DSIT cyber security newsletter - October 2024
Published 10 October 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-october-2024/dsit-cyber-security-newsletter-october-2024
1. Director’s message
Welcome to this month’s Cyber Security newsletter, and what a busy month it’s been for both DSIT and our stakeholders across the cyber sector.
On a personal note, some highlights for me have been attending a conference on cyber skills at Wilton Park and an Annual Cyber Security Summit celebrating the 15th anniversary of the Centre for Secure Information Technologies at Queen’s University Belfast, as well as addressing the Institute of Chartered Accountants in England and Wales at their Annual Cyber Lecture. The latter was a welcome opportunity to discuss the new government’s priorities for cyber security, including the forthcoming Cyber Security and Resilience Bill and our wider plans to improve UK cyber resilience.
I am excited to announce that the search begins for next generation of cyber security talent to represent the UK Cyber Team in global competitions, which will focus on developing skills and growing the UK cyber talent pipeline - for further information please visit the UK Cyber Team website.
This month has also seen the launch of the second year of the DSIT-funded CyberASAP Pathfinder two-day programme, giving participants a taster of the full 10-month academic start-up accelerator programme. It’s a tremendous programme, and we’ve been delighted by its progress to date. For more information about it and how to register your interest, please see the article below.
I also wanted to highlight two important calls for views that the government is undertaking. First, we want to hear your views and suggestions for further iterations of the DSIT-funded Cyber Security Breaches Survey for 2026 and beyond – there’s a survey below which only takes 10 minutes to complete and closes on Monday 4 November.
And second, the Department for Education has launched a review into both the curriculum and student assessment. They are looking for views from across society and sectors and this is your opportunity to share your expertise. This is a great opportunity to influence how we might look to strengthen digital skills in the UK, which we all know are critical both for the cyber sector and the wider economy.
Finally, last week we published a new version of the world’s first international standard for consumer connected devices, working with our international partners at the European Telecommunications Standards Institute, which provides baseline requirements for cyber security in consumer Internet of Things devices. This builds on the great work we did to deliver better protections for consumer connected devices as part of the Product Security and Telecommunications Infrastructure Act; an area in which the UK has helped lead the way internationally.
Rod Latham
Director, Cyber Security and Digital Identity
2. Search begins for next generation of cyber security talent
The new UK Cyber Team Competition invites 18- to 25-year-olds with a passion for cyber security to test their skills against challenging cyber exercises designed to push their technical expertise and problem-solving abilities.
This includes simulations of real-world scenarios in areas like cryptography, digital forensics, web exploitation and network security. This hands-on experience offers a unique opportunity to engage in demanding tasks that mirror the day-to-day challenges faced by professionals in the field.
Top performers will earn a place on the UK Cyber Team and take the next step in their cyber security career, with access to advanced training supported by industry experts, networking opportunities with agencies and leading cyber security firms, and mentorship to help develop their careers.
Together, they will represent the nation in prestigious international cyber competitions, including friendly matches against other national cyber teams, and major events like the International Cybersecurity Championship and the European Cybersecurity Challenge. For further information please visit the UK Cyber Team website.
3. CyberASAP Pathfinder coming soon – register your interest!
Innovate UK are launching another cohort of CyberASAP Pathfinder, a short course designed to introduce academics to DSIT’s main programme which helps academics commercialise their cyber security research and launch new start-ups. CyberASAP Pathfinder is a short programme (two days in person and two half days online) designed to introduce UK cyber security academics to the core concepts behind the main CyberASAP programme.
If you want to take part in the next round, please complete a CyberASAP Pathfinder registration of interest and Innovate UK will provide more details once the dates are confirmed. If you have any questions, please contact the CyberASAP Team.
If you are interested in details of the full ten-month CyberASAP programme, please register your interest.
4. Funded Cyber Essentials Programme for small tech organisations
The NCSC is providing a free Cyber Essentials programme to small organisations working in AI, Quantum, engineering or synthetic biology and semiconductors.
The Funded Cyber Essentials Programme aims to help small companies and organisations within sectors most at risk of cyber attack with free, hands-on help to implement the cyber security controls that prevent most common types of attacks.
Qualifying companies will receive around 20 hours of remote support with a Cyber Advisor. This time will be used to support an organisation in implementing the five Cyber Essentials technical controls, followed by a hands-on technical verification that the controls have been put in place.
5. World’s first international standard for consumer connected devices
In September DSIT published the new version of EN 303 645, the world’s first international standard for consumer connected devices. The standard provides baseline requirements for cyber security in consumer Internet of Things devices.
DSIT as rapporteur for the EN have led on the work updating this standard at the European Telecommunications Standards Institute since mid-2022, after also leading the creation of the original creation of the standard in 2020.
The standard has been widely influential with aligned approaches in India, Australia, Germany, Turkey and Japan – and the standard is the basis for the UK’s own aligned PSTI legislation.
6. Cyber Security Breaches Survey: user-engagement exercise
The Cyber Security Breaches Survey is an annual survey of businesses, charities, and educational organizations. It provides insights into the UK cyber threat landscape, including breaches, attacks, crimes, and cyber-facilitated frauds, along with their impacts and outcomes. Conducted by DSIT and the Home Office, the survey generates official government statistics on cyber security breaches and crimes over the past 12 months.
DSIT and the Home Office plan to continue this research due to its value in informing policy and decision-making and its widespread use by stakeholders. The CSDI analysts’ team is therefore running an engagement survey to collect user and stakeholder feedback on the future of the survey and to gather views on proposed changes.
They request you to share your feedback, views and concerns on the proposed changes to the survey by 4 November. The survey should take about 10 minutes to complete.
7. The Curriculum and Assessment Review - Call for Evidence seeking your views
The Department for Education is asking young people, parents, teachers, lecturers, leaders, experts and employers to provide evidence on how the curriculum and assessment system can ensure all young people are prepared for life and work.
We have heard from many of you in recent years that we need to prioritise technology and wider cyber security education in the curriculum. Now is your time to feed in! The call for evidence is open until 22 November.
This call for evidence relates to all subjects taught across Key Stage 1 - 5 (England only), so do highlight which subject or aspect of the education system you are referring to in your feedback.
The review panel will be hosting a series of regional roadshows. Further information on the roadshows will be available over the coming weeks. You can contact the review by email to curriculum-assessment.review@education.gov.uk
8. Cyber Runway: Edinburgh - pitch training event on 23 October
Cyber Runway is hosting a pitch day for cyber security startups in Edinburgh on 23 October. The event will kick off with a morning workshop which will equip cyber startups with the skills they need to deliver the perfect pitch. The workshop will empower attendees to deliver engaging and coherent pitches to win new business, obtain investment and raise awareness of their brand. In the afternoon, companies will have the chance to pitch their solutions in front of industry experts.
9. New webpage details the forthcoming Cyber Security & Resilience Bill
As part of the King’s Speech in July the government announced a new Cyber Security & Resilience Bill to strengthen UK cyber defences. A new webpage on gov.uk details the aims of the Bill and collates a range of the government’s work on cyber regulation showing how the Bill has been developed. The Bill will be introduced in 2025. For more information, visit the Cyber Security & Resilience Bill page on gov.uk.
10. DSIT pavilion at the International Cyber Expo, London
DSIT were delighted to sponsor a Pavilion for their Cyber Runway and CyberASAP companies at the International Cyber Expo at the Olympia London, which ran from 24-25 September, and host a government stand at the exhibition. This was an excellent opportunity for the DSIT team and programme alumni to engage with a wide variety of stakeholders from the cyber ecosystem.
This is an event which attracted over 6,500 visitors which included cyber starts-ups and SMEs, large tech corporates, industry experts, policymakers, academics and students, and the Expo held a variety of demonstrations, industry panels and interactive workshops.
11. Cyber Runway programme update
The latest cohorts of Cyber Runway, the DSIT funded accelerator for UK cyber companies launched in September. Participants of the Grow, for cyber SMEs, and Scale, for scale ups, met at Plexal’s East London HQ, for a welcome day of networking, speeches and a founders’ fireside chat.
The companies will now benefit from a three-month course of workshops, networking and mentoring to help them grow and innovate their companies. In November a selection of companies from the Scale and Ignite cohort, for high potential founders, will attend the Slush founder and investment event in Helsinki, Finland.
12. News in brief
- The Counter Ransomware Initiative has published new guidance for organisations during ransomware incidents.
- The UK has sanctioned members of notorious ‘Evil Corp’ cyber crime gang.