Statement from hm government on the adoption of uk cyber security council standards

* Department for Science, Innovation & Technology Policy paper STATEMENT FROM HM GOVERNMENT ON THE ADOPTION OF UK CYBER SECURITY COUNCIL STANDARDS Published 15 May 2024 This was

published under the 2022 to 2024 Sunak Conservative government CONTENTS * Statement * Government commitments * Regulator commitments * Industry adoption of standards Print this page © Crown

copyright 2024 This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit

nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected].

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned. This publication is available at

https://www.gov.uk/government/publications/government-statement-on-the-adoption-of-uk-cyber-security-council-standards/statement-from-hm-government-on-the-adoption-of-uk-cyber-security-council-standards

STATEMENT HM GOVERNMENT TO STRENGTHEN ITS APPROACH TO CYBER SKILLS BY EMBEDDING UK CYBER SECURITY COUNCIL STANDARDS ACROSS ITS CYBER WORKFORCE BY 2025. Cyber attacks on public institutions,

coupled with a heightened awareness of the intent and capabilities of malicious state actors, serve as a reminder that cyber risks are increasing in terms of frequency, severity, and

complexity. Without a first-class cyber security workforce, we cannot be resilient against current threats. It has been challenging for employers to understand whether they have the skills

they need, and it has been equally difficult for people to demonstrate their own competence and to progress their careers. These problems are addressed in other professions, like engineering

and audit, through standards and regulated professional titles. Cyber security should be no different.  The National Cyber Strategy clearly sets out the criticality of building cyber skills

at a national level as a mechanism for achieving our goal of operating as a responsible and democratic cyber power. In support of this ambition, over the past few years, the UK government

has supported the establishment of the UK Cyber Security Council underpinned by Royal Charter. The Council will define the professional standards for cyber security professionals operating

in the UK. It will oversee the bodies licenced to assess against those standards and hold the register of cyber security practitioners in the UK. The Council will simplify today’s complex

landscape of qualifications, providing clear pathways for practitioners and employers.   The establishment of the Council marks a significant shift. It allows organisations to reassure

themselves of their own organisational capability, to recruit with greater clarity and to offer more structured development to retain the best. The Council’s professional standards and

associated titles allow us to collectively raise the bar of cyber security competence, increasing the nation’s cyber resilience and clearly communicating what a career in cyber security

looks like.  It is the responsibility of government, regulators, and industry to ensure professional titles are embedded across the cyber workforce. Acknowledging the nation’s cyber skills

at every level will increase the UK’s ability to secure systems and respond to threats, so that it remains at the forefront of global cyber capability. HM GOVERNMENT GOVERNMENT COMMITMENTS

The UK government will use UK Cyber Security Council professional standards and titles to maintain a clear and consistent career framework. Government will: * Map its Government Security

Career Framework to Council professional titles and specialisms by 2025. This will provide certainty around the skills and competencies required by each professional role and show clear

pathways into and across cyber security within government. * Map government cyber security training programmes, including Early Talent and leadership programmes to Council standards. *

Support government staff to achieve professional recognition and encouraging senior government cyber professionals to become assessors to use their professional recognition to give back to

the professional community. * Support cyber security specialists at the National Cyber Security Centre (NCSC) to gain Council recognition and using the Council standards to define the skills

industry will need to deliver NCSC-recognised services. * Allow buyers of cyber security services in government to request that staff servicing contracts hold Council titles. FURTHER TO

THESE GOVERNMENT COMMITMENTS, REGULATORS AND INDUSTRY HAVE AGREED THE FOLLOWING: REGULATOR COMMITMENTS All CNI regulators commit to: * Recognise the Council’s standards and promote them

across their regulated industries as the benchmark for professional cyber security practice. * Continue to work with the Council and HMG on this topic in a spirit of partnership. Individual

regulators are committed to continue working with the Council and the NCSC in specific ways to meet the needs of their sectors. INDUSTRY ADOPTION OF STANDARDS The Cyber Growth Partnership

(CGP) co-chaired by techUK recognises the need for further professionalisation of the cyber security workforce, recognising high-quality cyber security practitioners and teams across all

organisations, as we continue driving the growth of the UK cyber sector. As such: * The CGP strongly supports the UK Cyber Security Council (‘the Council’) ambition of widely offering

chartered status to cyber security professionals and attracting new talent into the sector. * The CGP is committed to further collaborating with the Council to support the adoption of

chartered status by industry. * To do this, the CGP will work with the Council to form a task and finish group which explores barriers to widespread adoption. The group will report its

findings and present recommendations to the National Cyber Advisory Board later this year. Back to top