A new security agency began its job of protecting the UK from state-sponsored and terrorist threats yesterday.
The National Protective Security Authority (NPSA) was created as part of a major new review of government defense spending known as the Integrated Review Refresh.
The NPSA will operate out of security service MI5 and absorb and extend the responsibilities of the Centre for the Protection of National Infrastructure – acknowledging the fact that state and terrorist threats are aimed not only at critical infrastructure (CNI) providers.
It will work with existing agencies the National Cyber Security Centre (NCSC) and the National Counter Terrorism Security Office (NaCTSO) to provide defensive advice to UK organizations targeted with cyber- and other threats. In the digital sphere this could range from cyber-espionage and IP theft to disruptive or destructive cyber-attacks.
Security minister, Tom Tugendhat, argued that science, technology and academia are as exposed to state-backed attacks as CNI providers.
“We know that hostile actors are trying to steal intellectual property from UK institutions in order to harm our country,” he added. “The NPSA will play a crucial role in helping businesses and universities better protect themselves and maintain their competitive advantage.”
The NPSA’s “training, guidance and advice” for these organizations will be informed by not only world-class research but also secret intelligence from the security services.
According to the government, it will:
- Raise awareness of nation state threats to UK businesses, research bodies and institutions
- Work with police and other organizations to help in the fight against terrorist attacks
- Deliver online training and in-person industry engagement
- Develop tools and guidance for security novices, alongside more tailored resources for technical and security experts
- Offer advice designed specifically for individual verticals
Among the guidance currently featured on the NSPA site is information covering datacenter security, protecting the supply chain, identifying state actors using fake social media profiles and managing insider risk.