Cyber security in defence supply
Cyber security is once again on the front pages and tops the list of security concerns following another round of high-profile attacks.
With the sector experiencing exponential growth, and the technology falling into every area of industry, business, finance, health, government, and personal sectors, cyber security underpins the continued development of the global digital economy. Its technologies protect our personal data and messages online, safeguard the intellectual property of businesses and secure our critical national infrastructure.
techUK’s Cyber Security programme is an active leader in the sector, providing a channel for the industry to engage with commercial and government partners giving intelligence on the threat landscape, as well as increasing cyber exports, stimulating awareness, and demand, for cyber security in the UK.
Providing secretariat for the Cyber Growth Partnership, a government backed initiative chaired by Matt Hancock, techUK is fully immersed in stimulating demand and growth for the sector.
We spoke to Talal Rajab, Head of Programme for techUK’s Cyber and National Security programmes, about the sector and its focus throughout 2017.
Having originally joined techUK as Programme Manager, Talal manages strategic relationships between Government and industry members on cyber and national security related issues, in particular through the Cyber Growth Partnership. He also leads techUK’s work on the Investigatory Powers Act and has led on a number of cyber security related research projects.
This year, techUK is keen to focus on government strategy, initiatives and awareness, in particular aligning with the National Cyber Security Centre, and becoming a key partner between industry, pubic sector and government.
Talal explained that techUK’s work encompasses public sector cyber security, such as DWP or HMRC or local government, where there is a vast amount of opportunities for cyber security companies as government puts forward this whole digital-first and digital-transformation agenda.
“We are looking at the challenges local government is facing for example. How are they positioning themselves for 2017 and what does industry need to know about in terms of what is coming on the horizon? Therefore creating an informed supplier community that knows what the challenges are for local government, as well as an informed buyer, who knows what they need.”
techUK also supports Private sector growth, with a focus on financial services and the whole world of connectivity.
He said: “There are a lot of opportunities out there. It is a vast market and it can be quite difficult if you are a cyber SME to understand whom you need to speak to, or what sectors you need to focus on, etc. So we do a whole host of leadership work on these topics in partnership with other trade bodies. For example we work with the Federation of Small Businesses to talk about cyber security for SMEs, with the British Bankers Association to look at some of the banks, and the British Retail Consortium to look at retailers and the retail sector. The idea behind that is to bring their members together with our members to talk about some of the key issues and try to create some network opportunities for people.”
The other area techUK can help members is in export. Many of the UK-born cyber security companies are small and can find the export market difficult to negotiate. And the UK has a great reputation in this sector, so there are growing numbers of opportunities to sell our capabilities.
Talal says: “They see the UK as a world leader in this regard so some of these companies find it easier selling aboard than they do here. We will run workshops for some of these companies, help bring in foreign delegations to talk to some of the companies and network with them and so forth.”
Cyber security is a massive issue for industry, and next year sees GDPR introduced. We asked Talal if this really is going to be the game changer it is being heralded as.
“Without wanting to sit on the fence there are two ways of looking at it.” He says, “One is that it is over-hyped, that we have been here before with various legislation and GDPR will not be that instant change that a lot of people are thinking it is going to be. However, there is another school of thought that sees it as the big game changer, especially for large organisations who could be fined 4% of global turnover! and that can really, really dent their revenue. So in that case, GDPR is going to make them take cyber security more seriously. Discussions that we are having with other organisations and some of our own members is that they are putting in policies and procedures now in order to be compliant by May 2018.
“I would say an area of concern is further down the line in the supply chain, when you have got SMEs and small businesses who haven’t heard of GDPR and when this starts to come into play they are going to be completely surprised and shocked by it, or think they are not relevant, won’t be affected by it when in fact they will.”
Is this where CyberEssentials would come in?
“The problem is, it’s needed across the board, not just defence. Every company across the UK needs to get their cyber security essentials in order. Cyber Essentials, is a good scheme, while not perfect, it does provide a very good basic foundation for cyber security within an organisation.
“If you look back to 2014, the government announced that they would mandate Cyber Essentials for all public sector contracts that involved confidential and sensitive information, I would argue that should be extended to all providers to the public sector. It just makes sense, and what we see with MOD doing it, is that has changed. We are getting a lot of companies in Andy’s (Andy Johnston – techUK Defence) programme in defence approaching me saying what is Cyber Essentials and how do I get it?”
In order to meet demand, techUK have run workshops for Cyber Essentials to help their members, and demand continues to grow: “I have spoken to a member who provides CyberEssential Certification, and they have been approached by a company that provides fleet cars in Wales. They now need to go through Cyber Essentials because it was part of their contract. All this is a good sign that cyber security is high on the agenda for most businesses.”
So the message is clear, cyber attacks are developing and becoming more sophisticated all the time, therefore your cyber protection needs to be robust. Taking small steps can help you clear that worry and can help you win contracts you would otherwise miss out on.
If you would like to join our community and read more articles like this then please click here