never miss a thing
Building Resilience: How UK Cybersecurity Organisations Can Bolster IT Supply Chains
Watch the Cybersecurity Business Network (CBN)’s webinar on ‘Building Resilience: How UK Cybersecurity Organisations Can Bolster IT Supply Chains’.
The recent global outage – followed by a DDoS cyber attack on Microsoft Azure highlighted a major issue with contemporary IT supply chains: the lack of diversification and a concentration of risk undermining the resilience of critical IT systems.
The discussion explored:
– Factors that led to the recent disruption and outage – Inherent risks of failing to diversify a security supply chain – How organisations can better manage their supply chains to improve resilience
– How the healthcare and telecom sectors have been managing their supply chain
– Role that UK cybersecurity organisations could play in improving resilience and mitigating risks
– Support needed by the UK cybersecurity sector from government to capitalise on the role it can have in delivering resilience
Speakers include:
– Andrew Kernahan, Strategic Advisor, Cybersecurity Business Network.
– Tim Rawlins, Director & Senior Adviser at NCC Group
– Simon Newman, Director at Cyber Resilience Centre London
– Dr Melanie Garson, Technology & Cyber Geopolitics Lead at Tony Blair Institute
– Rachel Dean, Head of Cyber Security at NHS Supply Chain
CBN Newsletter – August 2024
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on the new Labour government’s priorities, and highlight what the CrowdStrike incident could mean for cyber businesses.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline news
New government sets out priorities
The Labour Party swept into power on 5th July, winning a near-historic 411* seats, while the Conservative share collapsed for its worst-ever result. Over the past weeks, Keir Starmer’s government has wasted no time in setting a new tone for the country; however, while the cyber sector has largely welcomed the new government’s focus on cyber security national resilience, its impact is largely yet to be felt as Parliament breaks for recess, returning 2nd September.
King’s Speech: legislative priorities
In July, King Charles addressed the nation during the State Opening of Parliament, to set out the Government’s policy priorities and legislative programme for the coming year. In line with previous promises, Prime Minister Keir Starmer placed a primary focus on driving economic growth.
With 40 new(ish) bills, it is an ambitious programme which promises to “take the brakes off” the economy and reaffirm financial stability. Measures include boosting construction, reforming energy production, re-nationalising the railways, developing UK skills, and increasing and improving the use of data and digital technologies in the economy.
Chancellor’s financial statement
On 29th July, Chancellor Rachel Reeves declared a £22bn “hole” in the country’s finances. Although disputed by former Chancellor Jeremy Hunt, Reeves has been backed up by the Office for Budget Responsibility (OBR), which has formally launched a review of the Spring Budget forecasts.
Reeves then announced a number of areas where the government intends to save money – including selling off “surplus” government property, a reduction in the use of external consultants in Whitehall and a pause on certain infrastructure projects. Tax rises are now expected in the October 30th Budget, alongside the outcome of a formal spending review for 2025-2026.
A cyber lens
Notably, a Cyber Security and Resilience (CS&R) Bill will be introduced to ensure the security of critical infrastructure and digital services, building on Security of Network & Information Systems Regulations (NIS Regulations) 2018. DSIT Minister Feryal Clark also recently said that the CS&R Bill will be designed to strengthen the UK’s defences and ensure the services – private and public – that companies rely on are protected.
Further, Science, Innovation and Technology Secretary Peter Kyle said that national resilience – particularly in relation to cyber security – “suffered terribly” under the Conservatives due to division within the party. He claimed that he only became aware of the significance of the threat upon taking office, but concern led him to “put forward a request” for the new CS&R Bill, which had “national security priority”.
Separately, the Government has launched a “root and branch” Strategic Defence Review which, led by three external experts, will consider the threats Britain faces, the capabilities (including digital and cyber) needed to meet them, the state of UK armed forces and the resources available. The Review is expected to be delivered “at pace”, with submissions invited until the end of September and the report delivered in the first half of 2025.
*Now 404 following the temporary suspension of seven MPs
If you have any questions about what the election and policy developments means for the cyber sector or your business, please get in contact with us at secretariat@cb-network.org.
How resilient is our global IT infrastructure?
On Friday, 19th July, 8.5 million Microsoft Windows computers around the world crashed, causing chaos and disruption for businesses and services including airlines, banks and hospitals.
While cyber security firm Crowdstrike quickly confirmed the outage was caused by a defective software update for its Windows hosts and worked to resolve the issue, the incident nonetheless called attention to the precariousness of IT infrastructure – and what could happen if an attack was carried out by malicious actors, as was then seen last week with the Microsoft Azure DDoS attack and subsequent software failure.
Businesses across the world are now asking themselves two questions – firstly, their place within the global supply chain and the strength of their incident management and response plans, as highlighted by the NCSC. And secondly – how can they prevent future incidents from affecting them?
Although some companies may look to bring their IT security functions in-house, this is not an option for all organisations, who may start seeking to diversify their software and other security application suppliers.
In light of the government’s upcoming CS&R Bill, the sector will be watching closely for strategic direction from officials on how they will look to improve resilience and “insulate” society and the economy from future attacks.
At the same time, the cyber sector as a whole has the responsibility and opportunity to not only highlight the importance of having a robust cyber resilience programme, but also to ask questions about the concentration of risk – given 62% of the global external attack surface is covered by 15 companies – and the long-term viability of this landscape.
In light of this, keep an eye out for an upcoming CBN webinar which will bring together policymakers and key supply chain sector leaders to provide insights for members on what this means for the sector, and how we can make improvements going forward.
If you have questions about how you can better communicate your services to customers or wish to speak to government about future solutions, please get in touch with the CBN team at secretariat@cb-network.org.
News & Updates
Policy and political
Government extends call for views on the Cyber Security of AI
Originally published in May, before the General Election, the closing date for the government’s call for views on the Cyber Security of AI has been extended to this Friday, 9th August.
The call for views sets out specific interventions to help secure AI, so that the benefits of AI can be realised, and asks for input as to whether industry would support the gov creating a global standard for AI cyber security. To note, a “call for views” is often an initial information-gathering exercise which will go on to determine formal proposals and policy.
If you have any questions about responding to this or other a government consultations, please get in touch with the CBN team.
G7 countries to establish operational tech cybersecurity framework
In a statement following a summit in Italy, the Group of Seven (G7) countries acknowledged the rising cyber threat to critical infrastructure, particularly energy, and agreed to “explore avenues towards establishing mutual recognition of schemes for reliable cyber-safe products.”
The potential collective framework would apply to both manufacturers and operators, as the statement signals an intention to incentivise tech companies to build more secure Internet of Things (IoT) products. This move was in conjunction with the United States’ recent Supply Chain Cybersecurity Principles, as indicated by a statement from the White House national security advisor.
UK statement at the UN Security Council
UK Permanent Representative to the UN, Ambassador Barbara Woodward, gave a statement at the UN Security Council regarding the importance of addressing cyber threats to protecting global security. She highlighted four “trends” – the prevalence of ransomware, expansion of artificial intelligence, malicious activities on the global stage, and the risk of disinformation – going on to indicate the UK’s work in this area.
NCSC updates
- Warning over DPRK-sponsored cyber operations: The NCSC, alongside the U.S. and South Korea, issued a warning and joint advisory around a global cyber espionage campaign carried out by attackers sponsored by the Democratic People’s Republic of Korea (DPRK) to further the regime’s military and nuclear ambitions.
- Chief Engineer recognised in Women in Engineering awards: NCSC’s Chief Engineer Carolyn Ainsworth has been named as one of the top 50 Women in Engineering by Women’s Engineering Society (WES) Awards for her work in leading a team of engineers who provide infrastructure and applications for organisations supported by the NCSC, from Government and CNI through to small businesses and schools.
- Introducing Active Cyber Defence 2.0: In a blog, the NCSC announced they are seeking is assessing new delivery models and partners to build a next generation suite of services under ACD 2.0.
Business and industry
ICO officially “reprimands” Electoral Commission
The Electoral Commission, which oversees UK elections, has been formally reprimanded by the Information Commissioner’s Office (ICO) over the security lapse which left millions of UK voters’ personal details “vulnerable to hackers”.
Following the 2021 breach, hackers had access to the Electoral Register for just over a year, until they were detected and “booted out” in 2022. The ICO’s investigation found the Electoral Commission did not have appropriate security measures – including secure passwords and up-to-date patches – in place to protect the personal information it held, which led to the breach.
UK faces significant cyber funding and skills gap
A new report, Underfunded and Under Reported: Threats, Breaches, and Budgets, reveals the CISOs face significant problems from a lack of funding, exacerbated by a lack of talent, tools, and time. Notably, 83% of respondents feel their organisation has a gap in its cyber skills, yet they struggle to access adequate talent.
NCA leads international operation to crack down on unlicensed pen testing
The National Crime Agency (NCA) worked with international partners to coordinate global action against unlicensed versions of Cobalt Strike.
CyberThreat 2024
The NCSC and SANS Institute announced that CyberThreat 2024, an event designed for security practitioners with a strong technical emphasis, will take place on 9th-10th December.
Discover new opportunities by becoming a member of CBN today!
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
CBN Newsletter – June 2024
Introducing our new CBN Newsletter
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month we take a look back at our relaunch event at the end of April, update you on the latest election developments and give you a breakdown of the recent McPartland review into ‘Cyber Security and Economic Growth’ .
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline news
Prime Minister calls surprise General Election
On the 4th July UK voters will head to the ballot box to vote in the 2024 General Election. Labour is currently polling strongly with an estimated 45% vote share and expected to win a significant majority after nearly fifteen years of Conservative government.
The campaign will focus on bread and butter issues like the economy and security with cyber unlikely to be front and centre, but a week and a half in to the campaign and cyber has been raised by both Conservatives and Labour – the former as part of a new National Service policy, the latter as part of their defence review as Labour commit to a strategic defence review in the first year of government. Aside from the parties, the Joint Committee on the National Security Strategy called for the PM to defend UK democracy, raising several concerns about the potential threats posed by foreign nations that may undermine the outcome of the election. The NCSC also recently launched a personal protection service for election candidates and officials, as part of a wider package of cyber support.
McPartland Review into Cyber Security and Economic Growth
Stephen McPartland MP published his final report and recommendations, the McPartland Review of Cyber Security and Economic Growth.
The report identifies 16 high-level “non-legislative” recommendations which span investment, skills, resilience and governance, crime and net zero.” Some recommendations include:
- Government should provide clear incentives for investment in cyber security by improving awareness of existing tax reliefs for cyber security costs, such as software, hardware, or training.
- Government should work with industry to establish the upcoming Cyber Governance Code of Practice as a key operational resilience requirement for businesses.
- The NCSC should work with industry to establish a private sector-led solution to product assessment. NCSC should accredit up to five industry-funded labs across the UK to produce cyber security ratings or an approved list of suppliers.
- The UK should be more strategic about how it showcases its cyber power to the world, by enhancing its support, including financially, to its cyber companies to exhibit their products and services at key trade shows on critical digital infrastructure.
Although “warmly welcomed” by Government, it cannot be officially published until after the election due to the dissolution of Parliament and the purdah period, and there are questions around its implementation under a new government.
Discover new opportunities by becoming a member of CBN today!
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
Political and policy updates
Cyber UK 2024
CyberUK, the UK government’s “flagship” cyber security event, took place in Birmingham last week. Notably, the DSIT Minister for Tech and the Digital Economy, Sadiq Bhatti MP, made a range of announcements, including a call for views on the new Code of Practice on the Cyber Security of AI & Software Vendors; the future direction of CyberFirst; and figures of growth in the UK cyber security sector.
The figures, which constitute a cyber security sectoral analysis, find that the total annual revenue within the sector has increased by 13% in the past year – considerably higher than the slower growth in the previous study (3%) – and that the sector has grown by 5%, adding 2,700 new jobs. In addition, they estimate total GVA for the sector has reached c. £6.5 bn, reflecting an increase of 4% since last year’s study.
Other speeches:
- Anne Keast-Butler, Director of GCHQ, gave a keynote speech which called out Russia, Iran and China as posing significant cyber threats to UK national security.
- Ollie Whitehouse, CTO of the NCSC, said that while companies know how to build resilient, secure technology, the market does not incentivise them to do so, and called for “honesty” around technological development challenges in order to develop resilience.
- Felicity Oswald, CEO of the NCSC, spoke on the need to be ready for future threats, calling for greater collaboration between allies, and between government and industry.
Note: due to the election, the announcements made by the Minister may not be carried through by the next Parliament. We will share an update when possible, but please get in touch if you have any questions.
Statement from HM Government on the adoption of UK Cyber Security Council standards
The government committed to strengthening standards by embedding UK Cyber Security Council standards across its cyber workforce by 2025. This includes defining necessary competencies, introducing training programs, and encouraging skill improvement. Critical National Infrastructure (CNI) regulators will recognise these standards and collaborate with the government. The Cyber Growth Partnership (CGP) will support the Council with industry backing.
Cybersecurity of elections
A briefing from the Parliamentary Office of Science and Technology (POST) examines the impacts of cyber threats on election outcomes and mitigation strategies. It highlights the evolving nature of these threats, including misinformation and AI-generated content, and identifies risks such as ransomware, data leaks, and attacks on high-profile individuals. The briefing also outlines relevant cybersecurity policies, challenges in addressing these risks, and suggestions for preventing cyber attacks.
NCSC updates – May 2024
- Cyber Election Defence Service: Provides support to high-risk individuals, particularly politicians and election officials, as part of a broader cyber support package ahead of the next general election.
- Share and Defend: Blocks malicious websites in partnership with ISPs and tech companies by sharing threat intelligence data, preventing cyber attacks and cyber-enabled fraud.
- Guidance on Business Email Compromise (BEC): Offers practical steps for smaller organisations to reduce BEC attacks, such as minimizing digital footprints, detecting phishing emails, applying ‘least privilege’ principles, and implementing two-step verification.
UK not heeding warning over China threat, says ex-cybersecurity chief.
Ciaran Martin, former head of the NCSC, warned that the UK isn’t taking the threat of Chinese cyber-spying seriously enough, citing US warnings about Chinese hackers targeting critical infrastructure. He urged the UK to declare attacks on civilian infrastructure as unacceptable and called for stronger government action. Martin supports proposed measures for mandatory ransomware attack reporting and regulating ransom payments, emphasising increased vigilance against this threat.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward.
Business and industry
NCC Group: Digital Dawn: Cyber Security Policy in the Wake of Political Change
The NCC Group released a new cyber policy report for incoming (and existing) governments and policymakers across the world their roles in securing cyberspace, highlighting challenges and opportunities.
Opportunities include cross-party agreement on cybersecurity’s importance, strong existing regulations, and a “whole-of-society” approach. Challenges involve limited resources, lack of specific responsibility, keeping up with emerging technology, and protecting smaller organisations.
One in three organisations looking to improve cybersecurity
According to research from Daisy Corporate Services, while almost two-thirds of UK organisations are likely to be looking to reduce costs over the course of this year, leaders are prepared to invest in services such as cloud and cybersecurity, as they look to unlock operational performance improvements and streamline their current technology supply chain.
70% of CISOs concerned about material cyber attack
Chief information security officers around the globe “are nervously looking over the horizon,” according to a survey of 1,600 CISOs with more than two thirds (70 percent) concerned their organisation is at risk of a material cyber attack over the next 12 months.
These figures are striking. highlighting an increase from 48% in 2022, with those in South Korea, Canada and the US most concerned. 43% of those surveyed said their organisation is not prepared for a cyber attack.
Stephen McPartland MP and UK security community discuss the ‘Cyber Security and Economic Growth’ review at the launch of Cybersecurity Business Network
The network aims to unite the UK’s cybersecurity sector against rising threats through its three pillars: Trade & Export, Government & Policy, and Market Insights.
Today, the newly founded Cybersecurity Business Network (CBN) announces the launch of its community, aiming to drive positive change within the UK cybersecurity sector amid the increasingly complex cyber threat landscape. The inaugural event of the CBN was held on 30 April, during which the Right Honourable Stephen McPartland MP discussed the independent review on ‘Cyber Security and Economic Growth’.
“With over 99% of UK businesses classified as SMEs, cybersecurity must be simplified to ensure safety throughout the supply chains. It’s time to change the narrative around cybersecurity, viewing it not just as a security measure, but as a driver for resilience, trust, job creation and, ultimately, as an enabler of growth,” noted McPartland.
“Establishing the CBN is a necessary step forward in an era of escalating cyber threats, continuing to strengthen the UK’s position as one of the tech superpowers.”
Our Mission
The CBN’s core mission is to facilitate collaboration, learning, and discourse across three pillars: Trade and Export, Policy, and Market Intelligence. By empowering its members to showcase their expertise, engage strategically with stakeholders, and foster lasting partnerships across key sectors, the CBN aims to drive policy influence and catalyse innovation within the UK cybersecurity sector.
“With the emergence of new threats and a rise to prominence of malicious nation state actors, it is important that the cybersecurity sector engages with the Government to ensure that effective cybersecurity solutions are understood and utilised as an enabler across both the public and private sectors,” said Nick Lansman, Co-Founder at Cybersecurity Business Network.
“The event was a great example of how industry and government can come together to discuss how this vibrant sector enables economic growth and resilience for the UK as a whole. We’re looking forward to consolidating the UK’s position as the best place in the world for innovative cybersecurity solutions.”
Who shared their insights?
The event also featured thoughts from other leading voices in the UK cybersecurity sector, including Juliette Wilcox, UK Cyber Ambassador as well as cyber experts from Garrison Technology, Armour Comms and NCC Group.
“As a nation, we need to think more openly about marketing cyber initiatives and UK excellence in cyber, and highlighting these carefully through cybersecurity strategy to proactively drive change in the cybersecurity sector. The CBN will be an instrumental network for UK cybersecurity businesses, acting as a conduit for supporting political cut through,” said Imogen Frearson, Government Engagement Lead and Head of Marketing at Garrison Technology.
The CBN has evolved from the former Transatlantic Cyber Security Business Network (TCBN), which has been rebranded and restructured to tailor services to a predominantly UK membership. For those interested in joining the free membership of CBN or learning more about how they can contribute to and benefit from this initiative, please visit https://cb-network.org/
Join the network below:
Discover new opportunities by becoming a member of CBN today!
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
Andy Williams outlines his predictions for the cyber market in 2023
This month, Andy Williams, co-founder of TCBN, discusses the key cyber threats for 2023 with members
Remember when ransomware attacks were a simple case of cyber criminals preventing access to a target’s files until a ransom was paid? Now, as organisations become more adept at protecting themselves from traditional ransomware attacks, cyber criminals are increasingly adopting more aggressive methods to profit from their attacks.
These include developments in which the attackers not only block access to the victim’s files but threaten to publicly release the organisation’s data. They can also add DDOS attacks to encryption and data exposure threats and directly contact individual stakeholders of an organisation whose personal details have been stolen.
The increasing aggression of cyber attackers will need to be matched by increasingly innovative cybersecurity solutions and practices.
Meanwhile, in advance of the widespread emergence of quantum computing, state-based actors and cyber criminals are known to be harvesting large amounts of critical but currently encrypted data from the web via HNDL (harvest now, decrypt later) attacks. These encrypted files are being stored away until the widespread emergence of quantum computing when the massive uplift in processing power it affords will make it quick and easy to decrypt data that is not currently accessible. The US government is sufficiently concerned about this development that it has just passed the Quantum Computing Preparedness Act, which includes a number of measures requiring federal agencies to prepare to address the cyber threats posed by quantum computing and to adopt quantum safe encryption.
Where the government leads in this area, industry must surely follow. Companies need to start preparing plans now to ensure their systems are quantum-safe going forward.
We would love to hear your thoughts on the main concerns facing you and your customers in 2023 – let us know here: secretariat@transatlantic-cyber.net
TCBN and Department for International Trade survey: RSA 2023
In December, the Transatlantic Cyber Security Business Network circulated an Expression of Interest survey to our members to canvass opinions about attendance at RSA 2023.
This year, we are working with the Department for International Trade (DIT) to help collect views on how the UK Government can enhance opportunities for companies who plan to visit or exhibit at the conference in San Francisco.
If you are a UK cyber company hoping to attend RSA and are interested in engaging on what form of support and engagement you want to get in April, then please submit your answers to the following:
- Expression of interest survey: RSA Conference 2023
The survey will remain open for input until 20 January 2023.
As a reminder, for those members attending – RSA will be running their annual Innovation Sandbox Contest, offering cybersecurity’s boldest new innovators to compete and put the spotlight on their potentially game-changing ideas.
In 2023, 10 finalists will again have three-minutes to make their pitch to a panel of judges while demonstrating groundbreaking cybersecurity technologies to the broader RSA Conference community. Since the start of the contest, the top 10 finalists have collectively seen over 73 acquisitions and raised over $11.46 billion in investments.
Submissions will be open from January 10, 2023 through February 10, 2023 at 8 PM PT.
You May be Interested in
never miss a thing
Sign Up to Hear about News and events
Lorem ipsum dolor sit amet consectetur. Vitae massa odio ultrices pretium quis ut augue quis nulla. Non nisl sit.