National Cyber Security Centre doesn't need its own minister, UK.gov tells Parliament
The British government has rejected Parliamentary calls for greater ministerial control over the National Cyber Security Centre (NCSC), an arm of secretive spy agency GCHQ.
In addition, the government affirmed that it will actively try to remain a part of the EU's Networks and Information Systems Co-operation Group, as well as its "associated work streams, and with the network of Computer Security Incident Response Teams" after Britain leaves the EU, which is currently set for the end of this month.
The news will come as a relief to those who believe British national security is under threat if EU sources of cybersecurity information are closed off to the UK after Brexit.
In its response to a House of Commons report (PDF) about the security of UK critical national infrastructure (CNI), the government said that the current oversight setup for the NCSC, where it answers to the Foreign Secretary via a long chain of officials and ministers, is "the most effective way of achieving our vision of cyber security as a core, embedded part of Government policy for every CNI sector".
Parliament's Joint Committee on the National Security Strategy had previously criticised the government for not having a Cabinet Office minister dedicated to overseeing the NCSC, as well as Britain's CNI infosec improvement efforts.
The government also refused, in its response to Parliament published yesterday, to produce annual reports into how the National Cyber Security Programme (NCSP) was being delivered. These reports were something that the previous Conservative-Liberal Democrat coalition government led by David Cameron was happy to do. Parliament described this refusal as "a backwards step, given that the previous Government published Annual Reports and high-level budget breakdowns by activity".
Although £1.9bn of taxpayers' money is spent on that strategy every year, the government refuses to tell the public what its money is being spent on because of "national security reasons", though it did add that a National Audit Office report into the NCSP will be published later this year.
UK CNI companies are "ultimately responsible" for the security of those installations, said the government's response to Parliament. It appears that the tension between those who believe the government should directly run cybersecurity efforts and those who believe industry knows best what measures need to be taken has yet to be resolved. For now, the government sides with the latter half of the argument. But a bone has been thrown to those who think the state knows best.
It said: "We note the recommendation regarding mandatory corporate reporting on cyber resilience, and will give this further consideration, building on analysis undertaken as part of the 2016 Cyber Security Regulation and Incentives Review. The government agrees that cyber insurance has a part to play in reducing cyber risk."
Separately from the report response, the government also quietly reiterated that it has a controversial "hack back" unit at its fingertips.
"Britain now has a National Offensive Cyber Programme, delivered by a Joint Mission between GCHQ and the Ministry of Defence," said foreign secretary Jeremy Hunt, who was giving a speech in Glasgow, Scotland yesterday.
source theregister
Industry: Cyber Security News
Latest Jobs
-
- PCI QSA needed. Discreet Opportunity | London | Client facing
- London
- N/A
-
CH08421 PCI QSA needed. Discreet Opportunity | London | Client facing. Payment Card Industry - Qualified Security Assessor - London Seeking someone looking to accelerate their career, into a variety of interesting clients / projects. Must be happy to be onsite with clients- this is not a fully remote role. You must currently hold a valid CISSP or CISM or ISO27001 lead implementer certification AND one of the following; CISA, GSNA, iso27001 lead Auditor, CIA or IRCA ISMS auditor+ Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Security Operations / information Security Analyst / Engineer. London
- London
- N/A
-
Security Operations / information Security Analyst / Engineer needed for a London opportunity. A technical hands on role to investigate, escalate and proactively work to protect a globally recognised brand. Someone with SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Security Cleared Penetration Tester: United Kindom
- N/A
- N/A
-
Security Cleared Penetration Tester Deliver technical Penetration tests to the NCSC CHECK standard. Active CHECK Member or Leader status desirable either in Web Application or Infrastructure. Reach out to find out more. Whatsapp directly here https://wa.me/message/6USF5RAQBOZIP1 Or apply today