Brit cabinet offices outlines security kitemark plans

Two years into its rolling plan to boost the take-up - and understanding - of cybersecurity on both sides of the public/private sector divide, the UK's Cabinet Office has outlined plans to introduce a cybersecurity `kite mark' for those businesses wishing to conduct business with the Government and its agencies.

The kitemark will form a central plank of the Government's rolling cybersecurity plan and will expand the partnerships - announced earlier this year - between the private and public sector as part of the National Cyber Security Strategy, the NCSS.

The aim of the scheme appears to go beyond the approved simple `procurement database' approach seen in the NHS for products and service contracts above a certain value, and actively encourage a better understanding of IT security issues in the private sector.

According to the UK's Minister for the Cabinet Office Francis Maude, the kitemark seeks to stimulate the adoption of good cyber practices among business and help businesses better understand how to protect themselves.

This all forms part of the Government's stated aim - made when it started its cybersecurity initiative in 2011 - of increasing the UK's collective cyber security status

"The cyber attack will remain a serious threat to our national security," said Maude today in Parliament, adding that we - as a nation - still have work to do, but the UK's investment, partnerships, skills, resilience and awareness are in a far stronger position today than before this programme was launched.

SCMagazineUK.com notes that the Cabinet Office initiative comes some two years after the Government announced its £800 million-plus National Cyber Security Strategy (NCSS).

Maude, meanwhile, told Parliament that a cyber attack remains a serious threat to UK national security. "That is why our work with other sectors, such as academia and R&D, will continue to benefit strongly from secure government funding," he explained.

"As a result of the 2013 spending review we have directed an additional £210 million investment to this area, making £860 million of sustained government investment on cyber to 2016," he said.

Maude's comments come in the wake of last month's Government survey of FTSE 350 firms, which found that only 14 percent are regularly considering cyber threats, with a significant number not receiving any intelligence about cyber criminals.

That survey also found that 62 percent of companies think their board members are taking the cyber risk very seriously, and 60 percent understand what their key information and data assets are.

Commenting on the latest NCSS plans - and in particular the kitemark program - IT security analyst Rob Bamforth told SCMagazineUK.com that the use of a kitemark is an interesting approach, as it implies that companies signing up to the scheme will expect more than a seal of approval.

"They will expect some degree of promotion as well," the Quocirca analyst said, adding the programme also suggests that the approval mechanism will be objective, rather than subjective.

Over at Check Point, Keith Bird, the security vendor's managing director said that cyberattacks are continuing to escalate in scale and sophistication.

"Our 2013 Security Report found that 63 percent of large organisations were infected with bots - stealthy agents which quietly siphon data from networks - so raising awareness of these issues and setting security benchmarks is an important step," he said.

"However, threats are continually evolving, so the benchmarks will need to be regularly reviewed and updated in order to keep pace and ensure they deliver a real foundation for protection," he added.

Richard Archdeacon, Head of Security Strategy with HP Enterprise Security Services, meanwhile, said that HP is fully supportive of the Cabinet Office's efforts in the realm of cyber security.

“Undoubtedly, cyber security has become one of the biggest threats to companies and businesses around the world and the countries in which they are based. Not only can a breach affect an organisation's bottom line and reputation, but we've seen numerous cases where high value intellectual property has been stolen,” he said.

Education, he went on to say, clearly plays a huge role, not only in helping to raise awareness - and by extension, levels of security - but also providing commercial and employment opportunities.

“The UK infosecurity space is reportedly short by around 16,000 professionals. Traditionally 90 percent of security budgets have been spent on the technical defences - defending against attacks - but now we need new additional skills to manage the impact of attacks and the increasing regulatory requirements being placed upon organisations,” he noted.

https://www.gov.uk/government/speeches/uk-cyber-security-strategy-statement-1-year-on)

This article originally appeared at scmagazineuk.com