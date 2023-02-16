techUK
|Printable version
Government calls for views on software resilience and security for businesses and organisations
A new consultation considers where government should prioritise its efforts across the entire software lifecycle in an enterprise setting to ensure cyber resilience.
The much-anticipated Call for Views document published on 6 February sets out government’s current assessment of the cyber security risks from software; and seeks views on those risks in order to better understand them, as well as on where government’s focus should be when it comes to mitigating them. The context, of course, being that software is one of the fundamental building blocks of digital environments, and so improving the security of its development, distribution and maintenance – as well as that of the organisations that make up the software ecosystem – is critical to strengthening organisational cyber resilience more widely and reducing the cyber threat to the UK’s economy, citizens and customers.
The scope of the Call for Views is broad as it considers where the government should prioritise its efforts to address software risks across the entire software lifecycle and direct resources to the areas where they will have the most impact. Its focus on software also contributes to both Technology and Resilience pillars of the government’s National Cyber Strategy, and builds upon other work in this area such as the PSTI Act and NCSC’s Device Security Guidance.
The Call for Views is broken down into three parts:
1. The cyber risks associated with software: what is their impact on organisational resilience; and which of these risks need to be addressed most urgently?
To facilitate this area of discussion, government has developed a framework to better understand the various parts of the software risk landscape with six risk areas:
- Development: (1) software development security; and (2) barriers in the open source community
- Distribution: (3) security and resilience in the distribution of software; and (4) transparency and communication of software materials, vulnerabilities and incident management
- The role of the customer: (5) procurement, supplier assurance and supplier management; and (6) maintenance, configuration and use of software by the customer
2. What measures does industry already have in place to manage software security risks; or what could it be doing better in this regard?
This section is to help government understand to what extent organisations are using existing resources, guidance, frameworks or standards; or following best practice to improve their cyber resilience.
3. What future action could government take to support/incentivise UK companies to better address software security risks?
The final part of the Call for Views seeks input on the actions the government could take to address the concerns outlined in Part 1, and to fill any gaps left by existing support and industry practices addressed in Part 2. Key to the assessment of where there is the greatest need for further action will be understanding the likely impact of this action compared to any implementation challenges and resources required.
Due to the diversity and complexity of software risks in digital supply chains, government states in the document that it will not be possible to pursue all of the policy options tested in the Call for Views. However, the responses to the Call will help to inform which policy options would have the biggest impact in addressing software risks within the resources available. Government plans to publish its formal response in the summer and then work on ensuring those options are aligned with other priorities such as the proposed changes to the Network and Information Systems regulations.
Have your say! techUK is hosting D-SIT (formerly DCMS) for a roundtable on 6 March. This briefing and open discussion with members will help government to formulate its response to the Call for Views, as well as helping to inform the future direction it should take in this area. The session will also inform techUK’s response to the Call for Views. Book your place at this roundtable now.
You can read the full Call for views on software resilience and security for businesses and organisations document here. Note: The deadline for responses is 11.45pm 1 May 2023.
If you’re interest in contributing to techUK’s response to this Call for Views, please contact Dan Patefield (dan.patefield@techuk.org.uk) or Jill Broom (jill.broom@techuk.org.uk) as soon as possible.
Original article link: https://www.techuk.org/resource/government-calls-for-views-on-software-resilience-and-security-for-businesses-and-organisations.html
Latest News from
techUK
'New Department for Science Innovation and Opportunity could see tech better recognised in Whitehall'16/02/2023 10:20:00
techUK has welcomed the new Department for Science, Innovation and Technology (DSIT) announced in last week’s reshuffle, which will give the tech sector a clearer and stronger voice in government, and is a good reflection of the UK’s aims to build a stronger digital economy and society.
Financial Regulators' Proposed Policymaking Approach to AI/ML | techUK Response16/02/2023 09:20:00
The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) published a joint Discussion Paper (DP5/22) on AI/ML within financial services and potential regulatory implementations and considerations within the technology's usage within varying business processes
techUK | Financial Services Council | Nominations now Open14/02/2023 10:15:00
techUK's Financial Services Council is now open for nominations to join its renewed term of office
Government launches new consultation on the review of the Computer Misuse Act 199014/02/2023 09:15:00
A Home Office consultation on new powers to help tackle cybercrime is underway (ending on 6 April 2023).
Getting ready for 2G and 3G switch-offs10/02/2023 16:05:00
Ofcom recently released in a new document its expectations of MNOs over how they handle the sunsetting of the 2G and 3G phone networks.This comes in the context of the switch-off of the old analog phone network, the PSTN, due to be completed by December 2025.
What can the Canadian Quantum Strategy teach us about the UK's Quantum Future?09/02/2023 16:10:00
As the UK continues to wait for the publication of its own National Quantum Strategy, there are key learnings from the Canadian Strategy that the UK can take inspiration.
George Bradshaw Address 2023: techUK welcomes renewed focus on rail innovation and reform08/02/2023 13:10:00
The Transport Secretary Mark Harper used the address to set out the Government’s vision for the future of the railways.
techUK supports #SaferInternetDay 202308/02/2023 09:15:00
techUK is delighted to support the 20th edition of #SaferInternetDay, which is celebrating with the theme ‘Want to talk about it? Making space for conversations about life online'
Event round-up: Ministerial Roundtable on AI Skills with DCMS07/02/2023 15:20:00
The UK must develop, attract and train the best people to build and use artificial intelligence (AI) in order to maintain the country’s position as a world-leader in this field and unlock the societal and economic benefits this technology can bring. However, accessing talent will be one of the biggest challenges of 2023, as shown by techUK’s most recent Digital Economy Monitor.