DSIT cyber security newsletter - November 2023
Published 1 November 2023
1. Director’s message
The Department has been extremely busy in recent months preparing for the global AI Safety Summit which starts today at Bletchley Park. Cyber security is an essential pre-condition for the safety of AI systems and all of us working in cyber security should have a basic working knowledge of the issues. Please look out for further publicity on the summit and our work on cyber and AI.
The UK Cyber Security Council has awarded the country’s first cohort of chartered cyber security practitioners. Over 100 cyber security practitioners are now registered with the Council at either Chartered, Principal or Associate level. This is a major step for the Council and the first of many workforce developments we hope will have a significant positive impact on improving quality and career pathways across the sector.
The team has also been busy working with partners to develop new research, resources and guidance for the cyber sector and the wider public. This includes an updated version of the App Security Code of Practice, new research on connected places and the new Cyber Aware Christmas campaign, which starts next week. Please see below for more information on these.
Andrew Elliot
Director, Cyber Security and Digital Identity
2. AI Safety Summit looks at cyber security
The AI Safety Summit (‘Summit’) at Bletchley Park on 1-2 November 2023 brings together key countries, leading technology organisations, academia, and civil society to address the safety risks of frontier AI. Cyber security is an essential pre-condition for the safety of AI systems, and we believe that a “Secure by Design” approach allows security to be embedded in the development of AI systems from the outset, and throughout the lifecycle. DSIT will be working alongside the National Cyber Security Centre (NCSC) on a multi-year programme of work to help better secure AI.
Our future approach will build on the successes of the AI Safety Summit and on important ongoing initiatives at the UN, OECD, GPAI, Council of Europe, G7, G20 and in international standards bodies .
3. Product security regulations pass final hurdle
Following consultation with industry over many years, last April we gave notice that the new product security requirements for consumer tech devices would come into force on 29 April 2024. We also published the draft regulations. Those regulations have now completed the necessary parliamentary procedures. On Thursday 14 September, the Minister for AI and Intellectual Property, Viscount Camrose, signed the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 into UK law.
This is final legislative step necessary for the UK’s product security regime to come into effect next year. When it does, UK consumers and businesses who purchase consumer connectable products, from smartphones to smart speakers, will benefit from greater security protections from the threat of cyber crime.
4. Revised Code of Practice for App Security now available
A revised version of the Code of Practice for App Store Operators and App Developers has been published by the government.
The NCSC has identified threats within apps found in all major App Stores in recent years and while progress is being made to reduce risks, wider adoption of good cyber security practice is needed. The revised version of the Code, which was first published a year ago, incorporates various changes in response to industry feedback.
5. Major workforce reform sees first 100 ‘Chartered Cyber Security Professionals’
The UK Cyber Security Council has awarded professional titles to the first 100 ‘Chartered Cyber Security Professionals’ at a celebration event at the NCSC in October. The Council now has contracts in place with licensed bodies to enable qualifying cyber professionals to receive professional titles in the first tranche of specialisms. DSIT has been in discussion with several regulators who have enthusiastically agreed to investigate how to promote the use of the UK Cyber Security Council professional standards in their respective regulated sectors.
The UK has also signed a statement of intent with Singapore on how the two countries will work together to drive forward standard setting and professionalisation of the cyber security workforce.
6. New research findings on connected places revealed
New government research on connected places has revealed widespread concerns related to security. Surveys and focus groups with the public found the strongest levels of concern around connected places (or ‘smart cities’) relate to cyber security (95% concerned), privacy (87% concerned) and the security of personal data (86% concerned).
While there is broad support for the increasing use of connected places technologies, most respondents noted they did not fully trust local authorities or private companies to keep their data secure. The government is using the finding to create resources to address individuals’ concerns and provide the tools local authorities need to promote their connected places.
The survey is part of DSIT’s work to better understand public attitudes regarding connected places. The outputs of this work will also include a publicly engagement video, and an engagement plan for local authorities to use to improve public support for their connected place projects. The project is due to be completed in March 2024.
7. Cyber Aware starts on 6 November - get involved and support the campaign
The next phase of the government’s Cyber Aware campaign starts on Monday 6 November to help consumers stay secure online in the run up to Christmas.
The campaign will encourage UK adults to take up two key protective behaviours to protect their online accounts: using strong passwords made with three random words and switching on two-step verification. The campaign will also encourage users to ensure they are using secure payment methods online.
If you would like to get involved and help promote the campaign or share it with your colleagues and networks, there is a stakeholder toolkit you can download with all the relevant information.
8. New ‘secure innovation’ advice to help tech firms combat espionage
On 18 October the head of MI5 spoke at a special session of the Five Eyes security agencies in California to warn about the ‘epic scale’ of international espionage against UK industry. The event highlighted the growing security threat to the UK emerging tech industry and how many such businesses remain vulnerable to attack. The National Protective Security Authority (NPSA, the protective security arm of MI5) has produced new “secure innovation” security advice with the NCSC to help startups protect their innovation and establish strong security practices.
For more information, please see the Secure Innovation security guidance which explains the practical steps organisations can take to bolster their protections. This includes a ‘quick start’ guide and campaign video.
9. CyberFirst Girls Competition – open for applications
The CyberFirst Girls Competition is back! This is a fantastic opportunity for girls considering a career in cyber security or tech. The competition consists of four teams of girls from year 8 in England, S2 in Scotland and Year 9 in Northern Ireland who will tackle a variety of challenges on cryptography, logic, Artificial Intelligence and more. The winners receive a new laptop and the chance to secure prize money for their school. The competition is part of CyberFirst’s initiative to increase the percentage of women in cyber security by bridging the gap and inspiring young women to be confident within the industry.
The competition begins on 20 November. Please visit the website for more information on how to apply.
10. Bristol and Bath Cybercon 2023 – get involved next year
Earlier this month, the techSPARK team brought the Bristol & Bath Cyber Conference to the city of Bristol once again. B&B CyberCon saw over 300 delegates from across the globe converge in Bristol to connect, discuss barriers to progress and share new ideas. With speakers from international technology companies including Intel, Microsoft and HP, the event was full of topical content and proved to be an extremely valuable day for the South West cyber security community and beyond.
If you want to get ahead of the curve and secure your involvement in the Bristol & Bath CyberCon next year, please book a call with techSPARK’s partnership team.
11. Nominate someone for the National Cyber Diversity Awards 2024
The National Ethnic Minority in Cyber (EMiC) Network is working to improve diversity in the cyber security sector. To raise awareness of initiatives taking place across the UK and to celebrate and honour the great work done to promote and champion diversity, the network is organising the National Cyber Diversity Awards 2024. The awards will take place in early 2024. There are 10 categories of awards. Please visit the website if you would like to nominate someone or put in a self-nomination.
There are an array of routes organisations could use to be involved in this event, including sponsorship opportunities. If you would like to be involved or find out more, please contact [email protected] and [email protected].