All central government departments are to have their cybersecurity reviewed under new, more stringent measures.
The government is introducing a new scheme, GovAssure, which will be run by the Government Security Group, part of the Cabinet Office. It will also have input from the National Cybersecurity Centre (NCSC).
Under the new rules, all central government departments will have their cyber health reviewed annually through new, more robust criteria.
GovAssure was announced by Chancellor to the Duchy of Lancaster – and now new Deputy PM – Oliver Dowden, at a speech to CyberUK in Belfast.
“Cyber threats are growing, which is why we are committed to overhauling our defences to better protect government from attacks,” he said. “Today’s stepped up cyber assurance will strengthen government systems, which run vital services for the public, from attacks. It will also improve the country’s resilience; a key part of our recent Integrated Review Refresh.”
GovAssure will use NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have. The framework includes measures such as setting out indicators of good practice for managing security risk and protecting against a cyberattack and was designed for making critical national services resilient to attack.
If you liked this content…
Too little, too late – Is the UK government failing to heed the cyber crisis?
Government experiences longest DDoS attacks
Government DDoS attacks eclipse those in other industries
Governments worldwide under attack from cybercriminals- Government organisations ‘attractive, high-value’ targets for cyberattacks
Departments will also be assessed by third parties to increase standardisation and validate results.
Additionally, it will offer centralised cybersecurity policy and guidance to help government organisations identify best practice.
Hardening government systems from cyberattack
In January 2022, the UK government launched the first Government Cybersecurity Strategy (GCSS), which laid out the challenges facing government security. The launch of GovAssure looks to deliver on one of its aims to harden government systems from cyberattack.
“This is a transformative change in government cybersecurity,” said government chief security officer, Vincent Devine. “GovAssure will give us far greater visibility of the common cybersecurity challenges facing government. It will set clear expectations for departments, empower hard-working cybersecurity professionals to strengthen the case for security change and investment, and will be a powerful tool for security advocacy.
Attend Think Cybersecurity for Government on April 27
