Policy paper

DSIT cyber security newsletter - October 2023

Published 17 October 2023

1. Director’s message

October is Cyber Security Awareness Month and there are plenty of activities to get involved in. We can all raise awareness. You could direct businesses to the NCSC’s free Cyber Action Plan or encourage young children with the Cyber Sprinters game. The NCSC also has a months’ worth of content planned across their social media and website.   In DSIT we are preparing for the upcoming AI Safety Summit on 1-2 November. In our recently-published Introduction to the AI Summit publication, we identified cyber attacks as a likely ‘misuse risk’ in artificial intelligence – one of two particular categories of risk which November’s discussions will focus on at Bletchley Park.

We’re thrilled to announce a call for funded projects to further enhance the CyBOK resources, including a particular emphasis on uncharted territory like the new AI guides. Your innovative proposals can help expand our knowledge in critical areas of cyber security. Don’t miss the opportunity; the call is open until 18 October. Additionally, Pye Tait is actively seeking feedback from organisations, both Cyber Essentials certified and non-certified, to gauge the impact of the Cyber Essentials scheme. Your insights will play a vital role in shaping future cyber security strategies. Two online surveys are available so please take a moment to share your experiences. 

There are some great initiatives in Scotland worth highlighting this month. The Scottish Government is investing in 16 cyber resilience projects targeting diverse communities, strengthening national cyber resilience efforts and is driving diversity initiatives within the cyber security sector. 

Andrew Elliot

Director, Cyber Security and Digital Identity

2. October is Cyber Security Awareness Month 

October 2023 marks 20 years of Cyber Security Awareness Month, a great opportunity to get the public engaged with cyber security. The month is marked across the cyber security community by our colleagues in the United States, the EU, the NHS and elsewhere. 

If you want to get involved, here’s some ideas: 

• Encourage your friends and family to improve their cyber security by using strong passwords and setting up two-step verification. There’s simple advice on how to do this on our Cyber Aware campaign website.
• If you have young children, they can try the Cyber Sprinters game to learn about being secure online.  
• If you have older children, they may like to improve their skills and learn about tech careers via Cyber Explorers or the Cyber First Girls Competition.
• And finally, anyone - including individuals and small businesses - can use the free Cyber Action Plan to upgrade their cyber security in just five minutes.  

Please feel free to share these resources with your colleagues and networks.

3. Funding available for new CyBOK projects 

Following publication of the recent new supplementary guides in AI, CyBOK have now published a new call for funded projects to develop further resources around the Cyber security Body of Knowledge. CyBOK are welcoming proposals in any area, but are particularly encouraging those which focus on topic areas not covered previously, including the new AI guides.  

For further details please visit the CyBOK website. The call closes on 18 October.

4. Share your experiences of Cyber Essentials 

The government is working hard to ensure UK industry is protected and resilient in the face of evolving cyber threats. To support this we are working with research firm Pye Tait to survey UK-based organisations – spanning all size-bands and sectors – to understand the impact of the Cyber Essentials scheme. 

If you would like to provide your views there are two online surveys available:  

1. Survey of organisations currently (or previously) Cyber Essentials certified: www.pyetait.com/CEimpact-certified  

2. Survey of organisations which have never been Cyber Essentials certified: www.pyetait.com/CEimpact-noncertified

Please respond by 30 November 2023.

5. Product security regulations pass final hurdle           

Following consultation with industry over many years, last April we gave notice that the new product security requirements for consumer tech devices would come into force on 29 April 2024. We also published the draft regulations. Those regulations have now completed the necessary parliamentary procedures.

On Thursday 14 September, the Minister for AI and Intellectual Property, Viscount Camrose, signed the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 into UK law. This is final legislative step necessary for the UK’s product security regime to come into effect next year. When it does, UK consumers and businesses who purchase consumer connectable products, from smartphones to smart speakers, will benefit from greater security protections from the threat of cyber crime.

6. Cyber Runway events open to startups 

The DSIT-funded Cyber Runway accelerator is hosting in-person events across the UK which are open to everyone, even if you’re not on the programme. If you are a cyber security startup, sign up for the first two events in Edinburgh and Birmingham to connect with and pitch to industry and investors.
 
Cyber Runway, Today’s Future of Digital Security, Birmingham (8 Nov)      

Cyber Runway, Pitch Day, Edinburgh (30 Nov)

7. CyberScotland Partnership funds new resilience projects  

The Scottish Government has announced funding for 16 new cyber resilience projects to help the public recognise cyber risks and get prepared to manage them. The announcement follows a CyberScotland Partnership call for funding proposals in June to boost national cyber resilience. The projects will focus on harder to reach audiences, including people living in areas of social deprivation and people for whom English is not their first language. The 16 projects were selected from 84 proposals, with awards totalling just under £500,000. Further details can be found on the Cyber Scotland website.

In addition, the Scottish Government and IASME hosted a Cyber Inclusion Summit on 21 September, to listen to individuals’ experiences of barriers to entry and career progression in the cyber security sector. The results from workshop discussions will form the basis of a collaborative action plan for improving diversity in the cyber sector in Scotland.

8. DSIT minister on ITN cyber programme 

DSIT Cyber Security Minister, Viscount Camrose, has appeared on the ITN Business ‘Cyber Impact’ programme.

The minister said “we’re making huge strides in ensuring the UK is resilient to a range of cyber threats and attacks. It was great to sit down with ITN Business as part of this new programme to discuss what the government is doing to protect the nation online.”

9. Science minister opens the National Cyber Awards 

DSIT Science Minister George Freeman opened the National Cyber Awards on 25 September.

The National Cyber Awards recognise the excellent work done by colleagues across the cyber security sector over the past year. Congratulations to all the finalists and winners, including Immersive Labs, which won Cyber Business of the Year 2023.

10. Minister shows support for the north east 

Minister Camrose visited the North East on 26 September to speak at the Newcastle CyberFest 2023.

The Minister said ”it was great to see the brilliant breadth of cyber talent both in the North East and across the country first hand, which will be key to driving growth for every corner of the UK.”

11. Registration open for CyberFirst girls competition 

Registration has opened for the 2023/24 CyberFirst Girls Competition. The National Cyber Security Centre is urging teachers to enter school girls into the national competition.

The contest introduces 12/13-year-old girls to the world of cyber security and inspires them to consider careers in the industry. Registration is open now, with the compeition opening on 20 November.