Policy paper

DCMS cyber security newsletter - December 2022

Published 2 December 2022

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/dcms-cyber-security-newsletter-december-2022/dcms-cyber-security-newsletter-december-2022

1. Director’s message

This month marks the one-year anniversary of the government’s £2.6 billion National Cyber Strategy 2022, which set out the government’s vision that the UK continues to be a leading responsible and democratic cyber power. Our work at DCMS is central to the delivery of the strategy, including leading on the Ecosystem and Technology pillars of the strategy and I am pleased about the progress we have made over the past 12 months.

Part of this is our work on helping the UK adopt secure connected places technology and smart cities, which harnesses the power of data to improve how we run the places where we live, work and learn. I was fortunate enough to attend the Smart Cities Expo World Congress in Barcelona in November where I met many people and organisations from across the sector. This was a great event with attendees from all over the world coming together to discuss the opportunities and challenges of this technology. As part of the visit, I had the opportunity to participate in a couple of panel events focusing on the importance of security in connected places, alongside colleagues from our External Advisory Group, and Westminster City Council, who we are working with on our ongoing Secure Connected Places Research project. Overall, the event was a great success, and I look forward to seeing an even stronger UK presence for the 2023 Congress.

Also last month I am happy to say the new Product Security and Telecommunications Infrastructure Bill finished its passage through Parliament and is set to become an Act. As more of the products we buy are connected to the internet it is critical consumers and businesses have confidence that they have the necessary protections in place. With this Bill the UK has made history by developing the first ever legislative regime mandating minimum cyber security standards for consumer products.

Erika Lewis

Director, Cyber Security and Digital Identity

2. Cyber laws to be updated to boost UK resilience against online attacks

The government has announced that the Network and Information Systems (NIS) Regulations will be strengthened to protect essential and digital services against increasingly sophisticated and frequent cyber attacks. 

The response to a public consultation held earlier this year explains how managed service providers (MSPs) - which provide IT services such as security monitoring and digital billing - will be brought within scope of the regulations. MSPs can have privileged access to their customer’s IT networks which makes them an attractive target for cyber criminals. The changes include measures to boost security standards and increase reporting of serious cyber incidents to reduce risk of attacks causing disruption. The laws will be updated as soon as Parliamentary time allows.

3. Product Security and Telecommunications Infrastructure Bill to become an Act

The Product Security and Telecommunications Infrastructure Bill has finished its Parliamentary passage and is expected to become an Act in the coming weeks. This will help protect citizens, networks and infrastructure against the harm caused by insecure consumer “smart” products.
The law will require manufacturers to: 

  • have a vulnerability disclosure policy through which any security weakness in a product is identified and notified
  • not use default passwords (which can be easy-to-guess/find out) 
  • be clear on how long a manufacturer will provide security updates for the product.

4. Support the Cyber Aware campaign

The National Cyber Security Centre (NCSC), with support from DCMS, the Home Office and the police, have relaunched the Cyber Aware campaign to encourage the public to shop online securely in the run up to Christmas. This comes as new figures revealed victims of online shopping scams lost on average £1,000 per person in the same period last year

The key messages of the campaign are:

  • Protect your accounts: use three random word passwords and set up 2-step verification for your email
  • Check before you buy: Research online retailers to check they’re legitimate. Read feedback from people or organisations that you trust, such as consumer websites
  • Report suspicious activity: users can report suspicious emails, texts and websites.

You can support the campaign by sharing posts from the NCSC Twitter and LinkedIn channels or by using the materials on the campaign resource website.

5. Apply to become a Skills Bootcamp provider

The Department for Education is inviting training providers and employers to apply to deliver Skills Bootcamps. Skills Bootcamps are free courses for adults typically lasting up to 16 weeks. They help people develop priority skills that are in demand at both local and national level.

Last financial year more than 50 suppliers were awarded funding from a pot of £68.2 million to deliver the Bootcamps to thousands of adults in a range of high-value sectors, including digital logistics, manufacturing and construction. Significant investment has been committed by the government to scale up Skills Bootcamps from 2022 to 2025 and the first competition in 2023 will be for digital skills. We know from the Cyber Security Labour Market Survey that career changers are the second largest route into the cyber workforce after graduates, and Skills Bootcamps are an important gateway for our sector.

To bid for contracts you will need to apply to qualify for the dynamic purchasing system, which is supporting the Bootcamp procurement.

6. Respond to the Digital Security by Design awareness survey

The University of Nottingham and Queen Mary University of London are conducting a short survey to investigate organisational awareness and readiness to adopt technologies based upon Digital Security by Design (DSbD).
 

This survey seeks to explore organisations’:

  • attitude towards cyber security and experience of incidents
  • prioritisation of cyber security during IT procurement and deployment
  • awareness of DSbD issues and principles.

The work is contributing to an 18-month project funded by Discribe, the DSbD Social Science Hub+, part of the UK government’s DSbD Programme and the findings will support the development of a Self-Assessment Tool for organisations to profile their awareness of DSbD and potential opportunities for incorporating it. The survey is open to all businesses and individuals to take part.

7. Plexal spotlights six cyber founders poised to Ignite the security sector

Plexal has introduced the DCMS-funded Cyber Runway Ignite programme to support exceptional cyber startup founders. It builds on Cyber Runway, the largest cyber startup accelerator in the UK, and differs with a specific leadership enhancement focus – rather than that of the businesses.
Six ambitious founders have been chosen to form the first Cyber Runway Ignite intake of innovative security talent from Plexal’s extensive cyber community, which has been built through programmes such as Cyber Runway, NCSC For Startups and LORCA.
The Ignite programme aims to help the cohort upskill in areas that’ll enhance their leadership and subsequently grow their businesses to unlock prosperity for their employees and communities, inspiring other early-stage entrepreneurs in the process.

8. Minister Lopez highlights the success and importance of Cyber Essentials

DCMS cyber security minister Julia Lopez spoke at a Cyber Essentials showcase in November to celebrate the awarding of the 100,000th Cyber Essentials certificate.

Speaking to an audience of large and small businesses, government departments, trade bodies and charities, Minister Lopez highlighted how the scheme had benefited organisations of all sizes, including a nursing home in Liverpool, a domestic abuse charity in the Midlands and a charity supporting those with visual or hearing loss in Scotland.

She also noted how Cyber Essentials was helping to address supply chain risks and how the new Cyber Essentials Pathways pilot was exploring how to make the scheme more accessible to a wider range of organisations.

9. DCMS attends the Smart Cities Expo World Congress 2022

DCMS recently attended the 2022  Smart Cities Expo World Congress in Barcelona in November. The event attracted over 20,000 attendees from 134 countries across the globe. As part of the Congress, DCMS participated in events including a roundtable discussion with the G20 Smart Cities Alliance, bilateral engagements with South Korea, and an interview with the organisers of the Expo. 

 DCMS were also privileged to host a centre stage panel event focusing on the cyber security of connected places. DCMS were joined by speakers from Connected Places Catapult and Westminster City Council, who are working alongside DCMS on their ongoing Secure Connected Places Research Project. 

 For more information, please visit the government’s new secure connected places collection page.

10. National Cyber Advisory Board meets to oversee strategy

In November, Government and industry came together for the first meeting of the new National Cyber Advisory Board (NCAB) to discuss how they will protect and promote the UK’s interests in cyberspace, including how best to counter growing cyber threats.
The Board will champion a ‘whole-of-society’ approach to cyber and will work closely with the Government’s National Cyber Security Centre, which is already running campaigns and training for business, Government and consumers to build cyber resilience. 
Chair of the Board and Chancellor of the Duchy of Lancaster, Oliver Dowden, highlighted the importance of NCAB in “bringing leaders from across industry, the third sector and academia to share information and expertise on how to build and protect our digital economy and services.”

11. DCMS launch Secure Connected Places landing page

The Secure Connected Places team at DCMS have launched a new landing page on gov.uk to help keep you up-to-date on their work supporting the cyber security of connected places and smart cities.

The page will feature information about the team’s current and future projects and enable access to their research. It also includes a contact email if you have any questions or comments for the team.

12. Job opportunities: DCMS Policy advisors

DCMS is currently recruiting seven Policy Advisors in Cyber Security & Digital Identity across both the London and Manchester offices. These roles will help drive an ambitious digital agenda to make Britain the most connected, tech friendly, innovation-driven, digital skilled and cyber-secure country in the world.

The deadline for applications is 9am on Monday 5 December.

Back to top