The much anticipated new version of the Cyber Security Strategy is finally out. But is it any good? Well, generally its reception has been good and, from an Intellect point of view, we support it.

In particular, Intellect was very pleased to see some recommendations from our November 2010 paper Improving Cyber Security Partnerships reflected in the strategy. For example, our recommendations about HMG sharing cyber threat information with the private sector,  the adoption of a widely recognisable kitemark, the rationalisation of UK standards applicable to cyber security products and solutions, and greater transparency of public funded research on cyber security have been incorporated into the HMG’s 2011 Cyber Security Strategy. It is also encouraging that our input into this strategy has also been incorporated into the document.

So what does it say?

First of all, the strategy recognises that the Internet is vital to the UK’s economy. Internet businesses comprise 6% of GDP and are slated to create 365,000 jobs over the next five years. Moreover, HMG’s ‘digital by default’ agenda and its move to migrate services to the cloud will mean that the UK will become more and more dependent on cyber space for our public services.

These growth figures are mimicked internationally. For example, e-commerce sees US$8 trillion change hands annually and current estimates suggest that for every 10% increase in broadband access, global GDP will rise, on average, by 1.3%.

As a result, ensuring that the UK is a safe place to do business is critical to the economic wellbeing of the UK.

The strategy also rightly makes the point that cyber security cannot be achieved by placing responsibility solely in the hands of HMG. However, the view from HMG is companies need to ensure their IPR is protected adequately and need to ensure cyber is recognised at a board level. It’s also been suggested by Government that company audit committees should routinely review this risk.

Some companies are already very good at protecting themselves from the cyber threat. Unsurprisingly, these tend to be the Defence Primes or Internet Technology Companies. This means, other companies – both in the UK and worldwide – need to take action to protect themselves and recognise cyber as a real risk to their business. Achieving cyber security does not require massive investment in new technology. It’s largely accepted that 80% of cyber risks can be addressed by applying good practice within companies, which would include keeping anti-malware applications up to date, ensuring operating system and third party application updates are installed quickly and educating staff correctly.

One of the most important recommendations in the new strategy is the call for greater co-operation between HMG and the private sector with regard to cyber security. Organisations such as GCHQ will now need to work in partnership with commercial organisations. This recommendation is being implemented through the development of a hub and node solution to share information and best practice between the public and private sectors. Intellect and its members fully support this activity. In fact, Intellect – along with ADS – has been working with 25 of its members for the last six months to develop a virtual node that will enable companies in the advanced technology industry to share cyber threat information with each other. We hope that, over time, this node will be integrated into HMG’s Hub initiative.

Intellect also praises the strategy’s recognition that cyber presents a host of opportunities to UK business. Therefore, UKTI will be committed to working with trade associations to ‘to turn the threat into opportunity and make strong cyber security a positive for all UK businesses’.

So how will this affect your business?

Intellect suspects that the impact of the Cyber Security Strategy will be that ‘cyber’ will become part of normal business risk assessment. There will be more pressure from clients (particularly public sector clients), shareholders, and auditors to demonstrate how your business is mitigating cyber threats.

These greater expectations will be complemented by the general public, commercial entities, and public sector customers having better knowledge and an easier time in mitigating the cyber threat. This is because ‘kite-marked’ products, cyber-specific standards, and best or good practice guides will be developed and widely distributed.

To support this Intellect will be issuing its good practice guide aimed at SMEs in early to mid 2012 and will continue to work in partnership with ADS to deliver the advanced technology industry node (Virtual Task Force) next year.

Technorati Tags: Cabinet Office, cyber, Cyber Hub, cyber security strategy, Cyber Strategy, GCHQ, Hub, Kitemark

Following the publication of the strategic implementation plan (SIP) for the government ICT strategy, the Cabinet Office yesterday published sub-strategies for 4 of its 19 delivery areas – cloud, green ICT, end-user devices and ICT capability.  For ease of reference for Intellect members, we have highlighted some of the key points from each of the four strategies.

In addition, here are some of our observations on each of the four sub-strategies.

Government Cloud – The vision of the G-cloud strategy shows that the UK government is in step with the industry.  Commitments to a ‘public cloud first policy’, the move to ‘on-demand delivery’ and buying more solutions from the market ‘as is’ are on the money.  (more…)

Technorati Tags: Cabinet Office, capability, cloud, end user devices, Government ICT, green ICT

The Cabinet Office has today published updated guidance for ‘Government ICT Offshoring (International Sourcing)’

This is essentially a ‘how to’ guide to offshoring, with the underlying message that offshoring (even where personal data is involved) is now acceptable given appropriate risk assurance, security of information, etc. The guidance states that this is not a new policy, but we note that this is a change in emphasis of the government’s default position. Here is an extract from the summary:

“In order to maximise value for money in procuring services, and uphold their ‘duty to safeguard public funds’ CIOs will want to ensure that potential suppliers are aware that offshore solutions will be considered and they may want to utilise the potential capability advantage and cost savings of globally provisioned shared or cloud services. But CIOs will also want to ensure that potential suppliers understand clearly the requirements that they will have to meet. Finally, the CIO will need a clear understanding of both the benefits and risks of offshore solutions in order to make a sound evaluation of such offers, before committing to proceed.

“From a security perspective, data, information or services may normally be offshored provided that … high-level Information Assurance (IA) requirements can be met.”

How will this affect your business? Sound off with a comment below.

Technorati Tags: Cabinet Office, government, ICT, offshoring

Today the government has announced greater centralisation of purchasing for common goods and services. This makes good sense, and is something the technology industry has long advocated as a way to minimise duplication and reduce the costs of procurement (though ICT services can be slightly more complicated than stationery, of course). Even greater savings will be possible if local public service delivery bodies take advantage of centralised deals, and the technology industry is keen to do its part to help make this possible.

(more…)

Technorati Tags: Cabinet Office, Innovation Den, intellect, John Collington, procurement, SMEs, Stephen Allott

The latest of our Innovation Den’s took place yesterday and saw a total of 23 SME member companies pitching their ideas to three separate panels of representatives from central government, local government and large suppliers to the public sector. The number of follow- up appointments requested following the presentations totalled at around 30 which was hugely encouraging. (more…)

Technorati Tags: Cabinet Office, Innovation Den, SMEs, Stephen Allott

09:35 I’m sitting here at the Tower with a couple lovely ladies from the National Archive Office and a gentleman from Steria (also lovely). Compared to last year, it’s now a lot easier to have a chat with my fellow attendees as we are sat in cabaret style (instead of theatre style) in a giant hall at the Guoman Tower Hotel. Flat screen televisions around the room so that everyone in the back can see what’s on the screen. Nice air-con. Just about ready to get going.

09:40 John Higgins (Intellect’s director general) steps up to the stage following a funky, trance music intro. Scattered grooving throughout the room (to the music).
(more…)

Technorati Tags: Cabinet Office, Lord Davies, Public Sectors, public service reform, Tom Watson, Tower '09

Next Thursday (14 May), a few hundred government representatives will be gathering with senior members of the industry at the Intellect-Cabinet Office event, Tower ’09. I’ll be blogging live from the ‘Tower’ to give you an update on the government’s vision for wider public sector reform, and the visions, experiences and innovations shared by key government figures.

Our cadre of top-notch speakers, including Tom Watson MP (parliamentary secretary) and Lord Davies (the trade minister), will be looking at themes such as open government, empowering people and businesses, and driving service transformation to increase productivity and innovation.

I hope to see you then and/or in the blogosphere.

Technorati Tags: Cabinet Office, Tower '09