Policy paper

DCMS cyber security newsletter - February 2022

Published 2 February 2022

1. A message from the Director

One of the cyber security sector’s strengths is the varied and exciting specialisms it offers, from system design and penetration testing to incident response, staff training and risk management. But with few formal pathways these wide-ranging, and often overlapping, roles can make it hard for organisations to know exactly what skills and people they need. To address this, last year the government launched the UK Cyber Security Council, the new professional body to lead the cyber workforce. The Council will make it easier for employers to identify the professionals they need and also raise standards to ensure people in the cyber sector are properly equipped to protect us from criminals and hostile states.

To help support this work, last month we launched a consultation on embedding pathways and standards in the cyber profession. The aim is to provide clarity for career pathways into cyber and to recognise cyber as a profession that has parity with more established fields such as accounting, law, and engineering. I encourage you to share your open and honest views so you can help shape our proposals.

The resilience of our businesses and organisations is also another core part of our spectrum of defences. The government is also therefore consulting on proposals for legislative changes which would drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers. Again, please do share your ideas and expertise.

Finally the DCMS-funded exhibition, Top Secret: From Ciphers to Cyber Security opens at Bradford’s National Science and Media Museum on Friday 11 February. It will be supported by a series of events to encourage people to engage with cyber security and to consider it as a career. If you live nearby it should make a great day out for friends and family.

Erika Lewis

Director, Cyber Security and Digital Identity

Department for Digital, Culture, Media and Sport

2. Consultation on embedding standards and pathways across the cyber profession

The government has launched a consultation on embedding standards and pathways in the cyber profession and is looking for views from across the sector and the wider ecosystem.

To help develop the cyber profession, the government funded the creation of the UK Cyber Security Council which launched in March 2021. The Council will act as the authority on the cyber profession, bringing together the existing work of professional and certifications organisations to meaningfully communicate and assure consistency across standards and pathways.

The consultation asks for views on how best to ensure the UK Cyber Security Council is suitably empowered to be the voice of the profession, and to tackle the scale and diversity of the skills shortage that the government and industry wants to address. Please respond to the consultation by 20 March 2022.

3. Cyber resilience review and consultation on new legislation

The government has published a review on the progress made on improving the UK’s cyber resilience between 2016 and 2021. The 2022 Cyber Security Regulation and Incentives Review lays out the current state of cyber resilience, identifies current threats such as ransomware and supply chain attacks, assesses the impact of available support, and addresses the impact of existing regulation on building cyber resilience in the UK economy. The Review also sets out further government intervention to protect organisations online

Alongside this review, the government is consulting on proposals for legislative changes to drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers. Please respond to the consultation by 10 April 2022

4. Ministerial visit to the Golden Valley Campus

On Tuesday 25 January Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez MP visited Cheltenham’s thriving digital and cyber sector.

Minister Lopez visited GCHQ, meeting colleagues from the National Cyber Security Centre, the Golden Valley Development and the Western Gateway to understand more about these organisations’ strategic aims, and their plans to support the new National Cyber Strategy.

The Minister was welcomed by Alex Chalk MP and the Principal of Gloucester College to the new Gloucester College/Hub8 Cheltenham Campus so she could meet Forensic Computing and Cyber Security Apprenticeship students and their lecturers in the new Advanced Digital Academy. Minister Lopez toured the new state-of-the-art IT and cyber training centre, and spoke to the to students about their career pathways and aspirations for their futures in the cyber sector.

5. CyberASAP funding competition opens on 7 February

The next funding competition for CyberASAP, the DCMS-funded pre-seed accelerator that transforms academic research into viable commercial products and services, is about to launch. Up to £800,000 is available to invest in promising commercial opportunities, with the maximum of £32,000 available for each project. CyberASAP is open to all UK-based academics with a cyber security project that they are interested in taking towards commercialisation.

The competition opens on Monday 7 February and closes on Wednesday 2 March. A webinar for interested participants will take place at 11.30am on Tuesday 8 February.

6. Cyber Runway regional events

There is still time to book and attend regional events taking place as part of Cyber Runway.

The following events are taking place:

  • Scotland (Dundee & Glasgow) February 8 and 9
  • Sheffield, February 22 and 23
  • Cardiff (Online) February 24 and 25

These two day events offer a chance for cyber companies to make connections and join sessions on investment, branding, PR, diversity, pitching and more. Please check the website for further details.

7. First ever Government Cyber Security Strategy to step up Britain’s defence and resilience

Last month the government launched the first ever Government Cyber Security Strategy to help strengthen the country’s public services from cyber attacks.

The new strategy outlines how central government and the public sector will continue to ensure public services can function in the face of growing cyber threats. It will step up the country’s cyber resilience by better sharing data, expertise and capabilities to allow government to ‘Defend As One’, meaning that government cyber defence is far greater than the sum of its parts.

The new strategy will be backed by £37.8 million invested to help local authorities boost their cyber resilience - protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.

8. CyberFirst Girls competition heads towards finals

This month, schoolgirls from across the UK will compete in the finals of this year’s CyberFirst Girls Competition, run by the National Cyber Security Centre

The finalists, aged 12 to 13, will work in teams to tackle cyber-related puzzles covering topics from networking and AI to cryptography and logic. The online events will be held on Wednesday 3 February and the in-person event will be held on Saturday 5 February. The winners will be announced on social media and receive laptops and invitations to a celebration later in the year.

The CyberFirst Girls Competition is designed to get more girls aged 12 and 13 to understand why cyber security matters, what it involves and where a career in this field can take them. Please see the CyberFirst website for further details. 

9. Cyber investor days, Dublin, April 26 and 27

The European Cyber Security Organisation (ECSO) is holding more investor days on April 26 and 27 in Dublin. The event is a chance for cyber security companies, from start-ups to scale ups, to pitch their businesses and meet leading European and international investors. The two companies judged to be the best at the event will be nominated to compete for the ECSO’s European Cybersecurity STARtup Award 2022.

This year cybersecurity companies founded or co-founded by women, or with at least 50% female employers, will also be able to compete for the Women4Cyber STARtup Award. You can find out more and apply online [this link downloads a Word document].

10. Cyber Essentials scheme update

Last month the National Cyber Security Centre refreshed Cyber Essentials, the government-backed certification scheme that supports organisations of all sizes to guard against online threats and demonstrate a commitment to cyber security to customers and stakeholders.

It has been updated following a major technical review which will help organisations maintain their minimum cyber hygiene in an evolving threat landscape. Among the main changes are revisions to the use of cloud services, home working, multi-factor authentication, password management, and security updates.

The refreshed Cyber Essentials scheme also incorporates a renewed pricing structure which better reflects the increasingly complex nature of assessments for some organisations.

11. Cyber security longitudinal survey

DCMS has published the first wave of its Cyber Security Longitudinal Survey to better understand cyber security policies and processes within medium and large businesses and high-income charities, and to explore the links between them and the likelihood and impact of a cyber incident.

This is the first year of a three-year study, and therefore the main objective of this report is to establish a baseline of findings as a precursor to further reports in subsequent waves.

Around half of the businesses and charities surveyed said they had experienced a cyber security incident in the last 12 months (excluding phishing), and a quarter of these companies said they had been negatively affected, including: temporary loss of access to files; websites and applications taken offline, or corrupted or damaged systems.