DCMS cyber security newsletter - November 2022
Published 11 November 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dcms-cyber-security-newsletter-november-2022/dcms-cyber-security-newsletter-november-2022
1. Director’s message
One of the pillars of the National Cyber Strategy is Global Leadership. It highlights how cyber is an international issue and that if we want to ensure a free, open and secure cyberspace we will need to work closely with our overseas allies. It is particularly important that other national governments understand our approaches to new codes of practice and standards and ideally work alongside us to implement the same things at the same time.
Last month I had the opportunity to visit the excellent Singapore International Cyber Week, organised by the Cyber Security Agency of Singapore, and the parallel Govware event, which featured stands from UK cyber companies promoting their services and expertise. This was a great opportunity to hear from UK and international cyber leaders on a range of topics and challenges. I delivered a keynote speech focusing on the cyber supply chain, to talk about DCMS’s work in this area - and particularly our efforts to increase the resilience of digital service providers.
I also met with the Smart Nation and Digital Government Office, the Singaporean Agency for Connected Places (Smart Cities), where we discussed their testing of the NCSC Connected Places Security Principles and potential for closer joint working. Lindy Cameron, CEO of the National Cyber Centre, was also there and delivered a great speech outlining how the ‘secure by design’ approach is vital for managing both internet of things and secure connected places risks.
On the topic of the NCSC’s top team, last month their technical director Ian Levy announced that he would be leaving the organisation. Ian has been a stalwart of the UK cyber sector in his current role and he has written a brilliant blog detailing the ten things he has learnt (and one idea for the future).
Erika Lewis
Director, Cyber Security and Digital Identity
2. DCMS appoints six local authorities for secure connected places research project
DCMS has appointed a cohort of six local authorities to take part in the Secure Connected Places research project. The six participating local authorities are the South London Partnership, Dorset Council, Westminster City Council, Perth and Kinross Council, the City of Bradford Council, and Merthyr Tydfil Borough Council.
Working with the cohort, the project will explore issues around the cyber security of connected places and the implementation of the NCSC’s Connected Places Cyber Security Principles to identify how DCMS can further support local authorities that manage connected places projects. If you would be interested in hearing more about the project, please contact secureconnectedplaces@dcms.gov.uk.
3. DCMS publishes UK connected places market analysis
DCMS recently published an analysis of the connected places market in the UK which provides insight into the number of connected places technology suppliers in the UK, the products and services they offer, and factors that influence market development. This research has helped to inform development of policies designed to ensure that supply of connected places technologies to UK users is resilient to changing market conditions.
4. £1.5 million available to experiment on CHERI architecture in defence and security systems
The Defence and Security Accelerator (DASA) has launched a new competition to trial the cutting-edge CHERI security architecture in a defence and security context. £1.5 million funding is available for this Themed Competition, and we expect to fund several proposals up to £100k. The deadline to submit a proposal is midday Monday 14 November 2022.
5. Supply chain cyber security: new guidance from the NCSC
The UK’s National Cyber Security Centre has published new and updated cyber supply chain guidance, ‘How to assess and gain confidence in your supply chain cyber security’.
The guidance describes practical steps to help organisations assess cyber security in their supply chains. It’s aimed at, but not limited to, medium to large organisations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers.
6. Cyber Runway events in November: Bristol, Belfast and Scotland
As part of Cyber Runway, the DCMS-funded cyber business accelerator, two events were held in Bristol and Manchester in October. At both events attendees were able to learn new skills, such as Deloitte-led sessions on sales training, learn more about the development of the UK cyber sector and to network with other businesses.
Three more Cyber Runway regional events are taking place in November in Northern Ireland, Scotland and an online event hosted by TechSPARK in Bristol. They are free to attend and sessions will include: trends in the cyber technologies, understanding and communicating to your customers and creating effective tech demos
Bristol, Online, Nov 8
Northern Ireland, Belfast, Nov 16 & 17
Scotland, Dundee, Nov 23
7. UKC3 appoints new board
UK Cyber Cluster Collaboration (UKC3) has announced its new board for the upcoming year. Linda Smith from Midlands Cyber has been elected to become the board’s new chair, with John Davies MBE from Cyber Wales following as vice chair. The board will be welcoming Ben Shorrock and Paul Boardman who will be the new ecosystem development lead and innovation join-up lead.
Richard Yorke, co-founder of UKC3 and now outgoing chair said: “It has been almost two years since the UK’s cyber cluster leads came together to collaborate and explore how we could strengthen the work being done in the regions and nations of the UK to connect up, develop and grow the cyber ecosystem. Since this time, we have established UKC3 as a national body, representing the cyber cluster community and supported the work of 13 recognised clusters spanning the length and breadth of the UK with funding and resources. I am extremely proud of what has been achieved in this time, the partnerships we have established and the impact now being made.”
8. GDPR fine demonstrates importance of good cyber resilience
The Information Commissioner’s Office (ICO) has highlighted the importance of organisations putting in place appropriate cyber security measures as it issued a £4.4m fine for a breach of data protection law.
A Berkshire construction company failed to keep its staff information secure, enabling hackers to access the personal data of 113,000 employees via a phishing email. The ICO found the company had failed to properly investigate a cyber attack, was using outdated software systems and lacked adequate staff training, thereby breaching data protection law.
Both the ICO and the National Cyber Security Centre offer cyber security guidance which all organisations should follow to meet their GDPR obligations.
9. National Cyber Security Centre publishes annual review
The National Cyber Security Centre has published its sixth annual review, detailing the work of the organisation over the past 12 months. The review explains how the cyber security threat to the UK has evolved significantly over the years, including how ransomware continues to pose a major threat, how Russia’s invasion brought the cyber threat into focus and how the threat from state actors continues to evolve.
The review also explains how 34 million alerts were sent through its Early Warning service and how 6.5m suspicious emails were reported, leading to 2.1m malicious cyber campaigns being removed from the internet.