Under new rules, all central government departments will have their cyber health reviewed annually, introducing key changes in how the government protects itself from cyberthreats. Credit: Kevin Ku All government departments and some bodies are to have their cybersecurity postures reviewed under new, more stringent measures being put in place as part of a new security regime, known as GovAssure. Announced during the CyberUK conference this week, GovAssure will be run by the Cabinet Office’s Government Security Group with support from the UK National Cyber Security Centre (NCSC).Under the new rules, all central government departments will have their cyber health reviewed annually, introducing several changes in the way government protects itself from cyberthreats.GovAssure will use the NCSC’s Cyber Assessment FrameworkGovAssure will use the NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have, including measures such as setting out indicators of good practice for managing security risk and protecting against cyberattacks. Departments will also be assessed by third parties to increase standardisation and validate results, with centralised cybersecurity policy and guidance introduced to help government organisations identify best practice.“This is a transformative change in government cybersecurity,” said UK government CSO Vincent Devine. “GovAssure will give us far greater visibility of the common cybersecurity challenges facing government. It will set clear expectations for departments, empower hard-working cybersecurity professionals to strengthen the case for security change and investment, and will be a powerful tool for security advocacy.” GovAssure delivers on a key part of the government’s Cyber Security Strategy by improving cyber resilience.UK cybersecurity takes centre stage amid rising threatsUK cybersecurity has been high on the agenda at the CyberUK conference in Belfast this week. A number of security alerts have been published, including warnings about the threats posed by irresponsible use of commercial hacking tools and emerging Russian state-aligned groups targeting critical national infrastructure (CNI). NCSC CEO Lindy Cameron warned of the potential national cybersecurity risks posed by China’s advancements in cyberspace, urging the western cybersecurity community to keep pace with China’s developments. Meanwhile, UK security minister Tom Tugendhat highlighted three areas where enhanced government-industry collaboration is needed to improve the UK’s cybersecurity posture for the future – threat prevention, bolstered defences, and new technology. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills IT Skills IT Skills news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe