Policy paper

DSIT cyber security newsletter - November 2024

Published 20 December 2024

1. Director’s message

The strength of our sector is built on the partnerships we build across industry, academia and the public sector. It was therefore a highlight last week to attend our academic cyber policy engagement conference in Manchester. I had the opportunity to talk about our work and why working with researchers is so important for our policy development. It was also great to hear Professor Chris Johnson, DSIT’s Chief Scientific Advisor, deliver his keynote address on the importance of cyber. The day before I also had the pleasure to meet cyber companies from the local ecosystem and digital leaders, which demonstrated the great work and ambition present in the region.
 
Last month the government published its green paper for the upcoming Industrial Strategy. The Strategy is the government’s 10-year plan to drive growth and deliver the certainty and stability needed for investment. Digital and Technologies has been identified as one of the growth driving sectors that will be the focus of the Strategy, so it is important we get the views of the sector on both your challenges and opportunities. There is currently a consultation on the green paper and I strongly encourage you to respond. The consultation closes on 24 November.
 
Today is also the last day to respond to our call for views on future iterations of the DSIT-funded Cyber Security Breaches Survey for 2026 and beyond. This is your chance to provide feedback on the Survey and how it can help organisations understand the nature and significance of the cyber security threats they face
 
Finally, I would like to celebrate a fantastic milestone as the Government’s Cyber Essentials scheme reached its tenth anniversary in October. This was marked with an event at the House of Lords attended by key industry colleagues, with speeches from Minister Clark and Richard Horne, the incoming CEO of the NCSC, as well as some fascinating panels.

Rod Latham  
Director, Cyber Security and Digital Identity

2. Cyber Essentials 10 Year celebration

In October the Government’s Cyber Essentials scheme celebrated its tenth anniversary with an event at the House of Lords attended by industry colleagues and the NCSC. DSIT’s cyber security Minister Clark delivered a speech on the journey of Cyber Essentials and our future ambition for the scheme. New research shows the scheme is having a positive impact.
 
Since the scheme began, over 190,000 Cyber Essentials certificates have been awarded to businesses, charities, schools, universities and local authorities, including 43,480 certificates issued in the past 12 months.The scheme helps protect against almost all cyber threats. 92% fewer insurance claims are made by businesses and organisations with the Cyber Essentials controls in place.
 
The government is now working to promote the scheme further and encourage businesses to use Cyber Essentials in their supply chains.  To support this DSIT and the UK’s high street banks have published a joint statement outlining a commitment to the scheme.

3. Opportunities to get involved with the UK Cyber Team competition

The search for the next generation of cyber security talent is in full swing, and there’s still time to get involved. The UK Cyber Team Competition continues to welcome applications from 18- to 25-year-olds eager to develop their cyber skills in a challenging capture the flag competition.

Top performers will earn a spot on the UK Cyber Team, representing the nation in international cyber competitions and gain access to advanced training supported by industry experts, invaluable networking opportunities and mentorship to help shape their careers.

4. Sponsor the UK Cyber Team

 
There are sponsorship opportunities available for this year’s competition. Sponsors will have the chance to support the development of the UK’s brightest cyber security talents and gain visibility within the cyber security community. This is a fantastic opportunity for companies to invest in the future of cyber security and showcase their commitment to nurturing young talent.

For further details, please visit the UK Cyber Team website.

5. CyberASAP industry day showcases innovative firms

Now in its eighth year, the DSIT-funded CyberASAP programme provides academics with the expertise and knowledge needed to convert their research into a commercial product. The programme, delivered by Innovate UK Business Connect, creates a pipeline to move great cyber security ideas out of the university lab and into the commercial market.
 
The current Cyber ASAP Industry Challenges cohort, delivered by Innovate UK’s delivery partner Plexal, attended an Industry Day on 21 October at Hub8 in Cheltenham. The teams met with mentors and industry experts and included one-to-one mentoring sessions, groupwork, sales training, and preparation for pitching to future investors.
 
There was a great buzz and synergy on the day, and teams were able to connect with cyber specialist experts in their field, leaving a strong foundation for future discussions about user testing and proof of concepts.
 
The event has strongly increased the likelihood of successful initial commercialisation efforts for the teams that were ready to start engaging with potential future clients.

6. NCSC Cyber Resilience Audit Scheme

The NCSC has launched a new Cyber Resilience Audit Scheme to assure the quality of cyber resilience auditors of Critical National Infrastructure and other organisations. The scheme will give consumers confidence in companies that have been assessed as meeting the NCSC standard.
 
Cyber Oversight Bodies (such as regulators and other government organisations) that use the scheme are referred to as Scheme Partners. Scheme Partners may encourage, recommend or require the organisations they oversee to have audits conducted by CRA Assured Service Providers.
 
Initially the cyber audits carried out under the CRA Scheme will be based on NCSC’s Cyber Assessment Framework, but it is expected the scheme will evolve over the next year. If you provide these services and would like to be a part of this scheme applications are currently open.

7. Give your views on the industrial strategy green paper

The government has published the green paper on its Industrial Strategy, the UK government’s proposed 10-year plan for the economy. The Strategy aims to deliver the certainty and stability businesses need to invest in the high-growth sectors and drive long-term economic growth. It proposes a modern and ambitious vision for the UK business landscape, one that seeks to place private business, entrepreneurship, and innovation at its heart. 
 
To support this the green paper is now open to consultation and we are keen to get responses from across the cyber sector, including businesses, investors and academia. Your views and insights can help shape the focus of the industrial strategy and the challenges that need to be addressed. The consultation closes on November 24.

8. New legislation for digital identity services 

The Data (Use and Access) Bill was introduced to Parliament in the House of Lords on October 23. The Bill includes measures to legally underpin digital identity services, or digital verification services as they are named in the Bill.

You can read more about the measures in the Data (Use and Access) Bill in this online factsheet and follow its progress through parliament.

On October 24, DSIT also announced the launch of the new Office for Digital Identities and Attributes (OfDIA). OfDIA has been established within the Department for Science, Innovation and Technology and is an important step in the roll-out of a trusted digital identity ecosystem in the UK.

9. DSIT takes part in Singapore International Cyber Week

In his first international role as Director for Cyber Security and Digital Identity, Rod Latham, along with Andy Whittaker, Head of Cyber Policy Department at the FCDO and Richard Horne, Chief Executive Officer at the NCSC attended the Singapore International Cyber Week in October.  This is a major international cyber security event attracting government and industry figures from across the globe to find common ground and discuss solutions to cyber security issues. 
 
Rod engaged in talks with senior officials from countries including the United States, Australia, France and Singapore and participated in several panels on AI cyber security, which was a dominant topic at the event.

10. Post-implementation review of Product Security Act  

DSIT will be undertaking an interim Post-Implementation Review of the Product Security and Telecommunications Infrastructure Act 2022 to be published by October 2026. This is a standard process to assess the effectiveness of a regulatory measure after it has been implemented.
 
To support this work, DSIT have commissioned RSM UK Consulting LLP to carry out preparations for evaluation and research projects on the product security elements of the PSTI Act. The evaluation will help to assess how effectively the regime has been implemented and if it is meeting its objectives.
 
If you are involved in the consumer IoT value chain, know PSTI, and are interested in helping steer the evaluation design, please contact Matt at RSM. Your feedback could help make sure that the research is comprehensive and would be used to support future policy development.

11. DSIT-funding supports pilot project for veterans in the South West

SaluteMyJob, a social enterprise helping Armed Forces veterans into civilian employment, has been awarded a grant for a pilot project through DSIT’s Cyber Local programme. The programme will support three ex-military job seekers into jobs with small businesses in the South West.
 
In collaboration with Abertay University, IBM and the Click Start initiative, SaluteMyJob’s Pathways Programme trains and provides the commercial experience needed to compete for demanding roles in cybersecurity, data analytics and AI. The grant is funding extended onboarding and probation periods for three veterans as they begin their employment. See the full press release and quote from Minister Clark here.

12. Cyber runway pitch day in Edinburgh

A Cyber Runway Pitch Day took place in Edinburgh on October 23, hosted by Communication Trainer Greg Summers. The regional event is a small part of the government’s drive to bolster the cyber ecosystem across the UK. The day focused on key skills for communicating effectively and developing network. It closed with bespoke analysis of each attendee’s short pitching style that focused on getting key messages across quickly.