New and enhanced cyber security measures will better protect the
UK government’s IT systems, which run key services for the
public, from growing cyber threats.
-
All government departments and a select number of arm’s
length bodies to have their cyber security reviewed under
new, more stringent measures.
-
The new cyber security regime, known as GovAssure, will be
run by the Government Security Group, part of the Cabinet
Office.
-
GovAssure delivers on a key part of the Government Cyber
Security Strategy by improving cyber resilience and help
government organisations protect themselves from growing
hostile cyber threats.
New cyber security measures, launched today, will increase the
UK’s cyber resilience and protect the UK government’s essential
IT functions from ever growing threats. Under the new rules, all
central government departments will have their cyber health
reviewed annually through new, more robust criteria.
Known as GovAssure, the new cyber security scheme will be run by
the Cabinet Office’s Government Security Group (GSG), with input
from the National Cyber Security Centre (NCSC).
GovAssure was announced today by Chancellor to the Duchy of
Lancaster, , at a speech to CyberUK in
Belfast.
Chancellor of the Duchy of Lancaster, The Rt Hon said:
"Cyber threats are growing, which
is why we are committed to overhauling our defences to better
protect government from attacks. Today's stepped up cyber
assurance will strengthen government systems, which run vital
services for the public, from attacks. It will also improve the
country's resilience; a key part of our recent Integrated Review
Refresh."
GovAssure introduces a number of changes in the way government
protects itself from cyber threats. These include:
-
Using NCSC’s Cyber Assessment Framework (CAF) to review the
assurance measures all government departments have. The
framework includes measures such as setting out indicators of
good practice for managing security risk and protecting
against a cyber attack and was designed for making critical
national services resilient to attack.
-
Departments will also be assessed by third parties to
increase standardisation and validate results.
-
Centralised cyber security policy and guidance to help
government organisations identify best practice.
In January 2022, the UK government launched the first ever
Government Cyber Security Strategy (GCSS) which laid out the
significant challenges facing government security and a clear
vision for improving resilience. Today’s announcement delivers on
a key part of the aim of the strategy of significantly hardening
government systems from cyber attack.
Government Chief Security Officer, Vincent Devine said:
“This is a transformative change in government cyber security.
GovAssure will give us far greater visibility of the common cyber
security challenges facing government. It will set clear
expectations for departments, empower hard-working cyber security
professionals to strengthen the case for security change and
investment, and will be a powerful tool for security advocacy.”
, CEO, National Cyber
Security Centre said:
"We are committed to ensuring the UK continues to be a leading
global cyber nation, which is why we have supported the
development of the Cyber Assessment Framework to improve the
security of our most critical information systems.”
"The government's adoption of the Cyber Assessment Framework
through GovAssure will significantly improve resilience."
