On Wednesday 9 May, the Department for International Trade (DIT) and techUK hosted the first meeting of the ‘Cyber Security Exports Working Group’. Created in order to support DIT’s Cyber Security Export Strategy, which was published in March, the working group is made up of a mix of industry and government representatives.
The minutes from then first meeting can be found below:
Cyber Security Exports Working Group
1000 – 1200 Wednesday 9 May 2018, techUK
- Welcome and introductions
DIT welcomed members to the first working group, which was established to support the implementation of the new Cyber Security Export Strategy. It was agreed that this was an operational group which would focus on delivery rather than one that focused on new policy development.
- Terms of Reference
The terms of reference were agreed. The main remit for the group is:
- Ongoing advice and support on implementation of the export strategy;
- Advice on the UK ‘brand’ for cyber security, including refreshed communications and marketing material;
- Advising the Cyber Growth Partnership on export progress, risks and opportunities.
- Forward look
An outline of future agenda items was noted, though the group would also consider issues by correspondence and table matters as they arose.
- Automotive cyber security sector offer
The export strategy set out a focus on six key sectors under the ‘Enable’ pillar. As part of this DIT intend to develop sector offers for each of them that set out the nature of the cyber security challenges facing the sector, the general procurement approach and solutions, plus the UK companies that can meet the needs. This would result in two products – a guide for internal DIT use that will help with running events and trade missions targeting that particular sector, and a public marketing brochure on the UK’s expertise in that area.
The group discussed the automotive offer, agreeing the overall approach but making suggestions around cyber insurance and the importance of securing data that is collected for one purpose but could be misused for another. It was discussed that some cyber issues would be pan-sectoral, but others would be specific to each sector and that this would need to be built into the offers.
There was a further discussion around whether more work could be done on high assurance, and building a sector offer around that. Branding will be discussed at a future meeting.
DIT, working with the group, to draw up an initial sketch of what a high assurance offer may look like for consideration by the group.
- Guidance for assessing risks to human rights
techUK spoke about the human rights guidance on helping to manage the risks of exporting cyber capabilities which was published in 2014, and which it had been agreed with HMG would be updated over the next six months. techUK were seeking views on what had worked well and what had not, and how much businesses had actually used it. There was a discussion around the inclusion of new case studies and the inclusion of contacts and the things that needed to be considered when assessing legal and reputational risk. The guidance covered non-regulated capabilities, and it was discussed whether the document should be broadened so that it covered regulated (export controlled) matters too. techUK will consider these points as the guidance is refreshed, and invited further input from industry on it.
techUK/DIT to recirculate the guidance to the group and other interested parties.
DIT to work with others on a campaign to promote the human rights guidance and export controls once the new document is launched.
The importance of cryptography was discussed, linking to the earlier conversation on high assurance. BeCrypt offered to be a link between this group and the high assurance group, which was agreed.
DIT noted that a new cyber security page was due to launch soon on the government’s export promotion website, great.gov.uk and encouraged industry to create profiles on it.
DIT noted that adverts for the three Cyber Security Industry Representative posts in Washington DC, Dubai and New Delhi would shortly be published and encouraged industry to consider potential applicants. The Singapore post had now been filled.
DIT offered to circulate their forward look of cyber missions to the group to seek feedback on them in advance.