Policy paper

DCMS cyber security newsletter - December 2023

Published 15 December 2023

1. Director’s message

As we approach the end of 2023 it is a good time to reflect on some of our key achievements on cyber security and digital identity from the past twelve months.  On skills, the UK Cyber Security Council achieved the fantastic milestone of recognising its first cohort of Chartered Cyber Security Professionals. In October over 100 practitioners who completed the pilot schemes were registered with the Council at either Charted, Principal or Associate levels. Well done to everyone involved and I look forward to seeing many more Chartered Cyber Professionals in the future. 

On legislation, the supporting regulation to implement the Product Security and Telecommunications Infrastructure Act was signed into law in September. The Act requires manufacturers of consumer connectable products to comply with certain security standards, such as not using default passwords. Businesses must comply with the new rules by 29 April 2024. We are working to ensure all businesses understand these new requirements, so please spread the word to your networks. 

We have also seen progress with our other key piece of legislation. Part 2 of the Data Protection and Digital Information Bill would establish the legal framework for digital identity services in the UK. When enacted this would enable people and businesses to make the most of new technologies with confidence, facilitating smoother, cheaper online transactions, and enabling individuals to prove things about themselves digitally in a secure and trusted way – if they choose to do so. Last week the Bill completed its passage through the House of Commons and will now be considered by the House of Lords. 

Finally, I would like to thank you all for supporting us so well over the last year. Our cyber skills schools programme, Cyber Explorers, our bootcamp programme, Upskill in Cyber, and our accelerator, Cyber Runway, only succeed because of the partnership we have with so many people across industry and education. Our work on software security, app security and secure connected places has benefited from the hundreds of contributions we have received to our consultations and round tables. The delivery of the National Cyber Strategy is anchored in the “whole of society approach” and your energy is helping to deliver the ambition of a more resilient UK. 

I would like to thank you all for your continued work in the cyber security sector and wish everyone a happy and safe festive season. 

Andrew Elliot

Director, Cyber Security and Digital Identity

2. NCSC annual review highlights threat to UK critical infrastructure  

The National Cyber Security Centre used its 2023 annual review to raise awareness of the increasingly unpredictable cyber threat landscape. It said the UK’s critical sectors are facing an ‘enduring and significant’ threat, in part due to a rise of state-aligned groups and an increase in aggressive cyber activity. 

The review also discusses the rise of artificial intelligence and the evolving geopolitical landscape as significant areas of risk to UK electoral processes. For more information, read the NCSC Annual review 2023.

3. Cyber Runway supporting businesses in Belfast and Edinburgh

Cyber Runway, the DSIT-funded cyber security accelerator, has been supporting emerging cyber firms at events in Belfast and Edinburgh. On 23 November the Centre for Secure Information Technologies hosted an event at Belfast Docks focused on working with government. Participants developed their skills in effective sales techniques, and learned about future technology trends and how these may impact on Cyber SMEs. There was also an opportunity for participants to speak to entrepreneurs who had already successfully sold to the public sector. 

On 30 November a pitch day for cyber SMEs was held in Edinburgh. The event included a workshop focusing on effective communication techniques, including how to design and deliver impactful speeches. The afternoon focused on a pitch session with participating companies showcasing their companies and products in front of a panel of investors and experts who provided feedback on the presentations.

4. Lancashire Cyber Partnership launched at Lancs Cyber Fest 

A new partnership to develop the cyber ecosystem in Lancashire was launched at the first ever Lancashire Cyber Festival on 17 November.

The Lancashire Cyber Partnership will see the National Cyber Force collaborate with academic institutions and industry to help create tech jobs in the region and support the “North West Cyber Corridor.” DSIT Director of Cyber Security Andrew Elliot spoke at the event, which included skills and careers information for local school children. Partners include the Lancashire County Council, the Lancashire Enterprise Partnership, the University of Central Lancashire, Lancaster University, and BAE Systems.

5. Government reviewing national security powers – call for evidence

The Government has launched a call for evidence on potential updates to the National Security & Investment Act to ensure its investment screening powers remain up to date, proportionate and transparent for businesses, while protecting national security.

The call for evidence closes on 15 January, and the government is welcoming feedback from a variety of stakeholders, including domestic and international businesses, investors, academia.

6. Cyber Aware campaign warns festive shoppers about online scams 

Cyber Aware campaign warns festive shoppers about online scams  The latest phase of the Cyber Aware campaign began on 6 November with a warning about online scams during the festive shopping season. The campaign encourages people to boost their online resilience by creating a strong and separate password for email accounts using three random words, and turning on 2-step verification. 

More advice is available on the Cyber Aware website. There is also a campaign resource centre available with images and ideas if you want to promote the campaign with your customers and networks.

7. EMPowerCyber 2023 inspires young women into cyber careers 

In November, Cheltenham’s cyber security cluster, CyNam, hosted one of the UK’s largest cyber security youth skills workshops, #EmPowerCyber2023. Aimed at inspiring young women to pursue cyber careers, the event brought together 1,000 schoolgirls from 29 Gloucestershire schools, with government cyber specialists, and business leaders from over 30 organisations. Supported by companies such as BT, QinetiQ, Gemba Advantage and Raytheon UK, the event offered students hands-on experiences, including coding, password cracking, and exposure to live cyber-attacks.

8. New guidance on secure development of AI systems 

The government has published new guidelines that will help developers of any systems which use AI make informed cyber security decisions at every stage of the development process. Agencies from 18 countries, including the US, have endorsed the new advice, which was developed by the NCSC and CISA (US Cybersecurity and Infrastructure Security Agency) . The NCSC have also published a blog explaining the guidance. DSIT will be working with NCSC on the next steps to build on the guidance.

9. Cyber security news in brief

• The government has announced a £20m investment for a cyber innovation centre in Cheltenham, as part of a £450 million pound levelling up package announced at the recent Autumn Statement.
• The UK government worked with Singapore and others to secure an international agreement against making ransomware payments.  Members of the Counter Ransomware Initiative signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals. 
• The National Ethnic Minority in Cyber network is looking for nominations for the Cyber Diversity Awards 2024. There are 10 categories including best company, best project and best academic. Deadline for nominations is 5 January 2024.