The UK Government has officially launched GovAssure, a new regime of independent audits of government agencies’ cyber resilience, the Chancellor of the Duchy of Lancaster Oliver Dowden announced during the CYBERUK 2023 conference in Belfast, on April 19, 2023.
First introduced alongside the Government Cyber Security Strategy, published in 2022, GovAssure will mandate all Whitehall departments to go through annual independent, more robust security audits, based on the guidelines set out in the Cyber Assessment Framework of the National Cyber Security Centre (NCSC).
Initially designed for operators of critical national infrastructure (CNI), the Cyber Assessment Framework includes a number of measures, such as establishing indicators of good practice for cyber risk management and protecting against cyber intrusions.
It also introduces third-party audits to increase standardization and validate results, and centralized cybersecurity policies and guidance to help government bodies identify what best practice looks like.
This enhanced cybersecurity measure will “help ministers understand cyber risk across government and deliver on a key part of the government’s Cyber Security Strategy by improving government resilience and helping public bodies protect themselves,” Dowden said.
Michael Ellis, Cabinet Office minister and paymaster general argued that this new programme will also create a more coherent vision of the government’s cybersecurity maturity and posture across all agencies.
“This will create a single lens through which we can understand cyber risk across government and enable government departments to accurately assess their level of cyber assurance and highlight priority areas for improvement. GovAssure will also help us to take a strategic view of government vulnerability – to help inform a strategic roadmap to truly defend as one,” Ellis said.
This announcement comes the same day the NCSC issued a warning about the growing threat of “state-aligned” Russian cyber offensive groups on the UK’s CNI.
GovAssure will be run by the Cabinet Office’s Government Security Group (GSG), with input from the NCSC.
Image credit: Daniel Gale / Shutterstock.com