Upcoming events
To make the most of your techUK website experience, please login or register for your free account here.
This is a council composed exclusively of techUK members. If you are interested in understanding the election process, we encourage you to reach out to one of our team members listed at the bottom of this page.
Its focus is to address the strategic-level security concerns that impact the UK tech sector, and providing a forum for the Government’s national security community to engage with technology suppliers on industry engagement opportunities.
The National Security Committee is techUK’s authoritative voice on national security issues, and highlights the opportunity for the technology industry to offer solutions to them. The National Security Committee seeks to engage with relevant stakeholders in HMG, bringing them together with the technology industry to agree views and perspectives on a wide range of topics. These include promoting a community of open collaboration in what is typically a secret, complex and risk-averse environment and addressing the specific challenges of SMEs operating in the national security sector.
The National Security Committee will meet bi-monthly to discuss the above.
Committee Member | Committee Representative | Company Role |
---|---|---|
Vodafone | Stephen Knibbs (Chair) | UK Head of Security and CISO, heading Secure CNI |
Leidos UK | Alan Potter (Vice-Chair) | VP & MD National Security & Defence Division |
Accenture | Madeline H. Lewis | Managing Director and UK Armed Forces Network Sponsor |
Amazon Web Services | Mike Nayler | Senior Manager |
Arqit | Daniel Shiu | Chief Cryptographer |
Baker & McKenzie LLP | Ross Evans | Senior Associate |
BT Group | Neil Seabury | Head of Technology Office, Major Government |
Capgemini | Michael Willis | Director |
Capita plc | Jim Fox | Business Consultant Manager |
CDS Defence & Security | Martin Nash | Head of Cyber Security and Information Assurance (CS&IA) Services |
CGI | Patrick Hutchings | UK & Australia Sector Lead for Secure Innovation & Advisory |
Clue Software | Matt Horne | Head of Policing & Government |
CyberHive Ltd | Sarah Blundell | Chief Operating Officer |
Electralink | Kulwinder Johal | Head of Information Security |
Fujitsu | Paul Dickens | Public Sector UKI CISO, Enterprise Cyber Security |
IBM | Giles Hursey | Technology Sales Leader |
iProov | Campbell Cowie | Head of Policy, Standards & Regulation |
QinetiQ | Simon Wilcox | Data Intelligence, Business Development Lead |
SC Strategy | Dan Spacie | Senior Advisor - Defence and National Security |
Sopra Steria | Neil Salter | Director National Security |
Risk Ledger - Many UK Government departments and public bodies have increasingly looked to technology to support their understanding of the operational risk presented by their extended supply chain. Their goal is to establish fact-based views that inform their operating resilience by minimising the impact of cyber security events. Risk Ledger is one of the tools chosen with over 4,000 organisations already signed up. Experience shows that it typically takes less than 10 days to enter company information and this is then automatically reused across government. The organisational data is refreshed every 6-months or by exception on significant change or emerging vulnerability requests.
With several legislative and international standard overlays, compliance and audit reports can be generated in hours and not days allowing the correct focus on priority risk areas.
Cyber Essentials is a UK Government backed scheme overseen by the National Cyber security Centre (NCSC). It seeks to demonstrate that an organisation has a minimum level of protection in cyber security through annual assessments to maintain their company certification. By achieving at least this level of protection then an organisation:
Cyber Essentials is a self-certification trademark. It is recommended that independent, technical verification is conducted and that you therefore achieve Cyber Essentials Plus. Support for the certification process is an area where other techUK members might be able to assist.
There are five technical controls:
As a Cyber Essentials scheme applicant organisation, it's your responsibility to make sure that your organisation meets all the requirements. You might also be required to supply evidence before your certification body can award certification at the level for which you’re applying.
NCSC’s Cyber Essentials Partner the IASME consortium can help you to get certified. We also have a number of techUK members who can provide coaching or further support. For example:
Threat actors have much success in crafting plausible content on SMS text, email or published media that less aware users may click on or through embedded links to access seemingly legitimate web pages and potentially enter sensitive details that are harvested and used against individuals and organisations. The introduction of Quick Response (QR) codes in 1994, enables users to simply scan 2-dimensional bar-coded images with a camera enabled device to interact with richer services and information behind the image. With the straightforward ability for tampering with published codes through stick on overlays having now become a prevalent technique to hijack the original intended purpose and harvest user information. According to one source, the QR phishing (Quishing) threat has increased by over 2400% since May 23.
Both email Phishing and Scanned Quishing techniques or combined approaches attempt to lead a victim to a malicious website where login credentials and personal information can be stolen. Commonly there is an urgency or request for help that does not follow normal business process. Once credentials are harvested, they may be sold on or used for criminal activity.
Users should consider undertaking security awareness training to understand the risks, ensure their device software is kept up to date and has anti-virus software installed and should be encouraged to think before giving out personal information unless certain the webpages and need are legitimate. If in any doubt report to business security teams or law enforcement authorities.
Please remember that reputable companies do not send unsolicited mail requesting that you provide sensitive information!