

“My Committee recently reported on the importance of also building the cyber security skills base.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

UK government introduces ‘Minimum Cybersecurity Standard’

960 640 Stuart O'Brien

The UK government has outlined the minimum cybersecurity standards that it expects for its own day-to-day operations in a new document developed in collaboration with the National Cyber Security Centre.

Over time, the measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of new Active Cyber Defence measures.

The new standard will be incorporated into the Government Functional Standard for Security, obliging government departments and suppliers to comply.

The Minimum Cybersecurity Standard was published last week – you can view/download it here.

The HMG Security Policy Framework (SPF) provides the mandatory protective security outcomes that all Departments are required to achieve. The document defines the minimum security measures that Departments shall implement with regards to protecting their information, technology and digital services to meet their SPF and National Cyber Security Strategy obligations.

The Standards comprise 10 sections, covering five categories: Identify, Protect, Detect, Respond and Recover, and also set expectations for governance, such as obliging government departments to create “clear lines of responsibility and accountability to named individuals for the security of sensitive information and key operational services”.

Other elements of the Standard include the requirement for departments to identify and catalogue sensitive information they hold, implement access controls, and also implement TLS encryption standards for email. In addition, departments will be required to have cyber-incident response plans, as well as cyber-attack detection measures.

Fines of up to £17m if UK infrastructure firms neglect cyber security

960 640 Stuart O'Brien

The Government has announced plans to fine Infrastructure firms up to £17m if they don’t have adequate cyber security measures in place.

Under a new directive, UK regulators will be able to inspect cyber security at premises operated by transport, energy water and health companies, checking for any threat to public safety and possibility of significant adverse or economic impact resulting from a disruptive incident.

The announcement follows plans last year from the Department for Digital, Culture, Media and Sport to bring the UK in line with the EU Network and Information Systems (NIS) Directive, which comes into effect in May.

The directive will also cover threats affecting IT services, hardware failures and environmental attacks.

Margot James, Minister for Digital and the Creative Industries, said: “Today we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online.

“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.”

Discussing the directive, Jens Monrad, analyst at cyber security company FireEye, said: “With so many nations, including the UK, now relying on digitalisation, hackers may look to cause mass disruption by targeting critical national infrastructure,” said Jens Monrad, at cyber-security company FireEye.

“This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity.”

Armour Comms enjoys sales boost

960 640 Stuart O'Brien

Armour Communications, a provider of specialist, secure communications solutions, has seen unprecedented growth in the last few months following a flurry of new high profile deals.

The firm has installed its flagship Armour Mobile at three Government departments, while its US division has also signed a number of new agreements.

Armour is now working with 15 technology and innovation partners to deliver its higher assurance solution Armour Black, and its Push To Talk variant Armour Blue. In order to support partners and customers, Armour has also launched a new website which will include portals for specific content and marketing material for partner and customer audiences.

David Holman, a director at Armour Communications said: “We’ve had a very strong quarter. As well as three major contracts signed, we have pilot projects running with several more Government departments and law enforcement agencies. We have a number of new technology partners, who will be instrumental in our development of further higher assurance solutions through our Armour Black family of products. To support all this growth and development we have recruited several new members of staff for development, quality and testing.”

Armour Mobile provides secure voice calls, video calls, one-to-one and group messaging, voice and video conference calls, file attachments and sent/received/read message status. It is FIPS-140-2 validated and has been awarded many other certifications including CPA (Commercial Product Assurance) from the National Cyber Security Centre (NCSC) and is included in the NATO Information Assurance catalogue.

UK Cyber Attacks

UK company bosses ‘not trained to deal with cyber attacks’

960 640 Stuart O'Brien

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68 per cent) despite more than half saying cyber threats were a top risk to their business (54 per cent).

One in ten FTSE 350 companies said they operate without a response plan for a cyber incident, while less than a third of boards receive comprehensive cyber risk information.

The Department for Digital, Culture, Media & Sport says the report highlights the scale of the cyber security and data protection challenge in the UK, with only six per cent of businesses completely prepared for new data protection rules.

However, there has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53 per cent up from 33 per cent) and more than half of businesses having a clear understanding of the impact of a cyber attack (57 per cent up from 49 per cent).

The Government says it is fully committed to defending against cyber threats and a five-year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9 billion of transformational investment. This includes opening the National Cyber Security Centre and offering free online advice as well as training schemes to help businesses protect themselves.

Minister for Digital Matt Hancock said: “We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.

“These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.”

The FTSE 350 Cyber Governance Health Check is carried out in collaboration with the audit community, including Deloitte, EY, KPMG and PWC.

  • 1
  • 2