New cybersecurity measures will increase the UK’s cyber-resilience and protect the UK Government’s essential IT functions from ever-growing threats. Under the new rules, all central government departments will have their cyber-health reviewed annually through new, more robust criteria.
Known as GovAssure, the new cybersecurity scheme will be run by the Cabinet Office’s Government Security Group (GSG), with input from the National Cyber Security Centre (NCSC).
Chancellor of the Duchy of Lancaster, The Rt Hon Oliver Dowden, said: “Cyberthreats are growing, which is why we are committed to overhauling our defences to better protect the government from attacks. Today’s stepped-up cyber-assurance will strengthen government systems – which run vital services for the public – from attacks. It will also improve the country’s resilience – a key part of our recent Integrated Review Refresh.”
GovAssure introduces a number of changes in the way government protects itself from cyberthreats. These include:
- Using NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have. The framework includes measures such as setting out indicators of good practice for managing security risk and protecting against a cyberattack and was designed for making critical national services resilient to attack.
- Departments will also be assessed by third parties to increase standardisation and validate results.
- Centralised cybersecurity policy and guidance to help government organisations identify best practices.
In January 2022, the UK Government launched its first Government Cyber Security Strategy (GCSS), which laid out the significant challenges facing government security and a clear vision for improving resilience. The announcement of GovAssure delivers on a key part of the aim of the strategy of significantly hardening government systems from cyberattack.
“This is a transformative change in government cybersecurity,” added Vincent Devine, Government Chief Security Officer. “GovAssure will give us far greater visibility of the common cybersecurity challenges facing the government. It will set clear expectations for departments, empower hard-working cybersecurity professionals to strengthen the case for security change and investment and will be a powerful tool for security advocacy.
We are committed to ensuring the UK continues to be a leading global cybernation, which is why we have supported the development of the Cyber Assessment Framework to improve the security of our most critical information systems,” said Lindy Cameron, CEO, National Cyber Security Centre. “The government’s adoption of the Cyber Assessment Framework through GovAssure will significantly improve resilience.”