The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 million) to implement it.
Setting up a Government Cyber Unit
“Cyber attacks can take vital public services offline in minutes, disrupting lives and undermining confidence,” the UK Department for Science, Innovation and Technology (DSIT) said. “The new plan addresses this challenge head-on.”
Part of the plan is the establishment of a Government Cyber Unit within DSIT, to drive cyber security and resilience transformation across the UK government and the country’s public sector and provide direction to those organizations.
The unit will be in charge of setting and maintaining mandatory cyber risk management policies and standards, informing the government and public sector about emerging cyber threats, overseeing relationships with government suppliers, providing cyber security and resilience services to those organizations, helping them prepare for, respond to, and recover from cyber and technology incidents, and more.
The Government Cyber Unit will be led by the Government Chief Information Security Officer (CISO).
“We are not starting from scratch; we are scaling what works, learning from successes across the public sector and our international partners,” commented Digital Government Minister Ian Murray.
“This plan will go further than we have before, prioritising cyber resilience and ensuring we have strong central leadership driving cross-government response. It will enable departments, through central services and targeted support, and will see the launch of a new Government Cyber Profession which will not only ensure we continue to attract and retain the best talent but also support development skills throughout the UK.”
The building phase of this new Cyber Action Plan is expected to be complete by April 2027, followed by two years of scaling efforts, with improvement actions scheduled for April 2029 and beyond.
Ric Derbyshire, Principal Security Researcher at Orange Cyberdefense, says that the publication of the Government Cyber Action Plan is a clear signal of how government is thinking about cyber security across digital public services, and that £210 million of investment and the formal creation of the Government Cyber Unit are welcome.
“Central coordination and sustained funding have often been fragmented or short-lived in the past, so it’s encouraging to see both called out explicitly,” he noted.
He also noted that, with the push to deliver the Cyber Security and Resilience Bill, it’s positive to see that the government is not only focused on raising expectations across critical sectors and supply chains, but also on addressing its own cyber security challenges.
“That timing also matters in the current geopolitical climate. Cyber-attacks against public services are an obvious vector in hybrid warfare, where disrupting service delivery can undermine societal trust and cohesion,” he added.
“Early days, and delivery will matter more than structure, but this looks like a constructive step for government and a useful signal for the wider cyber community.”
The Software Security Ambassador Scheme
DSIT has also announced a new Software Security Ambassador Scheme to help drive adoption of the (voluntary) Software Security Code of Practice, aimed at tacking software supply chain attacks and disruption cause by them.
“Software underpins the economy as a core component of all technologies that businesses rely on. Yet weaknesses in software can cause severe disruption to supply chains and the essential services the public use every day with more than half (59%) of organisations experiencing software supply chain attacks in the past year,” DSIT noted, and pointed out that embedding basic software security practices across the software market is a must.
Big players like Cisco, Palo Alto Networks, Sage, Santander and NCC Group are coming on board as the scheme’s ambassadors, championing secure development practices across sectors and providing feedback for future policies.
Matt Cooke, Director of Cybersecurity Strategy at Proofpoint, noted that APT groups and cybercriminals are increasingly targeting the interconnectedness of government by using vulnerabilities in the vendor ecosystem.
“The challenge is that modern government services rely on a complex web of third-party cloud services and collaboration platforms. This distributed supply chain has expanded the human attack surface exponentially. Attackers are leveraging this trust by using sophisticated credential theft and account takeover techniques to move laterally from a supplier directly into the heart of government departments,” he commented.
“While centralised incident response through the Government Cyber Unit is a positive step, the focus must shift toward proactive supply chain integrity. Protecting digitised public services requires a move away from legacy thinking. We must secure the individuals who manage these systems and ensure that any link in the supply chain, no matter how small, cannot become a single point of failure for our national digital infrastructure.”
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
