Policy paper

DCMS cyber security newsletter - July 2022

Published 5 July 2022

This was published under the 2019 to 2022 Johnson Conservative government

1. Director’s message

One of the perks of my job is getting to meet and learn about the many innovative cyber security companies bringing products and services to the UK market. I was therefore excited to attend Infosecurity Europe last week, where DCMS was once again sponsoring the Innovation Zone and the UK’s Most Innovative Cyber SME 2022 competition. Congratulations to this year’s winner, cyber skills training company TryHackMe

Ensuring the UK remains a global tech superpower is central to the government’s agenda. To help achieve this aim, last month we published our new UK Digital Strategy, our plan to grow the economy and create more high-skilled, high-wage jobs. This strategy highlights measures to keep the UK tech sector fit for the future, including an external review of the UK’s computer power and a new expert council to tackle the digital skills gap. It will of course align closely with our own work in cyber and our National Cyber Strategy 2022.

Additionally, the government has just published its response to the Embedding standards and pathways across the cyber profession by 2025 consultation. This gathered views on whether the UK Cyber Security Council needs further powers to fulfil its role as the professional authority and standard setting body. The response provides an analysis of the key findings, particularly regarding the evolution of the profession and the difficulties faced by employers when trying to hire cyber security professionals.

Finally, the DCMS-funded Cyber Runway programme’s Grow and Scale streams are open for applications from today. These streams are open to start-ups, SMEs and scale-ups looking to develop the skills, connections and knowledge to drive growth in their businesses. Applications close on Friday 29 July and I strongly encourage you to apply for what is a really great opportunity.

Erika Lewis

Director, Cyber Security and Digital Identity

2. Applications open for Cyber Runway: Grow and Scale

Applications for the Cyber Runway Grow and Scale accelerator streams open from today until Friday 29 July.

Delivered by Plexal and funded by DCMS, Cyber Runway is the UK’s largest cyber accelerator. Over the course of six months Cyber Runway provides connections to investors and industry buyers, access to online content, engineering support, mentoring, and advice on everything from commercialisation and global growth to marketing and recruitment.

Delivered virtually, Cyber Runway is free to attend and Plexal are particularly keen to hear from companies from a diverse range of backgrounds and from all regions of the UK.

3. TryHackMe win most innovative cyber SME competition at Infosecurity Europe

Infosecurity Europe took place from 21-23 June at ExCel London, bringing together a host of industry businesses and professionals from all over the world. 

DCMS once again hosted the Innovation Zone at the conference and sponsored the UK’s Most Innovative Cyber SME competition. This enabled the fourteen finalists to attend the event and showcase their businesses in front of an audience of buyers, investors and other cyber professionals.

This year’s winners were TryHackMe whose hands-on, immersive approach to cyber security training impressed the judges.  

4. Launch of the UK digital strategy

As part of London Tech Week in June the government published a new digital strategy. The strategy sets out the UK’s vision for harnessing digital transformation, accelerating growth, and building a more inclusive, competitive and innovative digital economy. This is part of the government’s drive to strengthen the UK’s position as a science and technology superpower.

Cyber security is at the heart of the strategy, which acknowledges that resilient businesses, products and services are foundational to a strong and secure digital economy.

5. Cyber sectoral analysis survey

DCMS has commissioned Ipsos, an independent research organisation, to carry out an important survey about the cyber security sector. They are inviting organisations which offer cyber security products and services to take part. Over 100 cyber businesses have already done so. Taking part will help to influence government policy and support in the area of cyber security. Participants can take part by phone or online.

Ipsos is working with Perspective Economics and the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast on this important study, which is also endorsed by techUK and UKC3. The study will be published on GOV.UK.

Find out more, including last year’s report and Ipsos’ privacy notice, on the GOV.UK website.

Alternatively, you can email Ipsos at [email protected].

6. Government responds to the cyber profession consultation

The government has published its response to the consultation on embedding standards and pathways across the cyber profession by 2025.

Open to individuals and organisations the consultation asked what government could do to embed standards and pathways in the cyber profession. The consultation considered both legislative and non-legislative interventions.

In total 680 individuals and organisations responded. Feedback emphasised that the cyber security profession was complex and career pathways are not always entirely clear. Additionally, respondents noted that while organisations understood the increasing importance of cyber security, it is also increasingly difficult for those hiring cyber professionals to know whether a candidate is suitably qualified.

Commonly expressed concerns were that the UK Cyber Security Council is at an early stage in its development of standards and that regulation would exacerbate the current shortage of professionals and introduce barriers to entry. The government is therefore not proposing legislation at this time.

7. DCMS cyber training programme wins SC magazine award

The Cyber Ready programme, which is partly funded by DCMS, was named the Best Professional Training or Certification Programme at the 2022 SC Awards Europe.

Cyber Ready, which is delivered by CompTIA, a non-profit association for the information technology industry and workforce, is a free adult retraining programme to help socially and economically disadvantaged people enter the cyber security profession. It is designed to increase diversity in the cyber security sector by openly encouraging people from backgrounds that have been historically underrepresented in the sector. This includes women, parents, people from an ethnic minority background, and the neurodiverse.

A six-month programme, Cyber Ready is built upon the Security+ and CySA+ curriculums, equipping participants with the knowledge, skills, and certifications to build both confidence and competence. 85% of previous candidates have transitioned into cyber security careers.

8. DCMS publishes review of the Network & Information Systems Regulations

The government has published a Review of the Network & Information Systems Regulations which were introduced in 2018. The regulations set out measures to improve the security and resilience of essential services (such as transport, energy and water) and digital services (such as online marketplaces and search engines.)

The review finds the regulations are largely working successfully and recommends the legislation be retained. The review also sets out some areas for improvement.

You can read more in the written ministerial statement and see the full review here.

9. Last chance to apply: Digital Security by Design: technology access programme

Today is the last chance for companies to apply to take part in the Digital Security by Design: Technology Access Programme, which comes with £15,000 in funding.

Delivered by Digital Catapult and funded by UK Research and Innovation, the Programme provides tech companies access to trial and experiment with Arm’s Morello system-on-a-chip and demonstrator board based on CHERI, a new instruction set architecture developed by the University of Cambridge. These technologies have been designed to eliminate most memory safety issues in C and C++, which lead to over 70% of software vulnerabilities.

For six months participating companies can use these technologies to uncover security vulnerabilities in their own systems before they become a problem, and provide findings that could influence the design of future computer systems.

10. Respond to the secure connected places survey by 15 July

Does your organisation procure or manage a connected place or smart city project? DCMS has recently launched a short UK-wide survey to research the maturity of connected places and common approaches to cyber security. We want to hear from as many places as possible, regardless of scale or stage of implementation. Your contribution will help us understand how we can best support the sector. The consultation is being hosted by Pye Tait consulting and closes at 5pm on Friday 15 July.