Government launches new cyber security measures
New measures aimed at protecting essential IT functions
The Cabinet Office announced on 20 April new cyber security measures to better protect the UK government’s IT systems from evolving cyber threats and increase the UK’s cyber resilience. The new rules will see all central government departments subject to an annual cyber health review based on new criteria.
The new cyber security scheme, otherwise known as GovAssure, which was announced at the National Cyber Security Centre's (NCSC) CYBERUK2023 event held in Belfast on 19 and 20 April, will be overseen by the Cabinet Office’s Government Security Group, with assistance from the NCSC. The new measures are part of actions aimed at building the government’s resilience to cyberattacks, as set out in the government’s first ever Government Cyber Security Strategy published in January 2022.
GovAssure will require the following measures to enhance the cyber security of UK government systems: use of the NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have, which includes measures such as setting out indicators of good practice for managing security risk and protecting against a cyberattack; the assessment of government departments by third parties to increase standardisation and validate results; and the issuance of a centralised cyber security policy and guidance to help government organisations identify best practice.
Meanwhile, published to coincide with the CYBERUK2023 event, the UK’s NCSC and international partners in the US, Australia, Canada and New Zealand published the Cybersecurity Best Practices for Smart Cities guide on 20 April, to help ensure connected technologies are integrated securely into smart city infrastructure.
Chancellor of the Duchy of Lancaster, the Rt Hon Oliver Dowden, who announced the UK govermment's new cyber security measures at the event, said: “Cyber threats are growing, which is why we are committed to overhauling our defences to better protect government from attacks. Today’s stepped up cyber assurance will strengthen government systems, which run vital services for the public, from attacks. It will also improve the country’s resilience; a key part of our recent Integrated Review Refresh.”