The UK, US, Canada, New Zealand and Australian governments have launched a new program designed to help their tech startups improve baseline cybersecurity measures, in the face of escalating state-backed threats.
Secure Innovation was originally a UK initiative run by GCHQ’s National Cyber Security Centre (NCSC) and MI5’s National Protective Security Authority (NPSA). However, it has now been adopted and promoted by all Five Eyes intelligence agencies in regionalized versions.
In the UK version, startup owners answer a few simple questions to access a personalized action plan, designed to provide them with advice on how to protect their technology, reputation and success.
There’s also security advice and detailed guidance for both founders and investors of emerging technology vendors.
The launch of Secure Innovation across the Five Eyes follows a first-ever public meeting of the heads of the domestic intelligence agencies, at an event hosted by the Hoover Institution at Stanford University, and the FBI.
During that event, attendees warned that hostile states are going after startup intellectual property in order to accelerate their own technological and military capabilities, and undermine others’ competitive edge.
“Sophisticated nation-state adversaries like China are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” said MI5 director general, Ken McCallum.
“The Five Eyes Secure Innovation advice we’re rolling out today forms part of our response. By joining up with our allies and offering consistent advice, we are making it easier for companies working across the world to take steps to keep their ideas and products secure.”
Over 500 UK startups have already visited the Secure Innovation site to create a bespoke cybersecurity action plan, according to the NCSC.
A quick-start guide identifies three key steps:
- Appointing security leadership at board level to the organization
- Identifying assets critical to business success by conducting a rigorous audit
- Assessing security risk based on the level of threat to the business and documenting existing protective measures