National Cyber Security Centre doesn't need its own minister, UK.gov tells Parliament
The British government has rejected Parliamentary calls for greater ministerial control over the National Cyber Security Centre (NCSC), an arm of secretive spy agency GCHQ.
In addition, the government affirmed that it will actively try to remain a part of the EU's Networks and Information Systems Co-operation Group, as well as its "associated work streams, and with the network of Computer Security Incident Response Teams" after Britain leaves the EU, which is currently set for the end of this month.
The news will come as a relief to those who believe British national security is under threat if EU sources of cybersecurity information are closed off to the UK after Brexit.
In its response to a House of Commons report (PDF) about the security of UK critical national infrastructure (CNI), the government said that the current oversight setup for the NCSC, where it answers to the Foreign Secretary via a long chain of officials and ministers, is "the most effective way of achieving our vision of cyber security as a core, embedded part of Government policy for every CNI sector".
Parliament's Joint Committee on the National Security Strategy had previously criticised the government for not having a Cabinet Office minister dedicated to overseeing the NCSC, as well as Britain's CNI infosec improvement efforts.
The government also refused, in its response to Parliament published yesterday, to produce annual reports into how the National Cyber Security Programme (NCSP) was being delivered. These reports were something that the previous Conservative-Liberal Democrat coalition government led by David Cameron was happy to do. Parliament described this refusal as "a backwards step, given that the previous Government published Annual Reports and high-level budget breakdowns by activity".
Although £1.9bn of taxpayers' money is spent on that strategy every year, the government refuses to tell the public what its money is being spent on because of "national security reasons", though it did add that a National Audit Office report into the NCSP will be published later this year.
UK CNI companies are "ultimately responsible" for the security of those installations, said the government's response to Parliament. It appears that the tension between those who believe the government should directly run cybersecurity efforts and those who believe industry knows best what measures need to be taken has yet to be resolved. For now, the government sides with the latter half of the argument. But a bone has been thrown to those who think the state knows best.
It said: "We note the recommendation regarding mandatory corporate reporting on cyber resilience, and will give this further consideration, building on analysis undertaken as part of the 2016 Cyber Security Regulation and Incentives Review. The government agrees that cyber insurance has a part to play in reducing cyber risk."
Separately from the report response, the government also quietly reiterated that it has a controversial "hack back" unit at its fingertips.
"Britain now has a National Offensive Cyber Programme, delivered by a Joint Mission between GCHQ and the Ministry of Defence," said foreign secretary Jeremy Hunt, who was giving a speech in Glasgow, Scotland yesterday.
Industry: Cyber Security News
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.