Policy paper

DCMS cyber security newsletter - January 2023

Published 10 January 2023

1. Director’s message

Happy New Year to you all.  Last month we celebrated the one year anniversary of the National Cyber Strategy 2022 and took a moment to look back at a year of achievements in cyber. This includes the continuing success of the Cyber Explorers and Cyber Runway programmes, boosting the UK’s cyber resilience through Cyber Essentials and the new Product Security & Telecommunications Infrastructure Act, which became law in December and will be implemented when parliamentary time allows. 

Looking ahead in 2023, CYBERUK is taking place on 19-20 April at the ICC in Belfast, where DCMS will once again be sponsoring the Innovation Zone which is a showcase of some of the UK’s most exciting cyber security start-ups that have participated in our growth and innovation programmes. Registration is now open and I hope to see many of you there. 

You can also register to attend our CyberASAP Year 6 Cohort Demo Day, where a record fifteen UK academic teams will be showcasing their cyber security prototypes that have promising commercial potential. Everyone who is interested in supporting the cyber security ecosystem is welcome, particularly those interested in investing in exciting new products and potential commercial collaborators.

DCMS also recently published a Code of Practice set to strengthen consumer protections across the app market. The voluntary code of practice for app developers and operators is a world-first and will protect the UK’s app market, with the mobile app market alone generating more than £74 billion in revenue last year.

Finally, I would like to congratulate Dr Godfrey Jonathan Gaston, lately director, Centre for Secure Information Technologies, Professor Prashant Pillai, Director, Cyber Quarter and Associate Dean of the University of Wolverhampton, and Yiannis Kyriacos, founder and Chief Executive Officer, Birmingham Tech CIC, who feature in the New Year Honours List 2023 and are to receive MBEs for their services to the cyber security and technology sectors.

Erika Lewis

Director , Cyber Security and Digital Identity

2. Invitation to the CyberASAP demonstration day: Thursday 23 February

On Thursday 23 February CyberASAP, DCMS’s pre-seed accelerator, will be showcasing the 15 companies on the current cohort of the programme at Level 39, Canary Wharf, London. This is an opportunity to preview their proof of concepts, meet the teams and learn more about new products and services which could be entering the UK cyber market.

The companies cover a range of sectors including smart home IoT, secure railways systems and protecting people online. The event is open to everyone and registration is now open. The participating companies are particularly keen to speak to investors and potential commercial collaborators.

3. New rules for apps to boost consumer security and privacy

DCMS has published a world-first Code of Practice to strengthen consumer protections across the app market.

Consumers will be better protected from malicious apps which can steal data and money, thanks to new privacy and security rules for app store operators and developers. New measures include better reporting of software vulnerabilities and more transparency for users on the privacy and security of apps available on all app stores. Government will be working with app store operators and app developers over a nine-month period to ensure the adoption of the voluntary rules.

4. Do you employ a cyber apprentice?

DCMS is seeking case studies from businesses of all sizes that currently offer apprenticeships in cyber to help raise awareness ahead of National Apprenticeship Week, taking place 6 - 12 February. If you are a business that offers apprenticeships in cyber and are willing to provide details for a case study, please contact cybersecurity@dcms.gov.uk. This will help support our work to encourage more people into the cyber security profession.

If you would like to support and promote National Apprenticeship Week a NAW 2023 Toolkit is available with content you can use.

5. Digital Security By Design Access Programme: applications open on 11 January

Applications to join the Digital Security by Design (DSbD) Technology Access Programme open on 11 January. Participating companies are supported by a wide network of professionals from Arm and the University of Cambridge to experiment with groundbreaking cyber security technology that has the potential to block up to two thirds of all memory related cyber attacks. For companies with less than 250 employees, a £15,000 grant is also available.

6. DCMS Secretary of State visits Stroud High School to see CyberFirst programme in action

In December, DCMS Secretary of State, Michelle Donelan visited Stroud High to meet with teachers and students and hear about the successful NCSC CyberFirst Programme for Schools and their involvement in the Cheltenham Science Festival’s DataFace pilot project.

During the visit she found out how the projects have increased the numbers of students on the school’s GCSE and A Level Computer Science courses and how this is helping meet the needs of local businesses.

Headteacher, Mark McShane said, “The CyberFirst Programme is making a real difference here at Stroud. Over the past few years our Computing Team has built such strong relationships with local tech companies and organisations that we were able to outline to the Secretary of State how important it was for schools and the tech industry to work hand-in-hand to ensure young people receive the best computing and tech education possible.”

7. Free face-to-face and virtual NCSC CyberFirst days available

The National Cyber Security Centre is running a range of free face-to-face and virtual CyberFirst interactive days for girls and boys in Years 8 and 9 in England, Years 9 and 10 in Wales and Northern Ireland and S2 and S3 in Scotland throughout February and March. These events will be taking place nationally, with the first taking place at the University of Warwick on 4 February. Students in Year 8 can sign up for Trailblazers and students in Year 9 can sign up for Adventurers. 

Girls in these year groups can also be registered to join free cyber security development days running throughout February and March 2023, with the first virtual session taking place on 13-14 February and the first face-to-face session taking place on 22 February in Wales.

8. Cyber security longitudinal survey: wave two results

DCMS has published wave two of its Cyber Security Longitudinal Survey (CSLS). The CSLS is a three-year study following the same medium and large businesses and high-income charities with the aim of better understanding cyber security policies and processes within these organisations and how they have changed over time. Wave one was published in January 2022, with wave three expected to be published by early 2024.

 Key findings include:

• Over the last twelve months, 74% of businesses and 81% of charities have experienced some form of cyber security incident (including phishing).
• In the last twelve months, 85% of businesses and 86% of charities have taken some action to expand or improve their cyber security. 
• Around four in ten organisations confirm having a cyber security certification, such as Cyber Essentials.

9. DCMS survey reveals large demand for connected place technologies

DCMS has published the results of a survey into the status of the UK’s connected places (or ‘smart cities’) which reveals a large demand for connected places technologies. However, barriers include funding, capacity and lack of skills. 

Conducted over the summer, the survey details how organisations such as local authorities are using connected places technologies and how they plan to do so in the future. It also explores the drivers behind the deployment of connected places technologies, how they are governed, and trends in approaches to cyber security.

10. Cyber Essentials fund for small charities and legal firms

The National Cyber Security Centre (NCSC) is offering Cyber Essentials Plus to small charities and legal firms at no cost. Organisations in the charitable and legal sector are among those at higher risk of cyber attack due to the sensitive information they deal with, and because they’re sometimes seen as an ‘easy target’ for cyber criminals. The programme will help organisations in these sectors implement baseline security controls and prevent the most common types of cyber attacks. Please visit the NCSC website for more information.

The NCSC will also be updating the technical requirements for Cyber Essentials in April. The new requirements will be published on 24 January and will be explained in two webinars, which are happening on 24 January and 14 March. You can sign up for the webinars here.

11. New £80m state-of-the-art UK Telecoms Lab to be built in the West Midlands

The Government has announced it will invest £80m in a new UK Telecoms Lab based in Solihull in the West Midlands. Under a new contract signed with the National Physical Laboratory, the lab will act as a secure research facility for mobile network operators, suppliers and academics to research and test the security, resilience and performance of their 5G and, in the future, 6G network technology. The facility will also create dozens of specialised jobs in telecoms and cyber security for the region.

For more information on live jobs at the UKTL and to apply, please visit the National Physical Laboratory website and search by Locations-Birmingham.

12. CYBERUK 2023, April 19-20: registration now open

The National Cyber Security Centre (NCSC) is now accepting applications for delegates to take part in CYBERUK 2023 on 19-20 April at the ICC in Belfast.

Cyber experts and thought leaders are being encouraged to sign up for a place at the UK’s flagship cyber security conference which will bring together key players in cyber security from around the world. Delegates will discuss cyber threats, emerging technology and shaping a resilient digital future, with the conference centering around the theme of ‘securing an open and resilient digital future.’