DSIT cyber security newsletter - February 2024
Published 7 February 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-february-2024/dsit-cyber-security-newsletter-february-2024
1. Director’s message
Welcome to what is sadly my last newsletter as director of the Cyber Security and Digital Identity at DSIT. From next month I will be the CEO of Connected Places Catapult, the UK’s innovation accelerator for cities, transport, and place leadership. I will be very sorry to leave the CSDI team, but I am happy to reflect on some of our successes as a directorate over the past few years, including the establishment of the UK Cyber Security Council, the introduction of the Product Security and Telecommunications Infrastructure Act and Regulations and the continued growth of the UK cyber security sector, supported by programmes such as Cyber Runway.
It’s also fitting that I am leaving on the one-year anniversary of the establishment of our new department, which clearly demonstrates the government’s commitment to make the UK a science and tech superpower by 2030. My new position is closely linked to the world of cyber and I will still be working closely with my DSIT colleagues in the future. Andrew Elliot will be stepping up to my role as director until a permanent replacement is recruited.
I may be leaving but our work continues. To help strengthen businesses’ cyber protection we are urging leaders to engage with a newly proposed cyber governance code of practice. The code is currently open for comments so if you would like to help shape this document, please respond by 19 March.
I am also pleased to announce we are once again sponsoring the Infosecurity Europe Most Innovative Cyber SME competition. If you would like the opportunity for a stand at the conference, speaking slots and the chance to be crowned most Innovative Cyber SME 2024 please enter the competition before 29 March. It’s really an excellent opportunity to showcase your company at a great event.
Finally, today we are launching this year’s cohort of CyberASAP, our programme which helps commercialise the most promising cyber security research. We are investing up to £800,000 in the most innovative projects and there will be two strands: one focusing on specific industry-led challenges, plus an open strand. Applications close on 6 March – so please share with your networks.
Erika Lewis
Director, Cyber Security and Digital Identity
2. Give your views on new Cyber Governance Code of Practice
The government has urged business leaders to toughen up their cyber attack protections using a new cyber governance code of practice, which is open for comment. The draft code will help directors and business leaders boost their organisations’ resilience against cyber threats and ensure cyber security is seen as a corporate risk, not just an IT issue. The call for views is open for eight weeks until 19 March. Please visit the government website to read the call for views and respond to the survey.
3. Government proposals on software resilience and security
The government has published new policy proposals on software resilience and security to help address software risks which affect organisations across the economy. The plans aim to empower those who develop, buy and sell software to better reduce risk and prioritise the protection of organisations which rely on software for their day-to-day operations. They will help ensure software is developed and maintained securely, with risks better managed and communicated throughout supply chains. The government is working with industry to develop these proposals further, including developing a code of practice for software vendors.
For more information, please read the government response.
4. Infosecurity Europe: Most Innovative Cyber SME competition – Open for entries
Entries are now open for the Most Innovative Cyber SME competition at Infosecurity Europe 2024. Run jointly by Infosecurity Europe and DSIT, the competition is looking for the most creative and original cyber security companies in the country, one of which will be crowned the UK’s Most Innovative Cyber SME 2024.
The top 14 innovative cyber SMEs will be invited to join the Cyber Innovation Zone at Infosecurity Europe 2024 - Europe’s leading cyber security event taking place on 4 – 6 June. They will be offered an event exhibition package, two showcase speaking slots and a marketing package. The winner will be announced at the event.
Infosecurity Europe 2024 is the most comprehensive cyber security exhibition in Europe. Your company will benefit from featuring in one of Europe’s top events for the information security industry and be able to showcase your services and products in front of an audience of cyber security professionals, buyers and investors.
The deadline for application is 29 March. The finalists will be announced on 22 April.
5. CyberASAP Cohort 8 - open for applications
Applications are now open for the latest cohort of CyberASAP, the DSIT-funded programme delivered in partnership with InnovateUK, to identify and commercialise the best cyber academic innovation.
This year the government is investing up to £800,000 and there will be two strands: a challenge-led strand focusing on security for AI models, software supply chains, and Industrial Internet of Things (or operational technology), and an open strand for other areas of research.
There will be an online briefing event for UK academics at 1pm on Tuesday 6 February.
Applications close at 11am on 6 March.
6. Cyber Runway events in Harwell (21 Feb) and Dundee (26 Feb)
As part Cyber Runway, the DSIT-funded accelerator for UK cyber businesses, two events are being held in February in Harwell (21 Feb) and Dundee (26 Feb).
The event in Harwell focuses on cyber in space. Experts from the European Space Agency will be present to share insights on challenges in the sector and how startups can get involved. There will also be an opportunity to pitch to the ESA and investors.
The Dundee event, held at Abertay Cyber Quarter, will help cyber SMEs navigate the complex landscape of regulations and cyber risk management. The event will also include interactive talks and networking.
7. Connected devices must comply with new PTSI Product Security regime from 29 April
On 29 April 2024, the UK will make history as the first country in the world to introduce ground-breaking protections for consumers using smart phones, games consoles, smart doorbells and other connectable devices. The regulatory regime, introduced through the Product Security and Telecommunications Infrastructure Act (PSTI) 2022 and the PSTI Regulations 2023, will position the UK as the global pioneer in enforcing new minimum cyber security standards, signalling a substantial leap forward in consumer protection.
The Act and Regulations introduce a raft of new, common-sense protections like eliminating universal and easily guessable default passwords, providing a way to report issues to the manufacturers and ensuring manufacturers are transparent about how long a product will receive security updates. Manufacturers, retailers and importers of smart devices must now ensure they comply with the law.
Please visit the DSIT and the Office for Product Safety and Standards pages on GOV.uk for more info. OPSS and DSIT will continue to provide support to industry via GOV.uk as the regime progresses.
8. Consumer IoT Manufacturers - Share your views on the PSTI regime
DSIT has commissioned DJS Research to conduct a survey of consumer IoT manufacturers to understand awareness of the new cyber security rules coming into force and industry response. The survey should take no more than 15-20 minutes and closes on 16 Feb 2024. If you wish to take part, please sign up via https://www.djsresearch.co.uk/cybersecuritysurvey.
9. New figures show success of Cyber Essentials
The government has published new statistics and analysis showing the positive impact of the Cyber Essentials scheme, which helps organisations protect against common cyber attacks.
New analysis of the Cyber Security Breaches Survey shows organisations which hold a Cyber Essentials certificate are more likely to exhibit a range of positive cyber security behaviours. Around two thirds (66%) of businesses with Cyber Essentials have a formal cyber incident response plan, compared to just 18% who don’t. New statistics - which will be published quarterly from now on - show that 38,113 Cyber Essentials certificates have been awarded to organisations in the past year, with two in five (39%) of the UK’s largest businesses now certified.
In total, over 152,000 certificates have been awarded since the scheme began.
10. CyberEPQ achieves CyberFirst brand recognition
The CyberEPQ, the UK’s first and only accredited Level 3 Extended Project Qualification (EPQ) in Cyber Security, has achieved NCSC CyberFirst brand recognition. The CyberEPQ qualification, delivered by the Chartered Institute of Information Security, offers training in topics across cyber security, from the history of computing and cryptography, to digital forensics and human behaviour factors.
CyberFirst brand recognition means the National Cyber Security Council has recognised CyberEPQ as a high-quality course which successfully supports young people to improve their cyber security knowledge. It also means CyberEPQ is now a part of the CyberFirst Pipeline.
There are DSIT funded places available for students (aged 16-18) to enrol on the CyberEPQ this academic year. If you are interested or would like more information, please visit the CyberEPQ website.
11. R&D funding available via the Horizon Europe project
The government has launched a new campaign to highlight the funding opportunities available to British businesses and organisations as part of the Horizon Europe scheme. The £82 billion Horizon scheme is the world’s largest programme of research collaboration, with average grants worth £450,000 to UK businesses, researchers and academics. Funding is available to support vitally important research benefitting all our lives, from technology and health, to climate change and the environment.
Further information and details on how to apply are available on Innovate UK’s website. UK Research and Innovation (UKRI) also host regular events to help guide businesses and researchers through the opportunities on offer.
12. New government anti-fraud campaign starts soon
This month the government will launch a national communications campaign to tackle fraud, as committed to in [the Fraud Strategy](https://www.gov.uk/government/publications/fraud-strategy. Everyone will be asked to play their part, with government, law enforcement, industry and the third sector working together to make sure people know how to protect themselves against fraud and cyber crime.
If your business or organisation would like to support the campaign and help the public protect themselves, please contact cybersecurity@dsit.gov.uk for further details and a campaign partner pack.
13. Applications are now open to join the Technology Access Programme
Digital Catapult is looking for technology firms with a culture of innovation to apply to join the Digital Security by Design Technology Access Programme.
Successful applicants will get access to an ARM Morello Board, technical support and a £15,000 grant to trial this technology with their own systems.
If you have any queries check the FAO section or if you would like to be called back before applying fill out this form. Applications close at 12:00 noon on Monday 1 April 2024.
14. Upskill in Cyber participants graduation
Over 240 participants in the Upskill in Cyber programme have achieved GFACT and GSEC qualifications and graduated from the programme in early January. Upskill in Cyber, which is run by SANS in partnership with DSIT, identifies and rapidly trains students with cyber security skills, including computer hardware, networking, Linux, operating systems, data storage and more.
Focus has now turned to securing job interviews and employment opportunities for the participants, with many employers across government and industry already getting involved by offering soft skills sessions, sharing vacancies, or offering bespoke recruitment events.
If you or anyone you know are interested in recruiting certified cyber security professionals, please contact SANS at cyberacademy@sans.org.
The programme runs until May 2024 and you will be able to reach out to SANS with any vacancies you would like to recruit for until then.
15. Women in Cyber Conference - 22 February
The Women in Cyber network are hosting a conference at the ICC Wales on 22 Feb 2024. Showcasing speakers from across the UK, the event will inspire and celebrate diversity in the cyber security sector.
For more information, please visit the Cyber Wales website or apply for a ticket.