Posted on Mar 26th, 2021 by Clive Freedman

The UK heard from The Cabinet Office last week as it shared its Integrated Review of Security, Defence, Development and Foreign Policy. The Integrated Review, as it is often referred, is titled, “Global Britain in a Competitive Age” and contains a vision for 2030 and an action plan to be delivered by 2025. This far-reaching review is focused on three fundamental national interests: sovereignty, security and prosperity. With this focus comes four distinct key initiatives:

  • an emphasis on openness as a source of prosperity
  • a more robust position on security and resilience
  • a renewed commitment to the UK as a force for good in the world
  • an increased determination to seek multilateral solutions to challenges like climate change

These are not insignificant challenges. They reflect the comprehensive, year-long effort undertaken by the government, consultants and external thought leaders to develop and publish. Core to each of these is the mandate for increased cyber security and resilience which understandably involves the National Cyber Security Centre (NCSC) – the UK’s independent authority on cyber security – and the National Cyber Force (NCF) which was launched in November of last year in response to the growing complexity and disruption of cyber attacks.

“The NCF is bolstering our global presence in the cyber domain, and is a clear example of how we are turning our ambitious agenda to modernise defence into a reality.” 
- Ben Wallace, Defence Secretary, UK

With a goal to help make the UK the safest place to live and work online, NCSC is working in strong collaboration with NCF, GCHQ and The Cabinet Office to ensure the outlined initiatives of the Integrated Review are delivered.

Binding this approach all together is the Cyber Assessment Framework (CAF) for large companies and Cyber Essentials for small/medium companies. Currently on v3, the CAF has four main objectives:

  1. Managing security risk - Appropriate organisational structures, policies, and processes are in place to understand, assess and systematically manage security risks to the network and information systems supporting essential functions.
  2. Protecting against a cyber attack - Proportionate security measures are in place to protect the network and information systems supporting essential functions from cyber attack.
  3. Detecting cyber security events - Capabilities exist to ensure security defences remain effective and to detect cyber security events affecting, or with the potential to affect, essential functions.
  4. Minimising the impact of cyber security incidents - Capabilities exist to minimise the adverse impact of a cyber security incident on the operation of essential functions, including the restoration of those functions where necessary.

In future posts, we will talk about how these recent announcements, initiatives and frameworks lend themselves to global considerations and mandates. The CAF is core to the UK’s vision…and plan. We will examine each of the main objectives of the CAF in greater detail and provide a clear understanding of how these translate to true business value as well as security.

The ability to visualise security policy, reduce human misconfigurations with automation of security policies and ensure continuous compliance make up the fundamentals of what Tufin does every day. With over 2,000 global customers (including some of the largest, most complex organisations in the UK), we are dedicated to ensuring security, compliance as well as a proven return on investment.

Cyber security starts with having the correct security policies and serves as an underlying foundation to visionary change – for the UK and our global population.