19 Apr 2023

CyberUK: Minister announces official threat notice and issues ‘call to arms’ to businesses to strengthen cyber security

The Chancellor of the Duchy of Lancaster, Oliver Dowden addressed delegates at CyberUK in Belfast.

Speaking at the outset of CyberUK in Belfast, Chancellor of the Duchy of Lancaster and UK Government’s Lead Minister for Cyber Security, Oliver Dowden made a series of announcements aimed at strengthening UK wide resilience to the growing threat from hostile state actors.

The Minister outlined recent attempts from ‘Wagner-like cyber groups’ to damage UK critical national infrastructure. The Minister highlighted that these adversaries are ideologically, rather than financially, motivated making them less likely to show the same level of restraint as national actors, sharpening concerns around these threats.

In response, UK Government has made a series of announcements aimed at further strengthening UK resilience. These announcements include:

  • The National Cyber Security Centre is issuing an official threat notice to operators to help protect the country;
  • Government to set “specific and ambitious cyber resilience targets” for all critical national infrastructure sectors to meet by 2025
  • Government exploring how to bring all private sector businesses working in critical national infrastructure within the scope of cyber resilience regulations. 
  • Enhanced cyber security measures to protect the UK Government’s critical IT systems, known as GovAssure; and
  • Cabinet Office is looking at what more can be done to improve salaries for cyber security experts in the civil service, to ensure Government continues to attract best in class cyber talent.

Throughout his remarks the Minister discussed the significance of collaboration between Government, industry and academia and that there is a clear link between economic prosperity and security. Broadly, he argued that by building on the Government Cyber Security Strategy with these announcements, UK Government can lead the way and exemplify the behaviours and cultures that all organisations should be building around security and resilience.

On the other side of that coin, the strength of the UK’s growing cyber security sector was discussed with the Minister highlighting that in 2022, revenues hit over £10.5bn, the sector attracted £300 million of investment, and created an additional 5,300 jobs. Against a backdrop of economic uncertainty, this strong growth should give real optimism that the UK is in an enviable global position to distill the levels of resilience required.

The measures packaged as GovAssure will focus on increasing the UK’s cyber resilience and protect the government’s essential IT functions. A new framework will mean that all central government departments will have their cyber health reviewed annually through new, more robust criteria. GovAssure will be run by the Cabinet Office’s Government Security Group (GSG), with input from the National Cyber Security Centre (NCSC).

Dan Patefield, Head of Cyber and National Security, techUK said:

Against the concerning backdrop of these clear and evolving threats, techUK and industry welcome the announcements made by Government. Today’s Cyber Breaches Survey highlights that 32% of UK organisations suffered cyber breaches, and it is clear that these new threats are targeting both Government and industry. Further collaboration and a coordinated response is the best way to protect UK organisations and citizens.

The announcement of GovAssure is also most welcome. Government made clear its ambition to become an exemplar in terms of cyber resilience with the launch of the Government Cyber Security Strategy last year. Today’s announcements go further and will rightly assess resilience across Government on a continuous, and increasingly rigorous, basis. Industry underpins and enables that Government’s approach to resilience, and techUK looks forward to fostering further collaboration in this space going forward.

Dan Patefield

Dan Patefield

Head of Cyber and National Security, techUK