UK cyber security community explained

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

Although the terminology is currently largely aligned to a "cyber" view of the world, it is taken to still include information-related concerns, with previous predominant terminology including:

The significant constituents within that community are probably best understood by grouping into high level categories, namely:

Public sector bodies

Legislative

According to a parliamentary committee the UK government is not doing enough to protect the nation against cyber attack.[1]

Central government

National strategy

The UK Government periodically publishes a Cyber Security Strategy.[3]

Many of the stakeholders across all categories are engaged with that effort.

Capstone components

The overall responsibility for security within the UK rests with the National Security Council which is a cabinet committee chaired by the Prime Minister tasked with overseeing all issues related to national security, intelligence coordination, and defence strategy.

The internal protective security coordination role for UK government is led by the Government Chief Security Officer (GCSO) within the Cabinet Office, who since 2021 has been Vincent Devine.[4]

The central organisation supporting the GCSO is the Government Security Group (GSG), with a distributed Government Security Function / Government Security Profession across the departments and Arms Length Bodies (ALB), and three National Technical Authorities (NTA), all of which have a role in information and/or cyber security:

Coordination of activity across government is through a series of committees, both from within the world of security,[6] and in aligned domains such as the Chief Technology Officers (CTO), and Knowledge and Information Management (KIM).

Civilian components

The role of Lead Government Department (LGD) for Cyber Security is currently fulfilled by the Department for Science, Innovation, and Technology (DSIT), having previously rested with:

DSIT is responsible for supporting and promoting the UK cyber security sector, promoting cyber security research and innovation, and working with the National Cyber Security Centre to help ensure all UK organisations are secure online and resilient to cyber threats.

All other government departments and ALBs will have staff in the government security function / government security profession, supporting both their internal staff, and their client communities.

Former bodies in this category include:

Defence components

The Ministry of Defence has primacy for information and cyber security within both its civilian and military staffs (approximately 250,000 personnel), and for the Defence Supply Base (DSB - approximately 30,000 companies).

It has two main security organisations:

These organisation work collaboratively to publish not only the internal rules, but also Defence Standards and Industry Security Notices (ISN)[8]

In April 2016, the MOD announced the creation of the Cyber Security Operations Centre (CSOC) "to protect the MOD's cyberspace from malicious actors" with a budget of over £40 million. It is located at MoD Corsham.[9] [10]

MOD collaborates with the DSB over information and cyber security matters through a number of organisations, including:

Former bodies in this category include:

National Cyber Force (NCF)

The National Cyber Force consolidates offensive cyber capabilities from the Ministry of Defence and GCHQ.

Law Enforcement

The National Crime Agency (NCA) hosts the law enforcement cyber crime unit, incorporating the Child Exploitation and Online Protection Centre.

Former bodies in this category include:

Wider Public Sector

The Wider Public Sector (WPS) covers both the Central Government and Law Enforcement categories that are itemised separately, but also elements such as:

Within the WPS, there are a number of collaborative bodies, including:

Former bodies in this category include:

Regulatory bodies

Two regulatory bodies have a specific cyber security related function:

Most other regulatory bodies will have staff covering information and cyber security function for both their internal staff, and their client communities.

Academia

Work in academia on information and cyber security can be delineated into research and teaching.

Academic Centres of Excellence in Cyber Security Research

NCSC has accredited several Academic Centres of Excellence in Cyber Security Research:[16]

Professional bodies

Industry groups

!UK Cyber Clusters
Bristol and Bath Cyber
Bournemouth Cyber Cluster
Cambridge Cluster
East Midlands
London
Malvern Cluster
Norfolk Cyber Cluster
North East Cyber Cluster
North Wales
North West Cluster
N Somerset Cluster
Oxford
Scottish Cyber Cluster
Solent Cyber Cluster
South Wales
South West Cyber Cluster (Exeter)
Sussex Cluster
Thames Valley Cluster
West Midlands Cluster
Yorkshire Cluster

Cross-sector bodies

Current bodies that cover multiple sectors include:

Former bodies in this category include:

International Linkages

Many of these categories will provide linkages from the UK to other nations' activities in cyber security, including:

See also

Notes and References

  1. https://www.theguardian.com/technology/2018/nov/19/uk-wholly-unprepared-to-stop-devastating-cyber-attack-mps-warn UK 'wholly' unprepared to stop devastating cyber-attack, MPs warn
  2. Web site: EURIM.
  3. Web site: UK Cyber Security Strategy. HMG.
  4. Web site: GCSO . HMG.
  5. Web site: HM Government. National Cyber Security Strategy 2016-2021. gov.uk. 2 November 2016. 1 November 2016.
  6. Web site: Committees .
  7. Web site: OCSIA. 2013-01-14. 2013-01-23. https://web.archive.org/web/20130123174427/http://www.cabinetoffice.gov.uk/content/office-cyber-security-and-information-assurance-ocsia. dead.
  8. Web site: ISN . 14 December 2023 . HMG.
  9. Web site: Defence Secretary announces £40m Cyber Security Operations Centre. Ministry of Defence. 2 April 2016. 1 April 2016. 25 April 2019. https://web.archive.org/web/20190425061752/https://www.gov.uk/government/news/defence-secretary-announces-40m-cyber-security-operations-centre. live.
  10. News: Hammick . Murray . 30 October 2018 . The Budget and Defence . The Military Times . London . 7 May 2020 . 22 October 2019 . https://web.archive.org/web/20191022115351/https://www.themilitarytimes.co.uk/uncategorised/the-budget-and-defence/ . dead .
  11. Web site: DCPP . 23 November 2023 . HMG.
  12. Web site: DISA .
  13. Web site: UK CeB.
  14. Web site: Cyber Technical Advisory Group. 2023-12-24.
  15. Web site: ICO - About . 20 November 2023 . 2023-12-24.
  16. Web site: Academic Centres of Excellence in Cyber Security Research. NCSC.
  17. Web site: ACFTI UK.
  18. Web site: BCS Security.
  19. Book: Kaye, David.. Managing risk and resilience in the supply chain. 2008. BSI Business Information. 978-1-62198-414-6. London [England]. 849744629.
  20. Web site: Home . crest-approved.org.
  21. Web site: ISSA UK.
  22. Web site: ADS.
  23. Web site: CDF.
  24. Web site: techUK.
  25. Web site: Intellect Cyber Security. 2013-01-14. 2013-06-14. https://web.archive.org/web/20130614125032/http://www.intellectuk.org/defence-and-security-members-councils-groups/5697. dead.
  26. Web site: Intellect Defence & Security. 2013-01-16. 2013-06-14. https://web.archive.org/web/20130614111404/http://www.intellectuk.org/defence-and-security-members-councils-groups/3614. dead.
  27. Web site: Home . tigerscheme.org.
  28. Web site: BSI - NSB. www.bsigroup.com . 2023-12-24.
  29. Web site: NIAF. 2023-12-24.
  30. Web site: Trustworthy Software Foundation . 2023-12-24 .
  31. https://www.gov.uk/government/news/protecting-and-promoting-the-uk-in-a-digital-world-2-years-on Protecting and promoting the UK in a digital world: 2 years on
  32. Web site: UKCSC. 2023-12-24.
  33. Web site: WARP.
  34. Web site: IAAC. 2013-01-14. 2018-04-10. https://web.archive.org/web/20180410103034/http://www.iaac.org.uk/. dead.
  35. Web site: IAAC - Neville-Jones.
  36. Web site: IAAC Sponsors. 2016-05-17. 2017-06-07. https://web.archive.org/web/20170607235623/http://www.iaac.org.uk/about/sponsors. dead.
  37. Web site: Establishment of the IACG. http://webarchive.nationalarchives.gov.uk/20080305141506/http://www.cabinetoffice.gov.uk/csia/ia_technical_programme/stakeholders/industry.aspx. dead. 2008-03-05. National Archives.
  38. Web site: IACG Overview.
  39. Web site: IA Community Map. 2013-01-14. 2013-07-31. https://web.archive.org/web/20130731001653/http://www.cesg.gov.uk/Publications/Documents/uk_ia_community.pdf. dead.
  40. EC2ND 2006 - Proceedings of the Second European Conference on Computer Network Defence, 2006
  41. Web site: NDI UK. 2013-08-21. 2016-10-21. https://web.archive.org/web/20161021183318/http://ndi.org.uk/. dead.