Government suppliers will need cyber kitemark to win business

Government updates its cyber security strategy two years after its launch

Suppliers wishing to bid for certain government projects will have to earn a new kitemark demonstrating basic levels of cyber security.

The announcement comes after a survey on FTSE 350 companies found that the UK's biggest companies are not considering cyber risks in their decision making.

At the time, science and universities minister David Willetts said that he hoped the government's kitemark-style "cyber standard", which launches next year, will help to ensure businesses are adopting good cyber security practices.

"With our own suppliers we will be saying you need to have this badge if you want to do business with government in certain categories of procurement," Reuters reported a senior government official as stating.

"If you had this standard it will not protect you against the very highest and most sophisticated threats but it would make sure you weren't going to be easy meat," he added.

Organisations that achieve the new standard will be able to thwart four-fifths of cyber attacks, the official said, before adding that it will ensure the UK's supply chain is properly protected.

In conjunction with the plan, the Department for Business, Innovation and Skills (BIS) has developed a Cyber Security Suppliers Scheme – an official list of approved suppliers of cyber security products and services to the government that is designed to boost firms' sales and marketing efforts. The government has set a target of £1bn worth of annual cyber sales by 2016, more than double the 2012 export sales figure of £850m.

Two years on

The announcements come two years after the coalition launched its cyber security strategy. In a report, the government claims that the UK is in a "much better place" than it was two years ago.

The report highlights the National Cyber Crime Unit, which preventing cyber criminals from stealing £14m from a bank, and the National Crime Agency, which worked with the Metropolitan Police to catch six suspects who were sentenced to a total of 28.5 years after being convicted of stealing thousands of pounds from job hunters using fake online adverts for companies.

As well as documenting its achievements, the report outlines further plans, including one to enhance the level of cyber skills among the UK's population.

[Turn to page 2]

Government suppliers will need cyber kitemark to win business

Government updates its cyber security strategy two years after its launch

The Open University, with funding from the National Cyber Security Programme, is developing a Massive Open Online Course (MOOC) in cyber security, which will run for the first time in summer 2014 and aims to bring more students into the field.

The government is also inviting Chevening, Commonwealth and Marshall scholars from Africa, Asia and the US to attend the annual Academic Centres of Excellence in Cyber Research Conference in December, and to enrol in an international cyber policy course at Cranfield University.

"Through this initiative, we aim to help ensure that future cadres of global leaders will have a good understanding of cyber security issues," the government report says.

In early 2014, the government will adapt its public sector e-learning course "Responsible for Information" for an SME audience.

In addition, BIS has been working with the UK's internet service providers on guidelines to improve the online security of their customers. The principles, which launch today, set out that at a minimum, ISPs will provide cyber security information to their customers, or link to information elsewhere.

"ISPs will assist and empower their customers to protect themselves by offering tools and security solutions, or indicate where solutions can be accessed. If their customer does experience a problem, ISPs will support them by providing clear information about how to report the incident," the government report says.

"They will also inform them of a potential compromise, in line with company policy, and explore ways to bring potential issues to the attention of customers," it added.

The government said it is investing in a "major" £4m campaign, led by the Home Office, to increase awareness of cyber security among small businesses and the general public. The funding will come from the NCSP, and the campaign, which is supported by the likes of Facebook, BT and Sophos, will be launched next month.

Along with these firms, other anti-virus companies, banks, financial institutes and trade organisations are providing financial and in-kind benefits worth around £2.3m for the campaign.