Policy paper

DCMS cyber security newsletter - February 2023

Published 7 February 2023

1. Director’s message

Finding out more about how other nations are approaching their cyber security policy is a great way to learn. That is why I was honoured to give a speech at the UK Gulf Women in Cybersecurity Fellowship last month. The Fellowship supports women cybersecurity professionals across the Gulf by providing positive female role models, promoting peer-to-peer learning and strengthening UK Gulf cooperation and partnerships. It was great to meet so many inspiring women who are making a career in this sector.

These events and connections are essential to the success of our industry. In January Plexal hosted a showcase day for companies taking part in our Cyber Runway programme. The event gave the businesses the opportunity to pitch to industry experts and investors in order to receive feedback on their product pitches and business strategy. I would encourage you to also read Plexal CEO Andrew Roughan’s new blog where he discusses the importance of the cyber ecosystem and how startups can gain access to NCSC experts by applying for the NCSC For Startups programme in 2023.

There is still time to register to attend our CyberASAP Year 6 Cohort Demo Day on Wednesday 22 February, where fifteen UK academic teams will be showcasing their cyber security prototypes with promising commercial potential. The teams are particularly interested in meeting investors and potential commercial collaborators.

Finally, I would like to draw attention to the Department for International Trade’s North American Roadshow, which is visiting 12 cities across the UK between 27 February and 10 March. This is a great opportunity for businesses to learn about exporting to Canada and the USA with the DIT team and a range of experts.

Erika Lewis

Director, Cyber Security and Digital Identity

2. CyberASAP demonstration day: Wednesday 22 February

On Wednesday 22 February CyberASAP, DCMS’s pre-seed accelerator, will be showcasing the 15 companies on the current cohort of the programme at Level 39, Canary Wharf, London. This is an opportunity to preview their proof of concepts, meet the teams and learn more about new products and services which could be entering the UK cyber market.

The companies cover a range of sectors including smart home IoT, secure railways systems and protecting people online.  Registration is now open and the participating companies are particularly keen to speak to investors and potential commercial collaborators.

3. Provide your views on software security and resilience

The government is asking for industry views on software resilience and security for businesses and organisations. Recent incidents such as the 2020 SolarWinds attack and the discovery of the Log4j vulnerability, have demonstrated the widespread impact which insecure software can have on businesses, charities, educational institutions and other organisations. Strengthening the resilience of software is an important part of strengthening organisational cyber resilience more widely, so the government is seeking views on software cyber risk and where government action might help to mitigate them.

The deadline to provide views is Monday 1 May and you can respond to the software security consultation here.

4. New professional standard for security testing

The UK Cyber Security Council is partnering with CREST and Cyber Scheme to introduce a professional standard for security testing.

The launch of the Security Testing partnership forms part of the Council’s work to introduce a universally recognised professional standard across the cyber industry. Ultimately, the professional standard will allow practitioners to achieve recognition at either Associate, Principal or Chartered level across 16 specialisms.

CREST, an international not-for-profit membership body for the cyber security industry, and The Cyber Scheme, a NCSC accredited assessment and training provider for security testing practitioners, have partnered with the Council to deliver the programme.

5. Cyber security apprentices celebrated during National Apprenticeship Week: 6-12 February

As part of National Apprenticeship Week, DCMS has been hearing from cyber security businesses and the apprentices they hire to learn about their experiences. One such business is KryptoKloud, a Lincoln based cyber security and intelligence company that currently hires five cyber security analyst apprentices from Lincoln College. 

Ben Smith, one of KryptoKloud’s apprentices explained, “as a Lincoln College apprentice and KryptoKloud employee I have the best of all worlds: work wise, college wise and socially. The ability to live and commute from home to college and work, coupled with being able to work locally in a great modern environment with fantastic opportunities is simply amazing.”

“The operational and work-based experience that I have gained has put me into an ideal position upon which to further develop my career and fulfil my future aspirations to be a Chief Operations or Information Officer or indeed to successfully manage my own cyber security company. Finally, when I finish, not only will I have experience and qualifications, but I will also have the freedom to progress without huge debts hanging over me.” 

To find out how an apprenticeship could help your business, visit the Apprenticeships website.

6. Cyber Runway showcase day

In January companies taking part in Cyber Runway, the DCMS-funded accelerator for UK cyber sector businesses, took part in a showcase event at Plexal. The companies were able to pitch to both investors and business experts to gather feedback on their business, strategy, product and next steps. Dell Technologies and VMware sponsored the Investor Feedback Room and Lloyds Innovation Lab also hosted a room to hear from the companies.

7. Digital Security By Design Access Programme: applications open

Applications to join the Digital Security by Design (DSbD) Technology Access Programme are now open. Participating companies are supported by a wide network of professionals from Arm and the University of Cambridge to experiment with groundbreaking cyber security technology that has the potential to block up to two thirds of all memory related cyber attacks. A £15,000 grant is also available for companies with less than 250 employees to enable them to take part in the programme.

8. Cyber Essentials requirements updated as scheme achieves record numbers

The Cyber Essentials technical requirements have been updated in advance of the changes taking effect from April 2023. As part of a regular review of the scheme’s technical controls, the National Cyber Security Centre has carried out a “light touch” update to ensure it continues to help UK organisations guard against the most common cyber threats. The changes include new details around user devices, firmware, device unlocking and malware protection. This latest update (version 3.1) will take effect from 24 April 2023.

The scheme has now awarded 116,194 certificates to businesses and organisations, including 31,353 awarded during 2022 and a record 3,338 certificates awarded during the month of December 2022. For more information on Cyber Essentials, please visit the NCSC website.

9. Department for International Trade North America Roadshow: 27 February - 10 March

In February and March the Department for International Trade North America is visiting  twelve cities across the UK, where they will offer presentations and interactive sessions to help you understand the opportunities in Canada and the USA. The DIT team and a range of experts will provide key information and guidance to help you on your export journey.

You can register for a single session or a full day in a range of locations from London to Glasgow.

UK Innovation and Tech Show -
March 15, Brussels

Organised by the UK Mission to the EU, the UK Innovation & Tech Show brings together innovators, companies and thought leaders from across the UK and Europe for a stunning exhibition and a series of policy discussions around cutting edge technologies.
To be held in Brussels on Wednesday 15 March the event will include an exhibition, breakout discussions on the policy and ethics of emerging technology, a live hackathon demonstrating the potential of AI, and an inspiring opening keynote speech from the Royal Society Professor for Public Engagement in Science, Brian Cox.
You can register for free tickets online and there are still a few spaces available for exhibitors who want to showcase their hardware and technology. Exhibiting is free and assistance is potentially available for travel and accommodation costs for SMEs.

10. Volunteering opportunity: CyberPeace Builders

Does your corporation want to have a human impact in cyberspace? The CyberPeace Builders is a unique network of expert volunteers assisting humanitarian non-government organisations to manage their cyber security so they can maintain their operations. 

CyberPeace Builders are currently looking for organisations to support their work by providing volunteer time, sharing information about their free services for NGOs or funding their work.

11. Updates, advice and guidance

• Following the recent cyber incident at Royal Mail, organisations are being encouraged to review the government’s ransomware guidance
• The NCSC has launched a new cyber threat assessment for the charity sector along with updated guidance 
• HMRC is warning self-assessment tax customers to be aware of online scams as the deadline for self-assessment tax returns passes
• Don’t miss UKC3 updates and upcoming cluster events by signing up to the UKC3 newsletter.