National Cyber Security Centre doesn't need its own minister, UK.gov tells Parliament
The British government has rejected Parliamentary calls for greater ministerial control over the National Cyber Security Centre (NCSC), an arm of secretive spy agency GCHQ.
In addition, the government affirmed that it will actively try to remain a part of the EU's Networks and Information Systems Co-operation Group, as well as its "associated work streams, and with the network of Computer Security Incident Response Teams" after Britain leaves the EU, which is currently set for the end of this month.
The news will come as a relief to those who believe British national security is under threat if EU sources of cybersecurity information are closed off to the UK after Brexit.
In its response to a House of Commons report (PDF) about the security of UK critical national infrastructure (CNI), the government said that the current oversight setup for the NCSC, where it answers to the Foreign Secretary via a long chain of officials and ministers, is "the most effective way of achieving our vision of cyber security as a core, embedded part of Government policy for every CNI sector".
Parliament's Joint Committee on the National Security Strategy had previously criticised the government for not having a Cabinet Office minister dedicated to overseeing the NCSC, as well as Britain's CNI infosec improvement efforts.
The government also refused, in its response to Parliament published yesterday, to produce annual reports into how the National Cyber Security Programme (NCSP) was being delivered. These reports were something that the previous Conservative-Liberal Democrat coalition government led by David Cameron was happy to do. Parliament described this refusal as "a backwards step, given that the previous Government published Annual Reports and high-level budget breakdowns by activity".
Although £1.9bn of taxpayers' money is spent on that strategy every year, the government refuses to tell the public what its money is being spent on because of "national security reasons", though it did add that a National Audit Office report into the NCSP will be published later this year.
UK CNI companies are "ultimately responsible" for the security of those installations, said the government's response to Parliament. It appears that the tension between those who believe the government should directly run cybersecurity efforts and those who believe industry knows best what measures need to be taken has yet to be resolved. For now, the government sides with the latter half of the argument. But a bone has been thrown to those who think the state knows best.
It said: "We note the recommendation regarding mandatory corporate reporting on cyber resilience, and will give this further consideration, building on analysis undertaken as part of the 2016 Cyber Security Regulation and Incentives Review. The government agrees that cyber insurance has a part to play in reducing cyber risk."
Separately from the report response, the government also quietly reiterated that it has a controversial "hack back" unit at its fingertips.
"Britain now has a National Offensive Cyber Programme, delivered by a Joint Mission between GCHQ and the Ministry of Defence," said foreign secretary Jeremy Hunt, who was giving a speech in Glasgow, Scotland yesterday.
source theregister
Industry: Cyber Security News
Latest Jobs
-
- Infrastructure (Network / Security) Engineer | West London commutable | Permanent
- London
- Apply today
-
Infrastructure (Network / Security) Engineer | West London commutable | Permanent This is an in house opportunity. Looking for someone that has on prem / data center experience MUST be a currently hands on config, Install, upgrade, troubleshooting experience Routing, Switching, Network Security (firewall, IDS etc), Microsoft Active Directory / 365. VMWare Scripting / automation experience wanted. Python, Powershell etc Must be commutable to West London twice a week. Visa sponsorship not available. Apply today for more information Book a call via this link https://calendly.com/d/crqf-t28-7tb
-
- Identity & Access Management Architect
- Edinburgh
- Upto £95000 plus bonus and benefits
-
Location: Edinburgh | Hybrid Working | Permanent Are you an experienced Identity & Access Management professional with a passion for designing and implementing cutting-edge security solutions? We are looking for a Lead Architect, where you’ll play a key role in helping clients enhance their IAM capabilities, protect critical data, and navigate complex security challenges. About the Role As a Lead Architect, you will be responsible for shaping and delivering IAM strategies, designing robust security solutions, and driving long-term digital transformation. You’ll leverage your expertise to provide strategic guidance on areas such as: Identity Governance & Administration (IGA) Privileged Access Management (PAM) Access Management (AM) Entitlement Management Directories & Authentication Solutions You will have the opportunity to work with innovative technologies and frameworks, ensuring that businesses can securely manage access to critical assets while enabling growth. What You’ll Be Doing Providing subject matter expertise in IAM and leading transformation projects for clients Developing IAM roadmaps, operating models, and governance frameworks Driving innovation by integrating IAM capabilities into wider digital transformation strategies Building and maintaining strong relationships with clients and stakeholders Designing and implementing scalable IAM solutions to meet business needs What We’re Looking For Proven experience in IAM strategy, solution architecture, or assurance Strong leadership skills with experience guiding technical teams Ability to work in a client-facing role, delivering clear communication and insights A technology-focused, innovative mindset with strong business acumen Willingness to work from our Edinburgh office 2-3 days per week