A leading cyber security expert is urging contractors to prepare for the imminent launch of the Government’s new approach to security – called Secure By Design – or risk missing out on Government contracts.
This mandatory new approach, which incorporates cyber security into the delivery of digital services at every stage of their development, is now embedded in both the Government Cyber Security Strategy and the Transforming for a Digital Future roadmap.
Strategic cyber security expert George Bathurst, who will be running a risk-based masterclass in July to help explain the new framework, explained: “Anyone bidding for a Government contract where systems are at risk of a cyber-attack will have to prove that their approach is safe and secure – at every step of the process.
“All too often, design teams ignore security early in a project, seeing it as a blocker, and make decisions which are too expensive to reverse later, when it becomes apparent that the design cannot easily be secured.
“The new system involves continual risk-based assurance, starting from project conception, rather than late in a project, which creates unwelcome expense. This will put security where it belongs, aligned with project governance.”
Mr Bathurst, a director at Bee.Net, is hosting in-person events on Wednesday July 5 from 1pm-5pm and Tuesday July 11th from 5pm-9pm at the Institution of Engineering and Technology (IET) in London, to explain to contractors how they can best prepare for the new Government policy, which is currently published in Beta on the Cabinet Office website and due to be formally launched in Defence in July 2023. Places can be booked via the www.bee-net.co.uk website.
The Government is not immune from cyber-attacks, resulting in considerable disruption and expense, and is investing £22 billion on research and development, putting technology at the heart of its plans for national security, as revealed in its new National Cyber Strategy last year.
Mr Bathurst added: “Just recently, the National Cyber Security Centre warned of a heightened risk of cyber-attacks on critical infrastructure. There is no room for complacency.
“Poor project design can have disastrous consequences for national safety and security, if our defence, health, financial, judicial and other systems are not robust from the threat of cyber-attacks.
“This approach will help teams to make better design decisions early, consciously and accountably. This, in turn, will not only make Government more secure through continual risk management, it will also result in a better end product and save money.
“With the new system, contractors will need to understand the policy, process, tools and guidance to help them implement better security solutions, using open standards such as the NIST 800-37 risk management framework, which provides non-technical questions for project managers.
“This, in turn, will change what government staff perceive as acceptable and desirable behaviour, and will make knowledge sharing easier, improve government procurement and project management, and align with best practice in the industry.”
If you would like to join our community and read more articles like this then please click here
Post written by: Vicky Maggiani
Vicky has worked in media for over 20 years and has a wealth of experience in editing and creating copy for a variety of sectors.
RELATED ARTICLES
November 19, 2024
OSINT Technology advances are just what the UKs hard-pressed defence sector needs
Open-source intelligence (OSINT) is now critical to defence and national security, but the sheer volume of available online multi-media data
October 21, 2024
International opportunities abound
How defence contractors benefit from increased defence spend and strategic cross-border initiatives, article submitted by Richard Tall, Hans Mehrens,
