- Source: UK cyber security community
The United Kingdom has a diverse cyber security community, interconnected in a complex network.
Public sector bodies
= Legislative
=According to a parliamentary committee the UK government is not doing enough to protect the nation against cyber attack.
EURIM, the Digital Policy Alliance
National strategy
The UK Government periodically publishes a Cyber Security Strategy.
Many of the stakeholders across all categories are engaged with that effort.
Capstone components
The overall responsibility for security within the UK rests with the National Security Council which is a cabinet committee chaired by the Prime Minister tasked with overseeing all issues related to national security, intelligence coordination, and defence strategy.
The internal protective security coordination role for UK government is led by the Government Chief Security Officer (GCSO) within the Cabinet Office, who since 2021 has been Vincent Devine.
The central organisation supporting the GCSO is the Government Security Group (GSG), with a distributed Government Security Function / Government Security Profession across the departments and Arms Length Bodies (ALB), and three National Technical Authorities (NTA), all of which have a role in information and/or cyber security:
The National Technical Authority for Cyber Security (NTA-C) is the National Cyber Security Centre (NCSC) is the UK's authority on cyber security; its parent organisation is GCHQ. It absorbed and replaced CESG (the information security arm of GCHQ) as well as the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the former Centre for the Protection of National Infrastructure (CPNI). NCSC provides advice and support for the public and private sector in how to avoid cyber threats. CESG (originally Communications-Electronics Security Group) was a branch of GCHQ which worked to secure the communications and information systems of the government and critical parts of UK national infrastructure. The NPSA provided protective security advice to businesses and organisations across the national infrastructure.
The National Technical Authority for Protective Security (NTA-P) is the National Protective Security Authority (NPSA) is the successor organisation to CPNI, but retains some elements of information and cyber security that were not transferred to NCSC, including for Cyber Physical Systems (CPS), and for security containers, locks, and structures to protect assets
The National Technical Authority for Technical Security (NTA-T) is the UK National Technical Authority for Counter-Eavesdropping (UK NACE), which deals predominantly with countering technical surveillance
Civilian components
The role of Lead Government Department (LGD) for Cyber Security is currently fulfilled by the Department for Science, Innovation, and Technology (DSIT), having previously rested with:
The Department for Culture, Media, and Sports (DCMS)
The Department for Business, Energy & Industrial Strategy (BEIS)
The Department for Business & Industrial Strategy (BIS)
The Department for Trade and Industry (DTI)
All other government departments and ALBs will have staff in the government security function / government security profession, supporting both their internal staff, and their client communities.
Former bodies in this category include:
The Office of Cyber Security and Information Assurance (OCSIA) supports the Minister for the Cabinet Office, the Rt Hon Francis Maude MP and the National Security Council in determining priorities in relation to securing cyberspace. The unit provided strategic direction and coordinates action relating to enhancing cyber security and information assurance in the UK. The OCSIA was headed by James Quinault., but the function has been subsumed into the Government Security Group.
Defence components
The Ministry of Defence has primacy for information and cyber security within both its civilian and military staffs (approximately 250,000 personnel), and for the Defence Supply Base (DSB - approximately 30,000 companies).
It has two main security organisations:
The Directorate of Security and Resilience (DSR), predominantly focused on physical and personnel security
The Directorate of Cyber Defence and Risk (CyDR), predominantly focused on information and cyber security
These organisation work collaboratively to publish not only the internal rules, but also Defence Standards and Industry Security Notices (ISN)
In April 2016, the MOD announced the creation of the Cyber Security Operations Centre (CSOC) with a budget of over £40 million. It is located at MoD Corsham.
MOD collaborates with the DSB over information and cyber security matters through a number of organisations, including:
Defence Cyber Protection Partnership (DCPP)
Former bodies in this category include:
DIPCOG, the Defence Infosec Product Co-Operation Group
National Cyber Force (NCF)
The National Cyber Force consolidates offensive cyber capabilities from the Ministry of Defence and GCHQ.
= Law Enforcement
=The National Crime Agency (NCA) hosts the law enforcement cyber crime unit, incorporating the Child Exploitation and Online Protection Centre.
Former bodies in this category include:
National High Tech Crime Unit (NHTCU)
= Wider Public Sector
=Within the WPS, there are a number of collaborative bodies, including:
Assurance Specialism Advisory Group (ASAG), which runs the SUAC series of Conferences
Cyber Technical Advisory Group (CTAG), formerly the Public Sector IA Coordination Group (PSIACG)
= Regulatory bodies
=Two regulatory bodies have a specific cyber security related function:
The Information Commissioner's Office (ICO), leading on Data Protection (DP) for Personally Identifiable Information (PII)
OFCOM, leading on telecommunications and broadcast aspects of security
Most other regulatory bodies will have staff covering information and cyber security function for both their internal staff, and their client communities.
Academia
Work in academia on information and cyber security can be delineated into research and teaching.
= Academic Centres of Excellence in Cyber Security Research
=NCSC has accredited several Academic Centres of Excellence in Cyber Security Research:
Queen's University Belfast
University of Birmingham
University of Bristol
University of Cambridge
Cardiff University
De Montfort University
University of Edinburgh
University of Kent
King's College London
Lancaster University
Imperial College London
University College London
Royal Holloway, University of London
Newcastle University
Northumbria University
University of Oxford
University of Southampton
University of Surrey
University of Warwick
Professional bodies
Association of Cyber Forensics and Threat Investigators (ACFTI).
British Computer Society (BCS) is a professional body and a learned society that represents those working in information technology both in the United Kingdom and internationally. It has a security, data and privacy group.
Business Continuity Institute (BCI) was established in 1994 to enable individual members to obtain guidance and support from fellow business continuity practitioners. BCI has a six certification standards to ensure individual practitioners literacy in organizations, responses, and other strategies.
Council of Registered Ethical Security Testers (CREST) is a Not for profit accreditation and certification organization. CREST does not have its own study material and leverage on third party coursework so that the member can become certified. As of 24/8/2022, the cost of CREST membership is 5000GBP for membership of one country chapter and 25000GBP for a regional membership. On two occasions between 2012 and 2014, the examination-related activities of one of more NCC Group employees and candidates breached the CREST Code of Conduct and NCC Group was, as their employer, vicariously responsible for those individuals at the time
Industry groups
ADS is a trade organisation for companies operating in the UK aerospace, defence, security and space industries.
Asset Disposal & Information Security Alliance, ADISA
Crypto Developers Forum (CDF)
IT Security Forum
Law Society
Nominet
Tigerscheme is a commercial certification scheme for technical security specialists, backed by university standards and covering a wide range of expertise. Tigerscheme is CESG certified in the UK and candidates are subject to an independent rigorous academic assessment authority. Tigerscheme was founded in 2007 on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring a recognised and reputable company. In June 2014 the operational authority for Tigerscheme was transferred to USW Commercial Services Ltd.
UK Cloud Pooled Audit Group (UK CPAG) is a membership organisation consisting of the UK's largest banks. Established in 2020 with a mission to use the collective power of the banks to audit Cloud Service Providers such as Google, Amazon and Microsoft. The group is operated by the Worshipful Company of Information Technologists
UK Cyber Security Forum is a social enterprise representing cyber SME's (Small and Medium Enterprise) in the UK. The forum is composed of 20 regional cyber clusters around the UK. Each cluster is run as a subsidiary of the UK Cyber Security Forum and all are operated by groups of volunteers. They provide events around the UK to engage the public in cyber security and to provide continued professional development to cyber professionals. The official clusters are:
Cross-sector bodies
Current bodies that cover multiple sectors include:
British Standards Institution (BSI), the UK's National Standards Body (NSB), which not only produces British Standards (BS) and Publicly Available Specifications (PAS) in the areas of Information and Cyber Security, but also provides the UK interface into international Standards Development Organisations (SDO), including ISO, IEC, ITU-T, CEN, CENELEC, and ETSI. The main Expert Committees for BSI relevant to these topic are IST/33 (Information and Cyber Security) and ICT/003 (Trustworthy Systems)
Trustworthy Software Foundation (TSFdn) which is a UK public good activity aimed to encouraging good proactive in systems specification, realisation, and use, and providing related independent Organisational and Solution Conformity Assessments. It arose from the Trustworthy Software Initiative (TSI), previously the Software Security, Dependability and Reliability Initiative (SSDRI), and the Secure Software Development Partnership (SSDP), which were sponsored
UK Cyber Security Council
Warning, Advice and Reporting Points (WARPs) provide a trusted environment where members of a community can share problems and solutions.
Former bodies in this category include:
Cyber Security Knowledge Transfer Network (CS KTN), as sponsored by Innovate UK (formerly the Technology Strategy Board)
Information Assurance Advisory Council (IAAC) worked across industry, government and academia towards ensuring the UK's information society has a robust, resilient and secure foundation. The IAAC was set up by Baroness Neville-Jones who chaired the organisation until 2007, handing over to the current chairman Sir Edmund Burton. Affiliates include BT Group, Northrop Grumman, QinetiQ, Raytheon, PwC, O2 UK, Ultra Electronics and GlaxoSmithKline. The 2012/13 work programme focused on consumerisation and its effects on information assurance.
The Information Assuarnce Coordination Group (IACG) was formed following the UK's national IA conference in 2006. The IACG encourages greater collaboration between the commercial supply base for information assurance products and services operating within the UK public sector. The group maintained the UK information assurance community map, hosted on the CESG's web site. It has two co-chairs: Colin Robbins of Nexor and Ross Parsell of Thales. The IACG ceased operation in 2014.
General IA Products and Service Initiative (GIPSI), which was largely replaced by NIAF
ITSafe (IT Security Awareness for Everyone) was a former government-funded organisation that provided alerts, which was subsumed into GetSafeOnline
NDI was a former government-funded organisation building supply chains for the MOD and manufacturers using SMEs in the United Kingdom.
See also
British intelligence agencies
References
Kata Kunci Pencarian:
- Government Communications Headquarters
- Pratama Dahlian Persadha
- Peperangan dunia maya
- Indonesia
- Kota cerdas
- Globalisasi
- Perjanjian UKUSA
- Negara Islam Irak dan Syam
- Lady Gaga
- Don Black
- UK cyber security community
- National Cyber Security Centre (United Kingdom)
- UK Cyber Security Forum
- British intelligence agencies
- Cyber Essentials
- National Cyber Force
- Outline of computer security
- Cyberwarfare
- GCHQ
- Cyber Resilience Act