Government to impose cyber-security 'baseline' on all suppliers, progress report reveals

Funding pot boosted to £860 million

The UK government plans to impose a "baseline" level of security competence on its suppliers through a new cyber-security standard that will eventually become mandatory for firms looking to win contracts.

Announced as a headline element of the government's two-year progress report on its National Cyber Security Strategy (NCSS), details of the security standard are currently being finalised by a range of stakeholders before its publication at the end of March 2014.

Although being described in some quarters as a 'kitemark' it seems likely that in year one the ISO27000-derived standard will be presented as more of an aspiration than a hard requirement for at least some parts of the supply chain.

The Cabinet Office briefing paper on the NCSS said only that larger suppliers will be asked to spread its adoption among partners and that the government will "mandate the preferred standard in government's own procurement where proportionate and relevant".

Ministry of Defence (MoD) suppliers that have already signed up to the standard include BAE Systems, BT, QinetiQ, Rolls Royce, HP and Thales UK, among others.

The adoption of ISO27000 as a minimum begs some questions for the government's supply chain. Large suppliers would be expected to have adopted international standards of this ilk already while smaller outfits would find the complexity and cost of demonstrating adherence potentially difficult.

A lot will depend on the government's hope that the standard will be quickly adopted as a requirement by auditors, investors and insurers and also that it can be dovetailed with influential US government standards.

Separately, the Cabinet Office confirmed that spending on cyber security is being expanded from the allocated £650 million ($1.04 billion) total for 2011-2015 to £860 million ($1.38 billion) to the end of 2016.

Launched in 2011, the government was making steady progress towards it NSCC objectives according to Minister for the Cabinet Office, Francis Maude.

"Two years of solid work by government, in partnership with the private sector and academia, has seen the UK's cyber resilience, awareness, skills and capability continue to increase across the board. Partnership across sectors remains as crucial today as it has ever done as this is a shared responsibility," he said.

"Our initiatives are ensuring the UK is one of the safest places to do business in cyberspace as well as providing a solid platform for economic growth."

Maude said he wanted to double security technology exports to £2 billion by 2016 by allowing suppliers to advertise their commercial relationship with the UK government through a new Cyber Security Suppliers' scheme.

Other initiatives include the launch of a Third Research Institute to develop better industrial control security, the development of a free 'Massive Open Online Course' (MOOC) for domestic and overseas students to be run by the Open University from summer 2014, and funding to expand the Cyber Security Challenge (CSC) for schools.

"The cyber crime threat facing the UK is increasing. We are working closely with business and universities to ensure the country has the skills and knowledge it needs to meet the cyber challenge," commented Science minister David Willetts.

"We want to show students and businesses that cyber security does not simply pose a threat. It gives those who take it seriously an opportunity to gain new expertise, or even a commercial advantage.

"With a new £2 billion target for cyber exports, we will also be helping the UK cyber sector to grow and keep the UK ahead in the global race," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cabinet OfficeMinistry of DefenceBTsecurityThaleso2BAE Systemspublic sectorHP

More about BAE Systems AustraliaBT AustralasiaCSC AustraliaHPThales Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts