Government launches Cyber Essentials Scheme

CESG and CREST to work together to vet public-sector suppliers

The government has launched a 'Cyber Essentials Scheme', an independent assessment that suppliers will need to pass in order to bid for certain government contracts.

The scheme forms part of the UK's cyber security strategy, and is aimed at assessing the security controls of all organisations. Businesses will be tested on whether they can mitigate risks from internet-borne threats on end-user devices including PCs, laptops, tablets and smartphones, as well as from email, web and application servers.

CESG, the information arm of GCHQ worked alongside CREST, the not-for-profit organisation which represents and certifies the IT security industry, in order to develop the assessment framework for the scheme.

Companies will hope that becoming Cyber Essentials certified will demonstrate to customers that they have taken some steps to be secure. Meanwhile, the government will require suppliers bidding for certain information-handling contracts to be Cyber Essentials certified from 1 October 2014 onwards.

Universities and science minister David Willetts, who announced the scheme, claimed that it would boost consumer confidence.

"The recent GOZeuS and CryptoLocker attacks, as well as the eBay hack, show how far cyber criminals will go to steal people's financial details, and we absolutely cannot afford to be complacent," he said.

"We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cyber security. Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats," he added.

CREST president Ian Glover said that the scheme would give organisations who may not have the resources available to invest in the most rigorous levels of information security and compliance a "baseline" to work with.