2010 to 2015 government policy: cyber security
Updated 8 May 2015
This is a copy of a document that stated a policy of the 2010 to 2015 Conservative and Liberal Democrat coalition government. The previous URL of this page was https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace. Current policies can be found at the GOV.UK policies list.
Issue
The growth of the internet has transformed our everyday lives and is an important part of our economy. The World Economic Forum’s (WEF) Global Technology Report 2014 cites the UK as having the best developed e-commerce in the world.
But with greater openness, interconnection and dependency comes greater vulnerability. The National Security Strategy categorised cyber attacks as a Tier One threat to our national security, alongside international terrorism. The threat to our national security from cyber attacks is real and growing. Terrorists, hostile states and cyber criminals are among those targeting computer systems in the UK.
81% of large corporations and 60% of small businesses reported a cyber breach in 2014. With the cost for the worst cyber-security breach estimated between £600,000 to £1.15 million for large businesses and £65,000 to £115,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber attacks and crime.
Actions
The government has allocated £860 million until 2016 to establish a National Cyber Security Programme. The vision of the government is to ensure that a vibrant, strong and secure cyberspace can enhance the UK’s prosperity, national security and society.
This vision is set out in the UK Cyber Security Strategy, published in November 2011. The strategy has 4 objectives:
- making the UK one of the most secure places in the world to do business online and tackling cyber crime
- making the UK more resilient to cyber attack and better able to protect our interests in cyberspace
- helping to shape an open, vibrant and stable cyberspace that supports open societies
- building cyber skills, knowledge and capability the UK needs
Making the UK a safer place to do business and preventing cyber crime
To improve businesses’ cyber security, we:
- are providing cyber security advice to businesses such as the 10 Steps to Cyber Security Booklet and tailored guidance for small businesses, as well as further guidance and training for those sectors or roles particularly at risk
- have built a Cyber Security Information Sharing Partnership with businesses to allow the government and industry to exchange information on cyber threats in a trusted environment
- have reached agreement with industry on a series of guiding principles for internet service providers, setting out a best practice approach to help inform, educate and protect customers from online threats
- have developed a Cyber Essentials scheme to give organisations a clear baseline to aim for to protect themselves against the most common cyber security threats and to advertise that they meet this standard: this is one of the ways we are working with industry on cyber security standards and principles
- set up a National Cyber Crime Unit within the National Crime Agency in 2013 and dedicated cyber units in each of the 9 regional organised crime units (ROCUs)
- have introduced a single reporting system for people to report financially motivated cyber crime through Action Fraud, the UK’s national 24/7 fraud and internet crime reporting centre - recording incidents of fraud centrally enables intelligence being gathered about crimes to be shared and analysed, resulting in more targeted enforcement action
We are supporting the growth of the UK cyber security industry by:
- investing £3 billion over 9 years into developing the next stage of national cyber capabilities, working with small businesses in the South West region and recruiting cyber specialists
- working with industry through a joint ‘Cyber Growth Partnership’ with technology industry representatives techUK (formerly Intellect)
- publishing a Cyber Exports Strategy to set out the scope of opportunities and actions and set a target for future export growth
- providing a Cyber Security Suppliers’ scheme for businesses that supply cyber security products and services to the UK government
Making the UK more resilient to cyber attack
The government is strengthening its ability to detect cyber attacks on UK interests. This means it can quickly and effectively protect nationally significant networks.To make the UK more resilient to cyber attacks, we:
- established CERT-UK on 31 March 2014, a new organisation to lead on national impact cyber incidents and share technical information between countries; CERT-UK has helped protect the Commonwealth Games and the 2014 NATO Summit from cyber threats
- have set up a new Cyber Incident Response scheme to help organisations recover from a cyber security attack
- have extended the role of the Centre for the Protection of National Infrastructure (CPNI) to work with all organisations that may have a role in protecting the UK’s critical systems and intellectual property
- have agreed a set of actions with regulators in essential services to make sure that important data and systems in our critical national infrastructure continue to be safe and resilient
Shaping a safe and stable cyberspace
To cultivate a safe, stable and vibrant cyberspace internationally, we:
- work with other countries to identify and manage cyber risks and develop principles to guide the behaviour of governments and others in cyberspace
- have hosted and supported the ‘London Process’ series of cyber conferences
Building cyber skills, knowledge and capability
Our ability to defend ourselves in cyberspace depends upon a strong skills and knowledge base. We need to ensure that there is a sustained supply of competent cyber security professionals who have achieved the necessary standards and certification. To develop the knowledge, skills and capabilities needed to defend the UK against cyber crime, we are:
- providing cyber security advice for business and the public, including through our ‘Be Cyber Streetwise’ campaign
- working to improve cyber skills, education and professional opportunities
- challenging the UK public to find ways of defending the government from cyber attacks as part of the Cyber Security Challenge UK competition, sponsored by the National Cyber Security Programme
Background
Our National Security Strategy classed cyber security as one of our top priorities alongside international terrorism, international military crises and natural disasters.
We published the UK Cyber Security Strategy on 25 November 2011. It sets out how the UK will support economic prosperity and protect our national security by building a more trusted and resilient digital environment.
The Office of Cyber Security and Information Assurance (OCSIA) in the Cabinet Office coordinates work carried out under the National Cyber Security Programme across government departments and agencies.
OCSIA distributes the £860 million funding to government departments, agencies and some other non-governmental organisations. These include the intelligence agencies, Ministry of Defence (MoD), Foreign and Commonwealth Office (FCO), Department for Business, Innovation and Skills (BIS) and the Centre for the Protection of National Infrastructure (CPNI). The CPNI supports the organisations that provide our essential services, or critical national infrastructure, covering defence, finance, pharmaceuticals, energy and telecommunications. The UK Cyber Security Strategy sets out which departments are responsible for specific actions: eg Home Office leads on cyber crime and FCO on international cyber security.
Francis Maude, Minister for the Cabinet Office, made a written ministerial statement to Parliament about progress against the objectives of the strategy on 11 December 2014, and on previous years since the strategy was published. Read the government’s achievements so far and forward plans.
Who we’re working with
The UK Cyber Security Strategy sets out how the government will promote growth and minimise the economic impact of cyber attacks by working closely with the private sector. Our approach depends on building effective partnerships between and within government, the private sector and academia.
The private sector runs the infrastructure that cyberspace depends on, as well as the systems that support our critical national infrastructure. It is also the largest economic victim of crime and economic espionage done through cyberspace. We work closely with industry to raise awareness of the threat to reputation, revenues and intellectual property from cyber attack and the measures that businesses can take to address these.
This includes working with large and small firms from the growing cyber security sector; internet service providers and their representative groups (such as the Telecommunications Industry Security Advisory Committee (TISAC)) and tech-UK, which represents 850 mostly small- and medium-sized businesses in the cyber-security sector. We work with regulators, owners and operators of the UK’s essential services such as the Bank of England, the Financial Conduct Authority, Ofcom, Ofgem and Ofwat.
As the internet supports sectors across the board, government also works with a diverse range of businesses and their representative or professional bodies, including FTSE 350 companies, the Federation of Small Businesses, the insurance industry, the Institute of Chartered Accountants of England and Wales and the Law Society.
Cyber security is a global issue. The government’s interests in this area are represented in international forums, eg the United Nations, the Organisation for Security and Cooperation in Europe, the EU and the World Economic Forum. The UK also works with global partners and with other countries to build up their capacity and strengthen trans-border law enforcement co-operation on cyber crime.
Appendix 1: setting up a National Cyber Crime Unit
This was a supporting detail page of the main policy document.
GCHQ and the National Cyber Crime Unit (NCCU) work together to develop the skills and technology required to combat the elite cyber crime threat to the UK.
For the most serious national crimes, the NCCU in the National Crime Agency (NCA), leads operations. GCHQ is helping the NCCU develop skills and technology to combat cyber crime threats and more than 3,500 NCA officers have completed digital awareness training. We are also training the police about cyber crime.
We are expanding regional cyber operations so that each of the 9 Regional Organised Crime Units has its own cyber unit. The Metropolitan Police are also enhancing their local cyber capability. Operation FALCON (Fraud and Linked Crime Online) has brought together the Metropolitan Police’s fraud squad and the cyber crime unit to disrupt and arrest cyber criminals attacking London businesses.
Many cyber criminals operate outside UK jurisdiction. The NCCU has increased activities overseas to:
- understand the global cyber crime threat
- co-ordinate activity against priority threats
- develop relationships with international partners to support co-operation on prosecutions, including by posting officers overseas, in Europol, the USA and Interpol
Find out how we are building cyber security capacity internationally.
Appendix 2: establishing a cyber security information sharing partnership
This was a supporting detail page of the main policy document.
The Cyber security Information Sharing Partnership (CiSP), launched in March 2013, lets the government and industry share information on current threats and managing incidents on a secure platform. More than 750 companies had joined CiSP by December 2014.
The CiSP includes a team of analysts (a ‘Fusion Cell’) supported by the government’s security services and the National Crime Agency along with industry analysts. These analysts produce an enhanced picture of cyber threats facing the UK. CiSP is now part of the new organisation for national cyber incident management CERT-UK, which also has an international liaison role. Read more about CERT-UK efforts to identify threats and strengthen our networks.
The CiSP platform and Fusion Cell team played an important role in the Bank of England’s Waking Shark II exercise (pdf) in 2013. This tested the finance sector’s response to a simulated cyber attack. The secure environment allowed participants to share information in real time as the simulation developed, identify the emerging cyber attack and respond to it.
CERT-UK and CiSP have been working with police Regional Organised Crime Units (ROCUs) to introduce Regional Cyber security Information Sharing Partnerships (CISP forums). These promote the sharing of cyber security information regionally to help local businesses protect themselves from cyber crime. Following a pilot in the East Midlands region, we are establishing a second node in the south-east to launch in January 2015, with others to follow.
The information-sharing forum set up for the 2014 Commonwealth Games will be relaunched as a dedicated node for Scotland, with a similar initiative going live in Northern Ireland in 2015 and Wales to follow.
Appendix 3: identifying and analysing threats and strengthening our networks
This was a supporting detail page of the main policy document.
We are building up the UK’s capability to detect and defeat high-end threats, primarily at GCHQ.
GCHQ is sharing intelligence on hostile state and cybercrime activity with security-cleared personnel in communications service providers (CSPs). This means that CSPs can take early action on the networks they manage and protect their customers.
GCHQ also hosts one of the Ministry of Defence’s Joint Cyber Units, developing new tactics, techniques and plans to confront threats.
MI5, the security service, investigates cyber threats from foreign intelligence agencies and terrorists, and works with UK victims of security attacks. This research informs the work of the CPNI, which:
- helps organisations to improve their cyber security measures
- researches vulnerabilities
- looks at cyber infrastructure technology and systems
The US and UK work closely on a range of cyber security and cyber defence matters. CERT-UK and US-CERT collaborate on computer network defence and sharing information to address cyber threats and manage cyber incidents. To deepen this collaboration, GCHQ and MI5 are working with US partners (the National Security Agency and the Federal Bureau of Investigation) to establish a joint cyber cell, operating in each country. The cell, which will allow staff from each agency to be co-located, will concentrate on specific cyber defence topics and enable more cyber threat information and data to be shared more quickly.
To ensure that businesses know where to turn for advice and services, GCHQ has accredited firms working in Cyber Incident Response and provided guidance for organisations considering a Bring Your Own Device approach. GCHQ has also been enabling industry to deliver a broader supply of assured cyber security products to defend against cyber attack through Commercial Product Assurance.
The government works with industry and industry regulators to ensure that they understand the risks to the UK’s essential services and put measures in place. The Secretary of State for Business hosted a ‘summit of the regulators’ in February 2014 to address the cyber risks faced by the UK’s critical national infrastructure. The communiqué from the summit set out a set of joint actions to make sure our essential services are protected.
CERT-UK
CERT-UK coordinates national cyber incident management for the UK helping ensure that critical sectors are prepared for the potential impact of a destructive cyber attack. It works with industry, academia and the public sector to improve cyber resilience and also includes the Cyber Security Information Sharing Partnership (CiSP).
The organisation provided information and advice on the recently discovered Heartbleed and Shellshock vulnerabilities. It also oversaw the safety of the digital infrastructure for the Commonwealth Games in Glasgow and the Cardiff NATO Summit in 2014.
CERT-UK also works with other computer emergency response teams (CERTs) internationally. This helps ensure that the response to trans-border incidents is prompt and co-ordinated.
As well as domestic exercising to test readiness for and responses to simulated attacks, CERT-UK will lead a new programme of joint exercising with the United States. The joint exercise will involve the financial sector, followed by further exercises to test critical national infrastructure.
Strengthening the protection and resilience of government IT systems
The Public Sector Network (PSN) is a security model for the sharing of government services.
PSN has also published operational security standards and guidance to help address common security problems such as patch management and malware protection. In 2014 every local authority and council moved onto the PSN. The majority of central government departments and suppliers will also be moved before the end of the financial year.
The Government Digital Service are working on GOV.UK Verify, the way for people to prove who they are when using digital public services. It will replace face-to-face and postal methods of verifying people’s identity, so that they can use services securely online.
The Department for Work and Pensions has increased its cyber capability and its experts have worked with GCHQ to ensure digital service programmes are secure and resilient. This helps to prevent interference or attempted fraud.
HM Revenue and Customs’ cyber team is helping HMRC identify and prevent cyber crime. So far it has helped to prevent more than £100 million of fraud in 2014.
At a strategic level all government department and key agency boards have incorporated cyber risk into their risk management regimes. The Office of the Government Senior Information Risk Owner (OGSIRO) provides effective information and cyber security risk management for relevant major public sector projects and common services, like shared IT systems).
The government incorporates cyber security in its forces, defence planning and operations and is strengthening cyber security in the military supply chain, eg through the Defence Cyber Protection Partnership (DCPP).
Appendix 4: building cyber security capacity internationally
This was a supporting detail page of the main policy document.
We are expanding and strengthening the UK’s bilateral and multilateral networks by working with other states and through the EU, NATO, the Commonwealth and other bodies.
In January 2015 the Prime Minister and United States President Obama announced a series of measures expected to deepen co-operation:
- establishing a joint ‘cyber cell’ on both sides of the Atlantic where UK and US cyber teams will work side by side to share information about threats from our cyber adversaries
- conducting a programme of large scale joint exercises to test the resilience of both the UK and US in the face of cyber attacks
- aligning our cyber security best practices and standards, including the US National Institute of Standards and Technology (NIST) Cyber security Framework and the UK’s Cyber Essentials scheme
- training the next generation of ‘cyber defenders’ with a new Fulbright Cyber Security Award to encourage future talent on both sides of the Atlantic and carry out cyber research placements for up to 6 months; as well as a new international cyber security collaboration between Cambridge University and MIT (Massachusetts Institute of Technology) for joint teams to solve technical cyber security challenges
The UK works with many partners, and hosting a pioneering London Conference on Cyberspace in 2011 and supporting the later ‘London Process’ conferences in Budapest (2012) and Seoul (2013) since then to continue the global conversation on the future of the internet. The next conference will be in The Hague in 2015.
In June 2014 the UK became a full member of the NATO Cooperative Cyber Defence Centre of Excellence, a research and training facility for cyber security. The National Cyber Security Programme (NCSP) funded the Commonwealth Telecommunications Organisation to develop a national cyber governance model for the Commonwealth countries. This was ratified in 2014 and several Commonwealth members are putting this in place.
The UK took part in the UN Group of Governmental Experts (UNGGE), which agreed in 2013 that international law is applicable in cyberspace. We will continue to work in the new, expanded UNGGE.
We helped to negotiate the first regional Confidence Building Measures (CBMs) for cyberspace and are now putting them in place. The CBMs were adopted by the Organisation for Security and Cooperation in Europe (OSCE) in December 2013.
This work will help to build understanding, confidence and cooperation between states and strengthen international cyber security.
Building capacity
We are using NCSP annual funding of £2 million for 30 international capacity building projects as well as funding a new global centre for cyber security capacity building.
The Global Cyber Security Capacity Centre at Oxford University aims to help other states and organisations across the world to build up their cyber capabilities effectively. Opened in November 2013, the centre is creating a benchmarking model against which states can measure their cyber security capabilities. They can then identify global gaps in cyber security capacity and analyse, pool and share information around available and effective resources. This work will help define global priorities and support international partners to increase the scale and effectiveness of efforts against cyber threats. It will offer countries independent advice on how to build a secure and resilient cyberspace.
NCSP funding has also paid for selected Chevening, Marshall and Commonwealth scholars to attend a cyber policy course at Cranfield, engaging future international leaders with UK policy and positions.
On international cyber crime, the government works with several international organisations and police forces, including the Philippines Cyber Crime Unit, Interpol and Police Scotland. The Foreign and Commonwealth Office helped set up a National Cyber Crime Centre in Romania with the Council of Europe. This co-ordinates European efforts to build skills and resources to combat cyber crime.
Appendix 5: providing cyber security advice for businesses and the public
This was a supporting detail page of the main policy document.
Businesses
Under the National Cyber Security Programme, government has been working to
- raise businesses’ awareness of the threat from cyber crime
- encourage firms to use effective cyber security risk management practices
Our 10 Steps to Cyber Security booklet provides clear and concise advice on how to safeguard a company’s most valuable assets, such as personal data, online services and intellectual property. Updated in January 2015, the guidance helps businesses identify security risks and put in place operational procedures to minimise them. It includes Cyber Attacks: Reducing the Impact, which sets out what common attacks look like and how they are carried out.
The government has published tailored guidance for small businesses as well as a free online training package. The training covers fraud, cyber crime and staying safe online. We worked with industry to produce a cyber action plan for small businesses.
The Department for Business, Innovation and Skills (BIS), working with Innovate UK, offers Innovation Vouchers worth up to £5,000 to SMEs to work with a supplier to improve their cyber security and help their business grow. The department has also published free online training packages for professions that are particularly at risk or can help spread awareness. These include:
- cyber security guidance for the corporate finance sector, developed with the Institute for Chartered Accountants in England & Wales (ICAEW)
- Cyber Security Guidance for Non-Executive Directors, who sit on company boards and advise from an external perspective so can encourage good management of cyber risks
Cyber security information and advice for businesses is also available from the government’s Business Support Helpline and the Business Growth Service.
Public awareness
We are working to ensure that consumers are better informed about potential risks and how to avoid them, and that they demand better cyber security in the products and services they buy.
The government has launched the Be Cyberstreetwise awareness campaign, with a range of interactive resources and online videos. This aims to:
- change the way people view online safety
- provide the public and businesses with the skills and knowledge they need to take control of their cyber security
- measurably change online behaviours for the public and micro, small and medium sized businesses
The campaign is being run with the private sector, building on work by BIS and supporting other awareness campaigns like GetSafeOnline.org.
Appendix 6: promoting economic growth in the cyber security sector
This was a supporting detail page of the main policy document.
UK Trade & Investment published the Cyber Exports Strategy in May 2013 followed by guidance on exports published in December 2014. In 2013 cyber security exports from the UK grew by 22% on the previous year. The UK is on track to meet the government’s target to double annual sales in cyber security exports to £2 billion by 2016. Our aim is then to increase these sales further to £4 billion by 2020.
In January 2015 a new cyber security envoy was appointed to help British small businesses and first-time exporters promote their business interests across the US. Andy Williams, formerly one of the small business sector representatives, will be based in the British Embassy in Washington to help boost UK-US cyber security deals.
Cyber Growth Partnership
The Cyber Growth Partnership (CGP) is a joint initiative between industry, academia and government, aimed at boosting the UK’s global market position in cyber security products and services. The main UK ICT trade association, techUK, coordinates business and academic involvement in the CGP, while a high-level board, co-chaired by Ed Vaizey, Minister for Culture and the Digital Economy, and a senior industrialist, provides governance.
A new Cyber Security Suppliers’ scheme has been developed under this initiative. Businesses in the scheme can show that they supply cyber security products and services to the UK government and use the government logo in their marketing material.
TechUK, working with the CGP and Institute for Human Rights and Business, the Foreign & Commonwealth Office and the Department for Business, Innovation & Skills, published Assessing Cyber Security Export Risks on 2 December 2014. This guidance ensures businesses can export responsibly and with confidence while avoiding any potential risks to human rights.
The Cyber Growth Partnership appointed 2 representatives from the small business sector in September 2014 to improve innovation and growth in the UK cyber security sector. They are helping to establish up to 14 regional cyber security business ‘clusters’ like the one at Malvern around the UK. They are also aiding small and medium cyber security companies to grow and export through a ‘Cyber Connect’ initiative.
The government also announced funding for a new cyber security ‘Pre-Accelerator’ programme to support early stage cyber security start-up firms. Innovate UK has launched a £4 million competition for UK cyber businesses to develop ideas to tackle cyber security threats.
Appendix 7: working with industry on minimum standards and principles
This was a supporting detail page of the main policy document.
The government has worked with industry to develop the Cyber Essentials, scheme, which gives organisations a clear baseline to aim for to protect themselves against the most common cyber threats. Cyber Essentials is for organisations of all sizes, and in all sectors and is free to download.
Any organisation can use the guidance to implement basic security controls, but some may want to apply for a Cyber Essentials badge. Displaying the badge demonstrates that the organisation takes cyber security seriously and has met a government approved standard, giving a competitive edge over others. To ensure flexibility and affordability there are 2 levels of badge: Cyber Essentials and Cyber Essentials Plus. For more information, visit Cyber Essentials. Since October 2014, it is mandatory for government suppliers of personal or sensitive information handling contracts to use Cyber Essentials controls.
Insurers recognise that Cyber Essentials certification indicates a mature approach to cyber security in small and medium sized businesses that helps to reduce risk. Insurers working with government and industry have agreed to incorporate Cyber Essentials into their risk assessment process for SMEs, making it easier for firms to get coverage.
This was one of a number of joint initiatives between government and the insurance sector to help firms understand cyber risk. Following a summit in November 2014, government and the sector published a report: UK Cyber Security: the Role of Insurance in Managing and Mitigating the Risk. The report recommends that firms examine the different forms of cyber attacks, stress-test themselves against them and make business-wide recovery plans.
Cyber insurance is an increasingly widely available product that can provide cover for a variety of themes. However, not all risks can be insured against, and businesses must take steps to prevent cyber breaches. Insurers can help guide and incentivise improvements in cyber security practice, including asking whether a Cyber Essentials badge is held during the cyber insurance application process.
To ensure multinational companies get the best advice on keeping systems safe from cyber attacks, in 2015 we will work with industry to promote and align our best practices and standards, including Cyber Essentials, with the US National Institute of Standards and Technology Cybersecurity Framework.
Government also launched Publicly Available Specification 754 (PAS 754) in June 2014. This sets out the processes that can help organisations identify and employ trustworthy software.
Home Office, the Department of Business, Innovation and Skills (BIS) and industry have also agreed a set of guiding principles for internet service providers (ISPs) that all ISP signatories, in partnership with government, should reach as a minimum. They provide a consistent, best practice approach to help inform, educate and protect ISPs’ customers from online threats. These include:
- areas where ISPs will work with their customers to raise awareness and provide advice and security solutions
- the role government has to play in increasing cyber security
- where government and industry could work together to improve security
Government has agreed with regulators in each area of essential services a common set of actions to take to make sure that important data and systems in our critical national infrastructure continue to be safe and resilient. Actions include encouraging essential services firms to:
- join the Cyber Security Information Sharing partnership (CISP)
- assess themselves against 10 Steps to Cyber Security guidance
- manage cyber risk in their supply chains by using the government’s organisational standards for cyber security
To see how companies are doing, we have conducted a Cyber governance health check for FTSE350 companies. This looks at how top UK companies are managing cyber risks and helps them benchmark themselves against peers and competitors. The 2014 results show an increasing maturity among top UK firms in dealing with cyber threats, with 58% of firms using the government’s 10 Steps to cyber security guidance (up from 40% in 2013) and 88% including cyber security on their risk register (up from 58% in 2013).
To help assess the level of information security breaches affecting wider UK businesses, BIS publishes an annual Information security breaches survey. This provides data and insight to help guide businesses and inform government policy.
Appendix 8: improving cyber skills, education and professional opportunities
This was a supporting detail page of the main policy document.
An increased demand for more and better cyber security products and services means we need more people, with the right skills, working in the sector.
The government is making it easier for new talent to enter cyber security and providing incentives to pursue a career in the sector. We have also introduced cyber security at every level of the education system from age 11 to post-graduate. This ensures that everyone who leaves education has at least a basic understanding of cyber security before employment.
Schools
We are:
- supporting the Make IT Happy programme and Behind the screen teaching materials
- funding, through the National Cyber Security Programme, cyber security learning and teaching materials at GCSE and A-level; new Key Stage 3 (age 11 to 14) content will be released to schools in 2015
- funding or sponsoring competitions like the Cyber Security Challenge schools competition and the National Cipher Challenge
Apprenticeships
We are:
- working with the Tech Partnership (formerly e-skills UK) to train providers and industry to increase the number of cyber security apprenticeships, with 200 new entry-level jobs created
- running a technical apprenticeship scheme through GCHQ and other intelligence agencies for more than 120 students, with further intakes planned for future years on a tailored 2-year foundation degree course, as well as recruiting apprentices to work in Department for Work and Pensions, CERT-UK and HM Revenue & Customs
- designing with industry the first ever apprenticeship frameworks in cyber security
- undertaking a Cyber Higher Apprenticeship pilot
- launching a Cyber Intrusion Analyst Trailblazer Apprenticeship from September 2015, providing training in this specialised and strategically important role
Undergraduates, postgraduates and research
We are:
- funding new teaching development grants for 4 higher education academies
- certifying Master’s Degrees to set a rigorous standard for UK universities to aim for
- building cyber security into university degrees with the Institute of Engineering and Technology (IET) to support and fund the Trustworthy Software Initiative
- sponsoring up to 33 GCHQ PhD Studentships with 2 new Centres of Doctoral Training through the Department for Business, Innovation & Skills and Engineering and Physical Sciences Research Council (EPSRC) to deliver 66 PhDs over their lifetime
- awarding ‘Academic Centre of Excellence’ status in Cyber Security Research (ACEs-CSR) to 11 UK universities in recognition of the high standard of their cyber security research
- investing in 3 research institutes to develop cyber security capability in strategically important areas
- funding a new Fulbright Cyber Security Award for the brightest scholars in the US and UK to conduct cybersecurity research for up to 6 months
- taking part in a ‘Cambridge vs Cambridge’ cybersecurity contest with Cambridge, Massachusetts Institute of Technology’s Computer Science & Artificial Intelligence Laboratory
Cyber security careers and internships
We are:
- working with The Tech Partnership and cyber security professionals on their SecureFutures programme, to demonstrate to young people how exciting cyber careers can be
- also working with The Tech Partnership on their ‘Learning Pathways’ project to develop the professional formation routes for cyber security careers
- making sure that cyber professionals have clearly defined career development through the CESG Certified Professional Scheme established by GCHQ
- Setting a standard for cyber security training courses through the CESG Certified Training scheme
- building on the Information Assurance Advisory Council (IAAC) Cyber Internships Pilot with e-skills UK and the Council of Registered Ethical Security Testers (CREST) to develop a further internship scheme
Wider educational support
We are:
- funding an Open University-developed Massive Open Online Course ‘Introduction to Cyber Security’
- helping to teach people about cyber security and encryption via a free app (Cryptoy) developed by students working on placement at GCHQ
Training within government
As well as the ‘Responsible for Information’ e-learning course for all civil servants on the Civil Service Learning website, we:
- have trained more than 3,600 civil servants in face to face sessions via The National Archives (TNA)
- train staff at DWP through a comprehensive training and development programme
- train the police and the Crown Prosecution Service (CPS)
- offer training to Ministry of Defence personnel, as well as part-time postgraduate education courses for the defence community
- are recruiting military Cyber Reserves