On 9 July, the Cyber Growth Partnership (CGP) held its first meeting of the year. Chaired for the first time by Digital Minister, Margot James MP, the CGP looked at a range of issues designed to help grow the UK cyber security ecosystem.
The minutes from the meeting can be found below:
Minister for Digital and Creative Industries; Mark Hughes, BT; techUK; Digital Shadows; Centre for Secure Information Technology; Garrison Technology; Becrypt; Cisco; BAE AI; AstraZeneca; SNC-Lavalin Atkins
DCMS; NCSC; DIT
Guest: Crown Commercial Services
KPMG; Amadeus Capital Partners; Passion Capital
AGENDA ITEM 2 - GROWTH & INNOVATION PROGRAMME
An update paper was issued to the Board prior to the meeting.
It was noted that good progress has been made on the government’s cyber growth and innovation programme.
The CGP were asked for any comments on the programme and whether there are other areas for interventions that should be considered.
There was a consensus that the main area that requires attention is at the scaleup stage. It was noted that there is amazing talent in the the UK cyber security sector at this stage and that a scaleup initiative could significantly help these firms grow.
It was noted that a new government scaleup initiative for the cyber security sector will be progressed within the next few weeks.
Another area of importance to the sector is the development of the Professional body. It was noted that the government intends to consult soon on proposals to help further develop the cyber security profession in the UK.
There were no further comments on the agenda item.
AGENDA ITEM 3 - BREXIT
Brexit is a standing item on the agenda. The CGP were asked if they wished to raise any new issues.
The CGP were waiting for sight of the White Paper to further assess the Common Rule-Book for Goods proposal. It was noted that the sector will have more of an interest in Services due to the makeup of the UK cyber security sector. More detail is needed on the handling of digital services and following this the CGP can assess the future impact on cyber firms.
The main points of concern for the sector are:
- Alignment - important that no divergence away from existing arrangements.
- People - access to talent throughout Europe as this is required to manage the current skills gap, and the unrestricted movement of the workforce across the EU.
- Security co-operation
AGENDA ITEM 4 - EXPORT STRATEGY
The Singapore Cyber Representative has been in place for 4 months. This person is an industry secondee, with some members of the CGP reporting good early signs of impact for the sector through engagement. He is covering 6 counties in the region.
DIT have not yet advertised the other 3 Cyber Representative posts (New Delhi, Dubai & Washington). DIT have a stated desire to cover more of the costs of the Cyber Representatives and are currently reviewing allowances and diplomatic status. As the Cyber Representatives are industry secondees they currently have no diplomatic status.
The CGP noted that the programme of Embassy events organised by DIT has been exceptionally useful for companies.
The CGP suggested the Tech Hub programme could be expanded for wider benefit to the sector. The Tech Hubs provide a useful soft landing zone for companies exploring key markets and provides a focal point for overseas firms with an interest in accessing UK capability.
4.1 DIT to provide out of session updates on the progress of the Cyber Representative programme.
4.2 DIT to provide out of session updates on the expansion of the Tech Hubs programme.
AGENDA ITEM 5 - INDUSTRIAL STRATEGY SECTOR DEAL
A paper was circulated to the Board prior to the meeting which covered the latest draft proposal for a Sector Deal. The CGP was asked for any comments on the proposal and whether it targeted the right area for a cyber security Sector Deal.
The draft proposed Sector Deal is focussed on making the UK a world leader in cyber security for IoT in Industrial Control Systems, with the Energy sector as the initial focus. It was the main candidate proposed by industry.
The CGP had doubts about the ownership within government for this Sector Deal and felt it lay more with the government department that had responsibility for CNI and, in this particular case, the Energy sector. CGP industry members asked for advice from the government team responsible for the Energy sector.
There were concerns raised previously by government in respect to the benefit of the Sector Deal for the UK cyber security sector and, in particular, for cyber SMEs. This was still not clear from the revised proposal.
5.1 DCMS to investigate BEIS ownership and lead of the current Sector Deal.
5.2 techUK to explore with their cyber committee on how the current Sector Deal proposal could be improved to benefit cyber security businesses.
5.3 Options for a cyber security Sector Deal to be considered by the new CGP Working Group, which is looking at the future of the CGP.
AGENDA ITEM 6 - CYBER SECURITY ECOSYSTEM ANALYSIS
A paper was issued which covered the analysis of the sector by government.
The CGP considered the clusters of cyber security activity identified in the paper and agreed that more could be done to strengthen the sector's 'place' narrative.
AGENDA ITEM 7 - CYBER EXCHANGE
The Cyber Exchange has developed a rich dataset of UK cyber capability and is establishing itself as the “go-to” destination for UK cyber information, opportunities and partnerships across UK Government, Industry and Academia. It is creating value for the sector and now has around 700 organisations listed. However, The Cyber Exchange is struggling to gain the financial and people resource it needs to continue.
The growth initiative map is about to launch in beta and this will provide further benefit to users of the Cyber Exchange.
There was consensus of the value of the Cyber Exchange as a critical component in supporting the growth of the sector. The CGP considered that the Cyber Exchange should be funded and were keen to see its services evolve further.
7.1 techUK and DCMS to follow up to review the Cyber Exchange.
7.2 All members to consider how they could support the Cyber Exchange (sponsorship/people) with offers to techUK.
7.3 DIT to review its online channels and to consider if there is anything it can do to fold some of its work into the Exchange.
7.3 Digital Shadows to follow up with techUK re launch event for the mapping initiative.
AGENDA ITEM 8 - SELLING TO GOVERNMENT
It is difficult for cyber security firms to sell to government and it is challenging for some areas of government when looking to acquire new cyber solutions through the current frameworks. There is a need for a dynamic framework that best supports the needs of government and is agile for the sector.
BT, with the support of techUK, have led a sub-group that is scoping a cyber security procurement solution for government to consider. The group have provided a draft paper.
Crown Commercial Services provided an update, with the main headlines:
- Cyber Security Services 2 had not been effective and is being scrapped. It has, however, been extended to end February 2019.
- Cyber Services is moving fully back into G-Cloud 10 as a temporary fix.
- CCS committed to working with the cyber sector through the CGP to identify a more appropriate route to market. This engagement will start in September.
- The intention is for a cyber solution to be in place by March 2019 at the earliest. This will depend on the complexities of any proposed cyber solution.
This timing provides a window of opportunity for the sub-group to further build its evidence base, to refine the proposed solution and to test this through the broader engagement of the sector. This should include SMEs, government buyers and NCSC.
8.1 CGP sub-group to further develop their proposed solution and broaden engagement. This work should be completed by September.
8.2 CCS to nominate a point of contact to work with the sub-group from September.
AGENDA ITEM 9 - FUTURE OF THE CGP
A discussion paper was issued looking at the future of the CGP. There is an opportunity to pause and to consider how the CGP can become more effective in support of the sector.
The CGP were asked 3 main questions:
- What do you see as the primary role for the CGP?
- What topics should the CGP prioritise?
- Are any structural adjustments needed to better enable the CGP to fulfil the purpose you foresee?
It was agreed that that the CGP would be more productive if frequent meetings were held and they were not reliant on the attendance of a Minister and a senior industry figure.
It was agreed that the primary focus of the CGP should remain as the growth of the sector. Industry members indicated that they would also welcome the addition of cyber skills to the remit.
It was agreed that a Working Group meeting should be established to progress. This meeting would include a sub-set of the CGP membership.
9.1 DCMS and techUK to coordinate a Working Group meeting and agenda by end of September to consider the next steps.
9.2 A small industry led sub-group is to be established to further consider the primary role and main topics for the CGP and any adjustments to the Terms of Reference. The work of this group should inform the agenda for the September meeting.