GovAssure

Last updated

GovAssure is a new cybersecurity regime for the UK government, starting in 2023.

Contents

History

The process was announced in 2022. [1] Compared to previous cybersecurity for UK government bodies, the main change is the adoption of the NCSC's Cyber Assessment Framework. [2] GovAssure is expected to help organisations guard against rising Russian attacks, [3] as well as new types of threat actors.

The first two departments to be assessed under the new scheme are the Department for Business, Energy, and Industrial Strategy and the Home Office, with C3IA assessing a selection of three systems at each. [4]

Processes

There is also increasing emphasis on post-incident recovery as part of the security strategy.

In parallel, a Government Information Cell has been established to counter the spread of disinformation. [7]

Further reading

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

The Australian Intelligence Community (AIC) and the National Intelligence Community (NIC) or National Security Community of the Australian Government are the collectives of statutory intelligence agencies, policy departments, and other government agencies concerned with protecting and advancing the national security and national interests of the Commonwealth of Australia. The intelligence and security agencies of the Australian Government have evolved since the Second World War and the Cold War and saw transformation and expansion during the Global War on Terrorism with military deployments in Afghanistan, Iraq and against ISIS in Syria. Key international and national security issues for the Australian Intelligence Community include terrorism and violent extremism, cybersecurity, transnational crime, the rise of China, and Pacific regional security.

<span class="mw-page-title-main">National Protective Security Authority</span>

The National Protective Security Authority (NPSA), formerly the Centre for the Protection of National Infrastructure (CPNI), is the national technical authority in the United Kingdom for physical and personnel protective security, maintaining expertise in counter terrorism as well as state threats.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

Control system security, or industrial control system (ICS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

The Chartered Institute of Information Security (CIISec), formerly the Institute of Information Security Professionals (IISP), is an independent, not-for-profit body governed by its members, with the principal objective of advancing the professionalism of information security practitioners and thereby the professionalism of the industry as a whole.

<span class="mw-page-title-main">IASME</span>

IASME Governance is an Information Assurance standard that is designed to be simple and affordable to help improve the cyber security of Small and medium-sized enterprises (SMEs).

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

Cyber Essentials is a United Kingdom certification scheme designed to show an organisation has a minimum level of protection in cyber security through annual assessments to maintain certification.

The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.

<span class="mw-page-title-main">National Cyber Security Centre (Ireland)</span>

The National Cyber Security Centre (NCSC) is a government computer security organisation in Ireland, an operational arm of the Department of the Environment, Climate and Communications. The NCSC was developed in 2013 and formally established by the Irish government in July 2015. It is responsible for Ireland's cyber security, with a primary focus on securing government networks, protecting critical national infrastructure, and assisting businesses and citizens in protecting their own systems. The NCSC incorporates the Computer Security Incident Response Team (CSIRT-IE).

The National Cyber Security Centre (NCSC) is an organisation of the United Kingdom Government that provides advice and support for the public and private sector in how to avoid computer security threats. It is the UK's National technical authority for cyber threats and Information Assurance Based in London, it became operational in October 2016, and its parent organisation is GCHQ.

<span class="mw-page-title-main">Ciaran Martin</span> British cybersecurity expert (born 1974)

Ciaran Liam Martin,, was the first CEO of the National Cyber Security Centre (NCSC). In September 2020 he was appointed Professor of Practice in the Management of Public Organisations at the Blavatnik School of Government, University of Oxford.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology.

Cybersecurity Capacity Maturity Model for Nations (CMM) is a framework developed to review the cybersecurity capacity maturity of a country across five dimensions. The five dimensions covers the capacity area required by a country to improve its cybersecurity posture. It was designed by Global Cyber Security Capacity Centre (GCSCC) of University of Oxford and first of its kind framework for countries to review their cybersecurity capacity, benchmark it and receive recommendation for improvement. Each dimension is divided into factors and the factors broken down into aspects. The review process includes rating each factor or aspect along five stages that represents the how well a country is doing in respect to that factor or aspect. The recommendations includes guidance on areas of cybersecurity that needs improvement and thus will require more focus and investment. As at June, 2021, the framework has been adopted and implemented in over 80 countries worldwide. Its deployment has been catalyzed by the involvement of international organizations such as the Organization of American States (OAS), the World Bank (WB), the International Telecommunication Union (ITU) and the Commonwealth Telecommunications Union (CTO) and Global Forum on Cyber Expertise (GFCE).

The Cyber Assessment Framework is a mechanism designed by NCSC for assuring the security of organisations. The CAF is tailored towards the needs of Critical National Infrastructure, to meet the NIS regulations, but the objectives can be used by other organisations.

References

  1. "Comment on Gov Assure process part of the UK's National Cyber Strategy 2022 programme". Global Security Mag Online. 2023-08-24. Retrieved 2023-08-24.
  2. "New GovAssure cyber regime launches across UK government | Computer Weekly". ComputerWeekly.com. Retrieved 2023-08-24.
  3. Deslandes, Nicole (2023-04-19). "UK issues warning over new Russian-linked cyber threat". TechInformed. Retrieved 2023-08-24.
  4. "Home Office and BEIS first under the microscope in pilots of new cyber audits". Civil Service World. 2023-01-18. Retrieved 2023-08-24.
  5. "Government launches new cyber security measures to tackle ever growing threats". GOV.UK. Retrieved 2023-08-24.
  6. "UK launches GovAssure cybersecurity scheme to protect government IT functions". CSO Online. Retrieved 2023-08-24.
  7. "Departments to undergo independent audits of cyber resilience". Civil Service World. 2022-04-08. Retrieved 2023-08-24.