These posters were designed to illustrate and support the new Government Security Classifications policy, which comes into force on April 2014.

Departments, agencies and their suppliers are welcome to use these as necessary.

Introduction

It’s amazing to think it’s now 25 years since the World Wide Web was invented – and the internet for longer still before that. Because of the amazing ways it’s changed the way we live and the way we work, and because of the open and organic way it grew, it didn’t take long for the first cyber threats to emerge.

One of the world’s first cyber-attacks was as far back as 1988 - a worm called Morris. It sounds rather harmless and quaint – and in some ways probably was tame compared to the destructive potential of the kind of attacks we face today. The media is now full of stories about multiple denials of service attacks and significant data losses.

93% of large corporations had a breach over the past financial year. The average cost of each one is somewhere between £450,000 and £850,000, although we know of one London-based company which lost £800 million worth of revenue because of an attack.

But as much as we make the threat sound dark and menacing, and as much as we want individuals and businesses to sit up, take note and, more importantly, take action, we mustn’t lose sight of how the internet has transformed our lives already for the better– and the opportunities and potential it offers for the future.

Throughout history, transport links, communication routes, marketplaces – any place where people come together to do things – have always attracted criminals, from the classic masked highwayman of 18th century England to the modern day pirates drawn to the international shipping lanes in the Somali basin. And of course it’s no different in the realm of cyber.

The internet obviously isn’t inherently a bad thing. It’s inherently a really good thing. It brings people closer together and for the most part it is a huge upside – we must never lose sight of that. And the work that is done by people involved with cyber security is ultimately all about making the internet a safe place so we can all share in the benefits.

This afternoon I’ll be speaking in the Square Mile to the financial services sector as part of City Week. I expect some of you may be attending both events today – so please try and look surprised when you hear me say the same things over again….

But the message I’ll take there to the business leaders and economists present will be a simple one. Cyber security isn’t a necessary evil: it’s both an essential feature of - and a massive opportunity for - the UK’s economic recovery.

At the most basic level, the financial institutions that emerge from the great recession have to be stronger, safer, more secure and more alert to the risks than they were before.

CERT-UK is going to play an incredibly important role in ensuring that we have that firm, resilient, foundation underpinning our economy. It’s crucial.

The path to CERT-UK

2 and a half years ago we published the National Cyber Security Strategy. It marked a ratcheting up of the seriousness with which we take cyber security – and our determination to ensure our national security and the safety of everyone who uses the internet.

And that determination is evident in the fact we backed the Strategy with proper folding money. At a time when budgets across government have been cut, we put more money into cyber security - £860 million to be precise.

But no one entity – particularly government - can tackle these threats on its own. So we put partnerships at the heart of that strategy.

The presence of Steve Collins [National Grid] and Larry Zelvin [US Department of Homeland Security] here today underlines our commitment to working with business and with our international partners.

Last year, in this very room, we delivered the Cyber Information Sharing Partnership (CISP) - so government and business partners can exchange information on threats and vulnerabilities as they occur. That real time information sharing is absolutely crucial. We started with fewer than 100 individual members, but there are now over 1,000, and over 350 businesses and organisations have registered.

Chris Gibson [CERT-UK Director] will talk about this in his speech, but I am pleased to announce that the CISP now has a permanent home inside CERT-UK.

We have representatives from some of those partners in the CISP, including the Law Society, the British Banking Association and the Institute of Chartered Accountants for England & Wales, which is the first accountancy body to join. I can announce that earlier this month IMRG - the UK’s Online Retail Association – also joined CISP, bringing numerous retailers into that fold.

I’d like to thank all these bodies all for the work they do to promote the CISP to their members.

I recall when we launched CISP a year ago, Howard Schmidt, the former White House cyber security tsar, commented on how much the UK had achieved in a really quite short space of time.

And today – a little over 2 years after publishing the strategy – we’re now launching a second major new tool, the UK’s Computer Emergency Response Team.

Of course today is just the ‘Go Live’ date: there’s already been a lot of hard work and a lot of effort to reach this point. I announced our intention to create this at GCHQ’s last major information assurance conference, hot on the heels of our experience at the London Olympic & Paralympic Games.

Every day during that time witnessed new feats of sporting achievement – but also countless attacks against the digital infrastructure. We successfully defended our core networks against a range of threats, working seamlessly across government and the private sector. We also worked closely with our international partners, and we saw a number of government CERTs galvanise their capabilities to meet the challenges associated with this unique event.

We’d had measures in place to deal with threats to essential services for some time, but what the Olympics taught us was the need for better coordination.

A scoping study met with over 100 different organisations and individuals across government, law enforcement, industry and academia to gain insight and understanding and develop a vision for a national CERT.

Since then, a lot of work has been done to build the system: recruiting the right people; getting the technology and process in place; and forging those all-important links with partner organisations in other countries.

Getting to this point has been a team effort across government, business and with our international partners. A lot of you in the room have given your time, your advice and your resources and we look forward to working with you, building on these partnerships in the future.

The role of CERT-UK

CERT-UK brings together a number of sources of expertise, including the Cyber Security Incident Response Team and the Cyber Security Information Sharing Partnership.

To supplement this existing capability, CERT-UK is now forging partnerships with law enforcement agencies and other government and national CERTs, as well academia and business.

At the sharp end, the CERT-UK will take the lead in coordinating the management of national cyber security incidents. One area where it will play a particularly important role is in providing support to our Critical National Infrastructure companies.CERT-UK will provide an authoritative voice to those agencies and organisations that are helping the UK to become more resilient and to prosper in the internet age.

It will also share information with companies to promote situational awareness and effective mitigation of threats, which CISP also helps to fulfil, and something I’m sure Steve Collins will talk about later.

And I’m pleased to announce that NOMINET, who are with us today, have launched Cyber Assist, the first cyber security service designed specifically for UK small businesses.

But as important as it is that we build our own national resilience in the UK, cyber security is, at heart, an international issue. The cyber domain knows no borders and cyber security is an issue that no one country can afford to ignore or address alone – and I look forward to hearing Larry’s views on the US perspective.

CERT-UK will be single point of contact for our international partners for CERT-to-CERT engagement, an increasingly important area of dialogue. It will manage incidents that cross national borders and it will share information that promotes situational awareness and effective mitigation of threats.

Of course, we will never be able to eradicate cyber threats completely, but you can lessen the impact. Only by working closely together – at home and overseas - can we increase awareness and build resilience to reduce the impact of cyber threats.

Nature of the work

It all sounds like a lot of hard work – and it is, and will be.

Cyber threats to the UK are diffuse, unpredictable and generally anonymous. They could come from organised criminals based in another continent; or they could come from a teenage computer hacker closer to home.

The cyber hacker needs to succeed only once, but those protecting us must be successful all the time; around the clock, day after day, week after week. And of course, nothing in the digital world ever stands still. It’s forensic and painstaking work and it’s absolutely relentless.

I have a very high level of confidence that we can achieve this.

I think the UK is at the forefront of global cyber security. That sounds like asking for trouble to say that. It doesn’t contain any hint of complacency I stress, because we know that this changes all the time. But we start from an OK place in terms of how we progress from here.

And I’d like to take the opportunity to pay tribute to the work of GCHQ, National Crime Agency and the security services. Much of their efforts to protect us from cyber threats inevitably takes place behind closed doors away from the glare of publicity. But they’re at the vanguard of our defence, and their work makes a really direct contribution to the security and wellbeing of the whole country.

I’ve visited Cheltenham now a number of times, and I’ve always been struck by how GCHQ and their operations represent much of what is best about our public sector. I know that we’ll see exactly the same ethic, the same dedication and hard work, from all those involved with CERT-UK and its partner organisations.

Conclusion

So, in conclusion, 2 years since publishing the Strategy for National Cyber Security we’ve delivered both a Cyber Security Information Sharing Partnership and – as of today – we’ve also delivered a cyber emergency response team: just two of a range of initiatives delivered in partnership with business and academia.

We can never be complacent: we really can’t. But I think everyone involved with the Cyber Security Strategy can be proud of the progress we’ve made from what was essentially a standing start.

Government can’t do this by itself. I think CERT-UK shows our intent on where we want to go: ever closer coordination between government, business and academia to share insights and share advice; better cooperation with our international partners.

And that job will never be done – it will always be a work in progress. But, from today, CERT-UK means we can go forward with a new tool in our armoury: better prepared, better informed, better connected and ultimately more resilient.

In line with UK government commitments to increase transparency, we publish details of spend over £500 from 1 April 2011. We will continue to publish this data on a monthly basis.

In line with UK government commitments to increase transparency, we are now publishing details of spend over £25,000 since 1 April 2010 and over £500 from 1 April 2011. We will continue to publish this data on a monthly basis.

The Cabinet Office investment will support organisations who want to improve their data publication data as part of a government push to increase transparency. The Open Data User Group (ODUG), which acts as a bridge between the open data community and government, will collect bids for funding.

About the funding

The first round of funding supports projects that will release public data directly, but also those that will help boost skills in the public sector. More funding will follow later this year.

Open data training

More than 100 training places will be available for senior public servants. The training will cover how open data can improve efficiency, bring savings and innovation, and provide wider economic benefits. The aim is to help improve public data release in the future.

Local public data

A number of projects aim to improve the release of public data at a local level – eg the Leeds Data Mill will provide citizens with freely available data about public services.

Other projects will help all local authorities to release specific data in a consistent way – eg the Local Authority Voucher Scheme will encourage every local authority to release data on public conveniences, gritting and planning in the same format. Projects like this will help the open data community to develop national products using this data – which hasn’t been consistently available or standardised before now.

The Minister for the Cabinet Office, Francis Maude, said:

The UK is a world-leader in opening up data because we know that it creates a more accountable, efficient and effective government. Open Data is a raw material for economic growth, supporting the creation of new markets, business and jobs and helping us compete in the global race. To ensure this agenda continues to thrive, we are supporting a number of projects which will drive forward this culture of openness.

Open data case studies

In the lead up to International Open Data Day on February 22, 2014, ODUG is releasing 50 case studies on open-data-led business and applications on data.gov.uk, the government’s flagship data portal.

You can also find out more about the following innovative uses of open data:

• Beach Selecta and water quality at Summerleaze Beach
• a project by Mastodon C (in partnership with Open Health Care UK and Ben Goldacre) to save money on NHS prescription costs
• Open data: Guardian Good GCSE Guide
• data.police.uk, which provides open data about crime and policing in England, Wales and Northern Ireland
• FixMyStreet which provides an easy way to contact councils about problems in public areas
• Contracts Finder lets businesses search for information about public sector contracts worth more than £10,000

Data Fund: projects

PDF, 151KB, 1 page

Data Fund: funding allocation

View onlineDownload CSV 703Bytes

The Rt Hon Francis Maude MP launched CERT-UK, the UK’s national Computer Emergency Response Team, with industry representatives and international partners this morning (Monday 31 March). CERT-UK will take the lead in coordinating the management of national cyber security incidents and will act as the UK central contact point for international counterparts in this field.

CERT-UK will work closely with industry, government and academia to enhance UK cyber resilience. This includes exercising with government departments and industry partners, sharing information with UK industry and academic computer emergency response teams and collaborating with national CERTs around the globe to enhance our understanding of the cyber threat.

Delivering another pillar of the National Cyber Security Programme, the Cabinet Office Minister responsible for Cyber Security, Francis Maude said:

This government’s most important task is to protect our security and ensure Britain is a safe place to work, live and do business. That’s why I’m delighted to launch the UK’s Cyber Emergency Response Team.

We know government cannot do everything by itself. CERT-UK shows we want closer coordination between government, business and academia to share insight and advice, as well as better cooperation with our international partners.

The job of protecting our security will never be done – it will always be a work in progress. But, from today, CERT-UK means we are better prepared, better informed, better connected and ultimately more resilient.

Commenting on the launch, Chris Gibson, Director of CERT-UK said:

The launch of CERT-UK is a milestone in the development of the UK’s cyber security capabilities helping the UK to become more resilient.

CERT-UK will build on existing arrangements for supporting the critical national infrastructure, and incorporate the Cyber Security Information Sharing Partnership (CISP) which was launched last year and has proved extremely effective as a means of collaborating between industry and government.

CERT-UK

CERT-UK has been established over the last year. Chris Gibson was appointed director in November 2013.

It has 4 main responsibilities that flow from the UK Cyber Security Strategy:

• national cyber security incident management
• support to critical national infrastructure companies to handle cyber security incidents
• promoting cyber security situational awareness across industry, academia and the public sector
• providing the single international point of contact for co-ordination and collaboration with other national CERTs

CERT-UK does not have responsibility for the national infrastructure but will work closely with those companies that run the critical national infrastructure. CERT-UK will provide advice and guidance to help companies prepare and protect themselves, as well as expertise to help respond once an incident is reported.

Contact CERT-UK at enquiries@cert.gov.uk

Cyber Security Information Sharing Partnership (CISP)

CISP was launched in March 2013 as a joint, collaborative initiative between industry and government to share cyber threats and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact upon UK business. The last 12 months have amply demonstrated the value of this collaboration for the benefit of the UK as a whole. CERT-UK will build on this success by providing a permanent home for the CISP team and taking on responsibility for running the dedicated CISP online collaboration environment. CERT-UK will be able to add the international dimension alongside the day to day experience of working with critical national infrastructure companies in handling the incidents they face.

Cyber crime

CERT-UK will work closely with law enforcement organisations across the UK. These organisations remain the focal point for the reporting of all cyber related crime. If you are aware of or suspect an incident of cyber crime you should contact Action Fraud in the first instance.

Members of the public experiencing cyber issues should contact websites such as:

• www.cyberstreetwise.com
• www.getsafeonline.org/

If they suspect a cyber related crime they should contact Action Fraud.

Chris Gibson

Chris Gibson was appointed as Director of CERT-UK on 11 November 2013. Chris joined CERT-UK having previously been the director of e-crime at Citigroup. Chris is an internationally recognised expert on cyber incident response, having been for 9 years on the leadership team of the international Forum of Incident Response and Security Teams (FIRST), with the last 2 as global chair. Chris was a member of the British Bankers’ Association (BBA) Cyber Advisory Panel and for 10 years one of Citigroup’s representatives to the Centre for the Protection of National Infrastructure’s Financial Service’s Information Exchange.

I’d like to add my welcome to you all and thank you for attending this launch. As I’m sure you’ll understand, today is a very important day for me.

I joined CERT-UK from private industry (with some apprehension I have to say). I’ve been very involved in incident response for a number of years – both in my previous role at Citi but also within the volunteer community in FIRST – a global Forum of Incident Response & Security Teams. In both groups I dealt with a number of International CERTs and had often seen the potential for the UK in this space.

As we have built the CERT I have been constantly impressed with what the men and women in the team are capable of and have done – my earlier apprehensions were very wide of the mark.

The National Cyber Security Strategy, published in November 2011, sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. The launch of CERT-UK is a key milestone in the development of the UK’s cyber security capabilities in line with the UK Cyber Security Programme.

So, what will we do?

CERT-UK will work with partners across government, industry and academia to enhance the UK’s cyber resilience. We will build trust, foster collaboration and both encourage and lead on sharing of information to develop the level of situational awareness we need to stay ahead of our adversaries.

Our main constituency will be critical national infrastructure (CNI) companies though we will work more broadly across industry through the Cyber-Security Information Sharing Partnership (CISP) platform – now an integral part of CERT-UK.

We will work with other national CERTs when the UK is being affected by activity originating in other countries and will assist other national CERTs (including through working with our National Crime Agency) when activity is tracked back to the UK.

To expand on this - I (and CERT-UK) have 3 primary objectives:

1. Cyber Situational Awareness

Situational awareness will lie at the heart of CERT-UK operations. This has been recognised and enhanced by moving the CISP into the CERT-UK Situational Awareness team. Also, using the CISP Fusion Cell (a partnership where industry colleagues work with CERT-UK to analyse information flowing across the CISP), we will be able to utilise specialist skills, tools and technical expertise to provide deeper analysis. This facility is available to our customers who report an incident to us, where the CERT-UK team judge it appropriate.

Our ambition for situational awareness is greater than our remit for incident handling – we want to help businesses help themselves and each other by expanding membership throughout the UK. CISP has proved valuable to members already – we are going to push for more sectors to join, enhancing their ability to improve their cyber security. In fact, to use this opportunity as a marketing moment, if you’re not a member I’d very much recommend you join.

We will use the information we gather from CISP and other providers to produce timely, actionable and usable information to businesses to allow them to defend themselves.

2. We will be an international point-of-contact

Cyber is a global issue and international co-operation is essential to the UK’s cyber security. The UK has established itself as a leading player on the international stage following the London Cyber Conference in 2011, the Budapest conference in 2012 and then, more recently, the Seoul Conference on Cyberspace in October last year, where the international dialogue continued.

Relationships with international partners are crucial. I am very happy to stand here with Larry Zelvin. Larry heads up the US NCCIC (the National Cybersecurity & Communication Integration Center) and we have already started working closely together.

CERT-UK will be the front door for international partners to contact the UK (predominately CERT to CERT), focusing on building relationships with other national CERTs to ensure the UK is represented in an increasingly important group - leading the dialogue and action.

3. We have responsibility for national incident management

As the National Security Strategy document noted, cyber-attacks are considered one of the top 4 threats to the UK’s national security. While, thankfully, national incidents are not a regular event, we will both continue to operate the plan and, also, work with the various areas of CNI to plan, exercise and raise awareness of incident management. Many of you will be aware of the “waking shark” exercises in the financial sector – we plan to run similar exercises across other sectors of the CNI. Through this we aspire to improve the ability of the UK to respond to incidents.

CERT-UK is not responsible for any infrastructure beyond our own network but will work closely with those that are, for instance:

• GovCERT for the government networks
• MoDCERT for defence networks
• JANET for academia etc
• industry CERTs etc

As with Larry, I am happy to have Steve Collins from National Grid here.

So, that’s the mechanics of how CERT-UK is set up. What it doesn’t highlight is how each of these parts, each powerful and extremely competent in its own right, combines to make a whole much, much greater than the sum of its parts.

As I’ve already highlighted, situational awareness is absolutely critical. What better way to enhance this than by taking the existing CISP– which is performing extremely well – and putting, right next to it, the incident management teams? That way the situational awareness team are getting information right from the horse’s mouth.

What better way to improve incident response than by combining the existing teams? National Incident Management is improved as we see incidents from the beginning rather than only once they’ve become National. CNI incident handling is improved as they see the whole picture. Incident coordination overall is improved as we bring the 2 groups together with all their knowledge, expertise and many, many years of experience.

And what better way to also improve incident handling overall than to put, right next to it, the existing situational awareness teams? This means that analysts working an incident can call on information from the wider picture.

Some of these teams existed previously but in completely separate locations. They did extremely good work but the synergies and benefits to be gained by co-locating under one roof and under one management structure cannot be denied.

As we now publicly launch we can add to this the benefits of enhanced UK and international collaboration right across CERT-UK and we get truly joined up benefits.

But, while I talk about CERT-UK as a team I am conscious that that team also needs a number of extremely important connections. Those connections are from industry, academia and other parts of government. We will do what we can to increase cyber resilience in the UK but I am acutely aware that the government owns very little of the CNI and certainly is not able to resolve all the problems. Without you we are not going to make this work and I plan on working with you. The UK Engagement team will be leading in strengthening the partnerships we already have and building those that the CERT will require as it goes forward. Some partnerships will be operational and some will be purely information sharing - we will ensure that these are bilateral and we share as much as we possibly can with each other.

Today is the official launch of CERT-UK. In truth all that means is we are going public. You may have noticed that in many of the examples I’ve used I’ve talked about current capabilities. This team has been working together, operationally, for a number of months. What has taken time is taking the various processes, systems and procedures and melding them into a single, cohesive whole.

Today is, though, the launch of Phase 1 of CERT-UK. We have plans to increase our interaction with business through exercising, products, reports and analysis. This is not a finished piece of work, it is a work in progress.

Today marks the culmination of a great deal of work. That work has been carried by numerous groups – the National Cyber Security Programme team led by James Quinault. Natalie Black has run point from the start in incubating CERT-UK. Numerous government departments (such as the Government Digital Service who built our website and other technology) have assisted us with staffing, equipment and knowledge and, finally, industry who have helped with equipment but primarily in building the CISP into the powerhouse it is now as well as staffing the fusion cell.

I am proud to stand in front of you and front that up – but make no mistake, this is a team effort. CERT-UK is a team, it will work as a team and it stands or falls on its ability to be a team. I have no doubt it will pass inspection.

Issue

The growth of the internet has transformed our everyday lives and is an important part of our economy. The internet-related market in the UK is now estimated to be worth £82 billion a year while British businesses earn £1 in every £5 from the internet.

But with greater openness, interconnection and dependency comes greater vulnerability. The National Security Strategy categorised cyber attacks as a Tier One threat to our national security, alongside international terrorism. The threat to our national security from cyber attacks is real and growing. Terrorists, rogue states and cyber criminals are among those targeting computer systems in the UK.

93% of large corporations and 87% of small businesses reported a cyber breach in the past year. On average over 33,000 malicious emails are blocked at the Gateway to the Government Secure Intranet (GSI) every month. These are likely to contain - or link to - sophisticated malware. A far greater number of malicious, but less sophisticated emails and spam are blocked each month.

With the cost for a cyber-security breach estimated between £450,000 to £850,000 for large businesses and £35,000 to £65,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber attacks and crime.

Actions

The Strategic Defence and Security Review allocated £650 million over 4 years to establish a new National Cyber Security Programme to strengthen the UK’s cyber capacity. The Chancellor of the Exchequer announced an extra £210 million investment after the 2013 spending review.

To combat cyber threats, we will work with the Government Communications Headquarters (GCHQ) to identify and analyse cyber attacks to our main networks and services and support the UK’s wider cyber security objectives.

To prevent cyber crime and make the UK a safer place to do business, we:

• set up a National Cyber Crime Unit within the National Crime Agency in 2013, bringing together the Police eCrime Unit and SOCA
• are providing cyber security advice to businesses such as the 10 Steps to Cyber Security Booklet and tailored guidance for small businesses
• have built a Cyber Security Information Sharing Partnership with businesses to allow the government and industry to exchange information on cyber threats in a trusted environment
• have reached agreement with industry on a series of guiding principles for internet service providers, setting out a best practice approach to help inform, educate and protect customers from online threats
• are developing a preferred organisational standard for cyber security, to give industry a clear baseline to aim for in addressing cyber security risks to their companies
• have introduced a single reporting system for people to report financially motivated cyber crime through Action Fraud, the UK’s national 24/7 fraud and internet crime reporting centre - recording incidents of fraud centrally enables intelligence being gathered about crimes to be shared and analysed, resulting in more targeted enforcement action.

We are supporting the growth of the UK cyber security industry by:

• creating a joint ‘Cyber Growth Partnership’ with technology industry representatives techUK (formerly Intellect)
• publishing a Cyber Exports Strategy (pdf) to set out the scope of opportunities and actions
• developing a new Cyber Security Suppliers’ scheme for businesses that supply cyber security products and services to the UK government
• setting a target for future export growth

To make the UK more resilient to cyber attacks, we:

• established CERT-UK on 31 March 2014, a new organisation to improve co-ordination of national cyber incidents and share technical information between countries
• have set up a new Cyber Incident Response scheme in GCHQ to help organisations recover from a cyber security attack
• have extended the role of the Centre for the Protection of National Infrastructure (CPNI) to work with all organisations that may have a role in protecting the UK’s critical systems and intellectual property
• have agreed with regulators in essential services a set of actions to make sure that important data and systems in our critical national infrastructure continue to be safe and resilient

To cultivate a safe, stable and vibrant cyberspace internationally, we:

• work with other countries to identify and manage cyber risks and develop principles to guide the behaviour of governments and others in cyberspace
• hosted the London Conference on Cyberspace in 2011 and have supported hosts in Budapest and Seoul since then to continue the global conversation on the future of the Internet and establishing norms of behaviour in cyberspace

To develop the knowledge, skills and capabilities needed to defend the UK against cyber crime, we are:

• providing cyber security advice for business and the public
• working to improve cyber skills, education and professional opportunities
• challenging the UK public to find ways of defending the government from cyber attacks as part of the Cyber Security Challenge UK competition, sponsored by the National Cyber Security Programme

Background

Our National Security Strategy classed cyber security as 1 of our top priorities alongside international terrorism, international military crises and natural disasters.

We published the UK Cyber Security Strategy on 25 November 2011. It sets out how the UK will support economic prosperity and protect our national security by building a more trusted and resilient digital environment.

Francis Maude, Minister for the Cabinet Office, made a written ministerial statement to Parliament about progress against the objectives of the strategy on 12 December 2013, as he did the previous year. Read the government’s achievements so far and forward plans.

Who we’re working with

The Office of Cyber Security and Information Assurance (OCSIA) coordinates the work carried out under the National Cyber Security Programme and works with government departments and agencies such as the Home Office, Ministry of Defence (MoD), Government Communications Headquarters (GCHQ), the Centre for the Protection of National Infrastructure (CPNI), the Foreign and Commonwealth Office and the Department for Business, Innovation and Skills (BIS) to implement the cyber security programme.

The CPNI is the government authority that provides physical, personnel and information security advice to the national infrastructure. It funds a range of projects to improve the UK’s ability to protect its interests in cyberspace and to address threats from states, criminals and terrorists.

The government is represented in international forums such as the Organisation for Security and Cooperation in Europe, the EU and the World Economic Forum.

I’m incredibly proud of the contribution that the financial services industry makes to this country: it is successful, it contributes a huge amount and employs a huge number of people. And it’s something we’re really, really good at.

London, as Europe’s great financial centre, has always thrived because of its networks: going right back to the Roman roads, all connecting out from London in ancient Britain; to the shipping routes that held together the Empire, coming back to the Pool of London not very far from where we are sitting. Of course, the clippers that sailed from the quaysides and the warehouses on the banks of the Thames 200 years ago took weeks, if not months, to reach their destination.

Now of course the digital revolution has all but eradicated the concept of distance and time from global business. London is better connected to markets around the world than at any time.

Of course this month we celebrated the 25th anniversary of the birthday of the World Wide Web. Sir Tim Berners-Lee apparently considered calling his invention “the Mesh” or the “Information Mine” before he settled on the World Wide Web. Hearing the alternatives is just a reminder of just how much we’ve become used to the concept of “the web” as part of everyday life.

When we talk about cyber security it’s often all about the threat. When we talk about it – because we need people to take it seriously – we often lay huge emphasis on dark and threatening aspects of it. There are dark and threatening aspects and we need to do that, but we shouldn’t ignore the central truth that the internet is fantastic. It is a liberating and dynamising thing, it has revolutionised the way we live and work, it has connected people together. It’s a massive force for good, for prosperity and freedom and for building social capital. There are so many benefits.

So cyber security isn’t a necessary evil: it’s a massive opportunity, which is what I want to focus on today.

It’s an opportunity to build a firm foundation for the economic recovery – so that the financial institutions that emerge from the Great Recession are stronger, safer, more secure and more alert to the risks than before.

But it can also be part of a long term plan for sustained growth. Cyber is a business of the future in its own right, bringing with it the opportunity for jobs and investment, innovation and prosperity.

Making the UK a safe place to do business

The cost of cyber security breaches to our economy has roughly tripled just over the last year. It is now in the order – we don’t know exactly, how can we - of £20 to 40 billion per year.

Last year PwC’s Information Security Breaches Survey found that 93% of large corporations had a breach of some sort. The average cost of each one is said to be somewhere between £450,000 and £850,000. We know however of one London-based company which had a loss of £800 million in revenue, just in one company from a cyber-attack.

Most of the companies represented here today have probably been on the receiving end of such an attack. Not all of them will know they have. Whether you’re based in London or New York, Hong Kong or Singapore, the story is the same. Cyber security is now part and parcel of the world you do business in. As more operations go online and our networks and systems become ever more inter-connected, as they will, so the scope of potential targets will grow.

So when in 2011 when we launched the government’s National Cyber Security Strategy we backed it with serious folding money - £860 million in funding at a time when budgets across the piece are facing cuts. In the last financial year alone we saved £10 billion in efficiency savings – so the fact we’ve committed such a huge chunk of money tells you how highly cyber security ranks in our priorities.

But this funding will only be effective if government and business work closely together.

So we’re working closely with you, and with other businesses, to raise awareness of the threat to reputation, revenues and intellectual property from cyber-attack and the measures that businesses can take to address these.

Of course the financial sector has always been particularly vulnerable. Sensitive commercial data, intellectual property and transactional information are all hugely valuable to online criminals and whenever this kind of information is shared, all that’s needed is for one party to lower their guard for everyone to be left exposed.

Of course, sharing information is absolutely fundamental to the global economy so you will never be able to completely eradicate the risk. But if the UK is to be a safe place to do business - which it must be - then cyber security must be ingrained in every area of operations, at every level, from the boardroom to the trading floor.

You will all be I imagine familiar with the 10 Steps Guidance for Cyber Security which we published in 2012. Many of your organisations will have participated also in the Cyber Security Health Check with audit companies last year, which we’ll repeat this year to help inform levels of awareness and preparedness across the FTSE350.

In January this year new guidance was produced specifically for the corporate finance community on how to give cyber security high priority during transactions.

Published by the Institute for Chartered Accountants and a taskforce of a dozen major professional organisations, it aims to provide practical advice for any firm involved with mergers and acquisitions, buyouts, venture capital and Initial Public Offerings - whether a small businesses replacing an existing debt facility or a large company preparing to list.

To accompany this advice, we’ve also developed an industry-led organisational standard for cyber security. It’ll give businesses a clear baseline to aim for in addressing cyber security risks for their company.

Companies adopting the standard will be able to advertise the fact that they meet the criteria. It could give them a competitive edge in a marketplace that will increasingly be demanding better cyber security from its suppliers. Because we try to practice what we preach, we’re also working to raise cyber awareness within government.

We now have a network of SIROS - Senior Information Risk Owners - in central government and in the wider public sector. These people are at board level with responsibility for managing information risks. Then there are the Information Asset Owners, who take responsibility for risks at a working level on projects. But all civil servants are required to undertake training as well, because everybody has a role to play to reduce risks.

We’ve also been building the structures that will make the UK economy more resilient.

Last year we launched the Cyber Security Information Sharing Partnership - the CISP - so government and business partners can exchange information on threats and vulnerabilities as they occur in real time, and it being in real time is incredibly important.

Starting with fewer than 100 partners, now well over 300 businesses have joined CISP.

These include the British Banking Association; the IMRG (the Online Retail Association); the Law Society, and the Institute of Chartered Accountants England & Wales.

These are just some of the professional organisations that are endorsing the CISP to their members and I’d like to thank them for helping to spread this incredibly important message.

They’ve all recognised that cyberspace is simply too big for any organisation – whether public or private – to have sight on everything that’s going on and so there is a massive need to pool our information to bring mutual benefits. CISP works because it has government involvement, but – and this is crucial – it’s business-led. Companies are under no compulsion. Information is shared voluntarily.

This enables a “fusion cell” made up of analysts from business and the law enforcement and intelligence communities to draw together a single intelligence picture of cyber threats facing the UK and that knowledge and single picture is for the benefit of all partners.

The more volume, the more traffic there is – the more useful it becomes to all of us and the richer and more useful our collective knowledge. Just this morning, after several years in development, I opened the UK’s first national Computer Emergency Response Team – CERT-UK.

We already have existing CERT capabilities, but the new national CERT will provide a core incident management response and act a single focus point for international sharing of technical information on cyber security.

Slowly these mechanisms – better awareness, closer cooperation, more sharing of intelligence and information – are coming together to make businesses more resilient.

At the end of last year, the Bank of England brought these capabilities into play for Exercise Waking Shark 2, a simulated attack on London’s financial sector.

It brought together 14 firms, 6 financial market infrastructure providers, together with the Financial Conduct Authority and the Treasury to see whether they could withstand a coordinated cyber-attack. It was supported by CISP, backed by the National Cyber Security Programme.

Compared to the kinds of cyber-attacks seen to date, the exercise scenario was extreme. But it was designed to be so. It put pressure on the participants, not just to see how well companies responded individually, but to see how the information sharing mechanisms work when the heat is on.

The exercise worked well to validate and rehearse existing response arrangements and, just as importantly, identified further areas for improvement.

This year we will be looking to support other sectors develop exercises, particularly those owning and operating Critical National Infrastructure, most of which of course these days is not in government hands, which is why partnership is so vital.

Cyber growth

The global cyber security market is growing by more than 10% a year and we want Britain to be part of that and to benefit from it.

And this is something that we are good at – this is a strength for Britain – and we need to exploit it and make the most of it to create jobs and wealth.

Earlier this month, I visited the headquarters of Cassidian in Newport, which produces everything from encryption projects for Eurofighter Typhoon aircraft to secure networks for government communications. I met with some of the rather brilliant apprentices who working there to develop the skills and experience the economy is going to need in the years to come – they’re bright, enthusiastic and have enormous potential.

Cassidian is one of the giants – but I’ve also visited small firms like Titania, one of 40 small cyber security companies clustered, maybe rather improbably, around Malvern in Worcestershire and, despite its small size, supplies products to organisations in over 50 countries.

In the last year I’ve met with my counterparts from Israel, India, Spain and a couple of weeks ago the Czech Republic. And I’ve seen how highly regarded British technological expertise and innovation is regarded overseas – especially when it is allied to the international reputations of our great universities, which again is crucial.

It’s one of the reasons why we’ve just launched a new Cyber Security Suppliers’ scheme. Qualifying businesses can use an exports badge to demonstrate to potential customers that they are a supplier of cyber products and services to the UK government.

The scheme has been delivered through the Cyber Growth Partnership, which is celebrating its first year of operation today. As a government, we want to do everything we can to boost the UK cyber security sector, domestically and across the globe. We want to be exporting £2 billion worth of products and services by 2016 – that’s a sharp increase on the £850 million that we sold last year - and we’ve produced the first Cyber Exports Strategy which sets out how we will help to achieve that.

But if we’re going to grow our cyber security sector, then we need to ensure we have the right people with the right skills coming into the workforce. There’s currently a gap between the increasing opportunities to work in cyber security and the available pool of talent.

Earlier this month, I opened the final of this year’s Cyber Security Challenge. Funded jointly by government, academia and business, it’s one of the ways we’re working together to demonstrate the value of cyber security as a career opportunity to as wide an audience as possible – and actually it’s working and working well.

Almost 1 in 3 people who reach the final stage of the competition go on to find work in cyber security.

This year’s winner was a 19-year-old from Cambridge university computing student – a previous winner was a postman.

Their backgrounds differ, but what they have in common is brainpower.

We’ve got to get better at identifying this talent and putting it to work - a practical way in which the partnership between business and government can improve our capability.

Conclusion

Cyber security has a language entirely of its own – one of malware, botnets, worms and trojans - but I think in the last couple of years the City has come a long way in mastering this language and the financial services sector is now far more fluent in the risks of cyber security than even just a couple of years ago.

Last autumn I was at the 3rd international conference on cyberspace in Seoul, South Korea. And it is quite clear in all the conversations you have that we are in the UK are thought to be quite good at this; we are in the forefront of activity.

I recall when we launched CISP, Howard Schmidt, the former White House cyber security tsar, commenting on how much the UK had achieved in quite a short space of time.

I think we are punching above our weight in cyberspace but we can’t even have a flicker of complacency. This is the most fast moving, fast changing environment in which neither government nor business nor academia can rest. This absolutely will be a job that’s never completed. It will always be a work in progress.

Cyberspace is vast and no one country or company can succeed alone. Only the strength of our partnerships and the trust which means information can be shared in real time that will see us through. This is the rock upon which we can build a safe and secure economy, and grasp the opportunity for future growth, so everyone can prosper from the digital age.

Ministers and Whips will be paying up to 16% in contributions from today, while cabinet ministers could be paying nearly 18%, Minister Francis Maude announced today, making their contributions one of the highest in the public sector.

By 2014 to 2015, ministers’ pension contributions will have increased by up to 6 percentage points since 2011 to 2012.

From 1 April 2014:

• Secretaries of State, the Leader of the Opposition in the Commons and the Speaker in the House of Lords will pay an additional 1.2 percentage points of pay, a total of 6 percentage points higher than 2011 to 2012
• Ministers of State, the Government Chief Whip, the Leader of the Opposition in the Lords, the Chairman of Committees of the House of Lords and the Deputy Chairman of Committees of the House of Lords will pay an additional 0.8 percentage points of pay, a total of 4 percentage points higher than 2011 to 2012
• Parliamentary Under Secretaries, the Government Whips and Opposition Whips will pay an additional 0.5 percentage points of pay, a total of 2.5 percentage points higher than 2011 to 2012

The changes mean an average contribution increase of 4.2 percentage points since 2012, which is higher than the average 3.2 percentage points increase in other public service schemes.

Francis Maude said:

As part of our long term economic plan this government has reformed public service pensions so they are fair to both public sector workers, and hardworking taxpayers.

Ministers are not exempt. All ministers took a 5% pay cut at the start of this government, and a 5-year pay freeze. Under these changes we are asking them to pay more into their pensions.

The 2014 EU Procurement Directives were approved by the European Parliament on Wednesday 15 January 2014, and by the EU Council on 11 February 2014. These directives will be published in the Official Journal of the EU on 28 March 2014 and come into force on 17 April 2014. EU member states will then have 2 years to implement them in national legislation.

The government is aiming to transpose (implement) these directives quickly so that the UK can benefit as soon as possible from the improved flexibilities they offer. Here we will keep you up to date on progress in Brussels, UK transposition of the directives and where to access free training.

Progress in Brussels (March 2014)

The European Parliament voted to approve the 2014 Directives on 15 January 2014. The directives were published in the Official Journal on 28 March 2014. The directives also affect concessions (partnerships between the public sector and mostly private companies that maintain infrastructure or provide important services) and utilities.

Implementing the directives

Where the directives allow member states a choice on whether or how to implement a particular provision, Cabinet Office have issued discussion papers and will consider responses. For more information please see Procurement Policy Note 05/13. We will launch a formal consultation on the draft implementing regulations in due course.

Training

Cabinet Office is organising a series of training sessions for public sector organisations. Dates for free face-to-face training are available on this page along with details of how to register. E-learning resources and handbooks will also be available here later in 2014.

Book a training session

Please complete the respective application form for your chosen date and send this to EURegistration@cabinet-office.gsi.gov.uk with the venue name and date in the subject line.

Public sector training

Dates for public sector training sessions

PDF, 230KB, 8 pages

Public sector: application form for EU Directives training

MS Excel Spreadsheet, 20.5KB

This file may not be suitable for users of assistive technology.Request a different format.

If you use assistive technology and need a version of this document in a more accessible format please emailpubliccorrespondence@cabinet-office.gsi.gov.uk quoting your address, telephone number along with the title of the publication ("Public sector: application form for EU Directives training").

Voluntary sector training

2 training sessions are being organised specifically for contracting authorities in the voluntary sector. The first date is now available for registration:

• 16 July 2014 at Bircham Dyson Bell, 50 The Broadway, London, SW1H 0BL

Voluntary sector: application form for EU Directives training

MS Excel Spreadsheet, 20.5KB

This file may not be suitable for users of assistive technology.Request a different format.

If you use assistive technology and need a version of this document in a more accessible format please emailpubliccorrespondence@cabinet-office.gsi.gov.uk quoting your address, telephone number along with the title of the publication ("Voluntary sector: application form for EU Directives training").

Utilities

Training sessions for contracting entities under the Utilities Directive will take place on:

• 22 July 2014
• 25 July 2014

All sessions take place at Severn Trent Water Limited, Severn Trent Centre, 2 St Johns Street, Coventry, CV1 2LZ

Utilities: application form for EU Directives training

MS Excel Spreadsheet, 20.5KB

This file may not be suitable for users of assistive technology.Request a different format.

If you use assistive technology and need a version of this document in a more accessible format please emailpubliccorrespondence@cabinet-office.gsi.gov.uk quoting your address, telephone number along with the title of the publication ("Utilities: application form for EU Directives training").

Northern Ireland public sector

Training sessions have been organised for contracting authorities in Northern Ireland

• 11 June 2014
• 12 June 2014

All sessions take place at McAuley House, 2-14 Castle Street, Belfast, BT1 1SA.

Public sector: application form for EU Directives training

MS Excel Spreadsheet, 20.5KB

This file may not be suitable for users of assistive technology.Request a different format.

If you use assistive technology and need a version of this document in a more accessible format please emailpubliccorrespondence@cabinet-office.gsi.gov.uk quoting your address, telephone number along with the title of the publication ("Public sector: application form for EU Directives training").

Wales public sector

Value Wales will coordinate training sessions for Wales professionals and further information will be available shortly.

About the training

Please note that places on these sessions will be limited and we would generally expect only 1 delegate per organisation: that delegate can then use the materials to brief their colleagues. If you need more than 1 place please let us know and we will do our best to accommodate you. Because places are limited, if you fail to attend a booked course, we may not be able to offer an alternative date.

Delegates need to make own arrangements for lunch and refreshments as these are not provided: please check with the venue for available facilities.

Cabinet Office and the Department for Business, Innovation and Skills (BIS) have announced the next round of funding for the Release of Data Fund and the Breakthrough Fund for 2014 to 2015 to support the wider release of open data.

Release of Data Fund

The Release of Data Fund, administered by Cabinet Office, has a budget of up to £7 million. It aims to boost the release of public data by funding:

• the release of specific datasets prioritised by the Open Data User Group on behalf of the wider open data community
• training for public servants

The Breakthrough Fund

This is administered by BIS and has a budget of £2.5 million per year. It provides funding to government departments, agencies and local authorities to publish open data where there are short-term technical barriers to its release. There are 2 strands of funding available, aimed at:

• central government departments
• local government

Eligibility

To qualify for funding, bids for either fund must show:

• value for money, and that the bid is well costed
• that the applicant cannot get funding through existing budgets
• a commitment to make the data available free under the Open Government Licence
• that there is a clear demand for the data and a longer term economic, social or environmental benefit from making the data available
• that the project design meets the needs of at least 1 consumer, who should be involved at an early stage
• a commitment to tracking the use of the data and resulting benefits with clear monitoring and evaluation plans
• that other organisations in similar situations will be able to reuse the patterns, standards, platforms and tools easily under open source licence
• that data released has relevance at a national level, or, if produced at regional level, can be potentially scaled to national level
• plans to work with other organisations or local authorities
• that the project will be finished by March 2015

The new qualifications have been developed with, and are accredited by, City & Guilds and the Chartered Management Institute. Around 150 volunteers from different departments and in different parts of the country have also been involved. They focus on the skills gaps identified in April 2013 by the Civil Service Capabilities Plan as part of the government’s civil service reform programme.

Around 280,000 people work in operational delivery – 70% of the civil service. These staff make sure that citizens get the services and protection they need, including:

• processing visas or driving licences
• checking passports
• working in courts and prisons or consular offices abroad
• helping people find jobs
• making sure our food is safe to eat
• bringing in tax

The qualifications will help develop a more skilled, unified civil service and meet growing public expectations for high-quality public services by aiming to achieve excellent customer service.

About the qualifications

There are 6 levels of qualifications, from Level 2 to Level 7. Levels 2-4 will be awarded by City & Guilds. Levels 5-7 will be awarded by the Chartered Management Institute (CMI). There is also a Level 5 Award in Project Specification for Operational Delivery from City and Guilds. Within each level, there are 3 qualifications: Awards, Certificates and Diplomas. Where you start will depend on what skills you can show you already have. You can stop at any point, or build on the qualifications you’ve taken. An Award will count towards a Certificate, and a Certificate will count toward a Diploma. Courses range in cost from £86 to £309.

Staff will be able to study and complete assessments online, rather than be assessed in the workplace. However, a suite of older qualifications covering Levels 2 to 4 will remain in place for people who want to be assessed in the workplace. By enrolling in a qualification, people will be able to join an online community of learners. People who study for City & Guilds Level 4 and 5 qualifications will also receive student membership of the Institute of Leadership and Management, and those studying for Levels 5, 6 & 7 will receive student membership of the Chartered Management Institute. As student members, they’ll be able to register for further qualifications.

Minister for the Cabinet Office Francis Maude said:

To win the global race we need a civil service that delivers the best for Britain. The qualifications being launched today will not only develop the capabilities of civil servants in the Operational Delivery Profession but will help improve the public services on which we all rely.

Head of the Civil Service Sir Bob Kerslake said:

Developing the skills of civil servants is fundamental to civil service reform, which is why I am pleased to see the introduction of these qualifications. They build on our Capabilities Plan and will help to create the modern, efficient, responsive civil service that the country expects and deserves – digital by default and putting the needs of the user first.

Head of the Operational Delivery Profession Ruth Owen said:

The new qualifications contribute to the aims in the profession’s Capabilities Plan to build capability, develop the profession and support successful delivery of civil service reform. They also demonstrate a genuine commitment to give something back to our diverse and talented workforce, while enabling them to deliver even better services to UK citizens and businesses.

The Release of Data Fund and the Breakthrough Fund will help government to release more data to the public. This has the potential to improve public services and promote economic growth by encouraging the creation of data-led businesses and services.

Release of Data Fund

The Release of Data Fund was announced in the 2011 Autumn Statement. It provides funding to help government departments, agencies and local authorities release data that isn’t currently available in an open and reusable format.

The Open Data User Group (ODUG), which represents the wider open data community, supports funding applications with business cases. These show how released data can stimulate growth and lead to greater accountability and positive social benefits in the hands of developers, entrepreneurs and community groups.

In February 2014, £1.5 million was awarded to support projects that:

• are directly releasing public data
• will help boost skills in the public sector and improve public data release in the future

One of the funded projects, a Local Voucher Scheme, encourages local authorities to release 3 datasets chosen by ODUG in a standard format across England. Publishing these datasets on a national scale will allow innovators to create products that weren’t possible before, from consumer-focused platforms to bespoke apps and insights that lead to better public services. The Release of Data Fund is administered by the Cabinet Office and has a budget of up to £7 million over 2013 to 2015. For more information, email transparencystrategy@cabinet-office.gsi.gov.uk.

Breakthrough Fund

The Breakthrough Fund helps government to release open data where there are short-term technical barriers. There are 2 separate funding streams for central and local government, funding 2 central government projects and 19 local authorities’ projects in 2013 to 2014. These have all helped release more open data - eg City of York Council is releasing an up to date list of all of the services they provide, so that communities and community groups can access and reuse it.

The Department for Business, Innovation and Skills runs the Breakthrough Fund, which has a budget of of £2.5 million. Contact breakthroughfund@bis.gsi.gov.uk for more information.

Minister for the Cabinet Office Francis Maude said:

The UK is an international leader in open data, which is helping us compete in the global race. Open data helps expose waste, sharpen accountability, and informs choice in public services. It is a raw material for economic growth. These funds will drive a culture of openness and ensure data of most value to citizens and businesses is released.

Minister for Skills and Enterprise Matthew Hancock said:

The release of more open data brings benefits to both consumers and the public sector. Increased access for businesses will also help to fuel growth and encourage even more new data-led businesses and services.

Heather Savory, Chair of the Open Data User Group (ODUG), said:

These funds allow us to tap into a groundswell of innovation to help deliver sustainable and tangible progress, moving us closer to a culture where public data is ‘open by default’. They empower businesses, public sector bodies and individuals to unlock previously unavailable data and create new opportunities for growth and the improved delivery of public services; through original projects, increased capacity, improved standards and stronger infrastructures.

Issue

The government produces a lot of data that describe the services that the government offers and how well those services are performing. There is also data on how people use these services and who those people are.

There are many reasons why government data is useful; data introduces transparency – in a democracy it is important that we know what the government is doing.

Data about public services’ performance, such as school grades, court sentences or hospital waiting times is a good way of measuring the effectiveness of our education, justice and health policies. By releasing public data, the government allows people to see how the government is doing.

Transparency isn’t just about access to data. People need to be able to use that data, to share it, and combine it with other data to use it in their own applications.

Used in this way, open data can create value by providing an opportunity for businesses to take the data released and produce goods and services from it.

Actions

To achieve a more open, transparent government, we will:

• make sure that every government department includes specific open data commitments in their business plans

• introduce the right to public data in legislation to make sure that all the government data that can be published, is published in an accessible format

• publish data sets on www.data.gov.uk that show: how public money has been spent and on what (monthly); who does what in government and how much they are paid (6 monthly), and how government is doing against its objectives and goals (6 monthly)

• establish the Public Sector Transparency Board to challenge data standards across government and provide guidance through a set of shared public data principles - these principles show departments how to maintain inventories of data and release data based on public demand

Funds supporting the release of data

In December 2012, we set up the Release of Data Fund to speed up open data proposals by helping government departments, agencies and local authorities to overcome short-term financial barriers. The Department for Business, Innovation and Skills has also set up the Open Data Breakthrough Fund to overcome short-term financial barriers to the release of open data.

Read guidance and find out how to apply for both funds.

Using data for growth

We will work with the Open Data Institute to help businesses that want to use public sector data to create new products and services – commuters are already using apps based on transport data released by rail and bus operating companies to plan their journeys (using real-time information to adjust their trip by taking account of delays).

We will improve access to data by ensuring that data is released in anonymised, open formats to enable people to use the data and encourage the development of a market for services based on public-sector information for entrepreneurs and businesses by 2013. Data from the Department of Transport is being used to run Smartphone applications that help people to find their way around cities across the UK.

We will create an open licensing model which enables the use and re-use of public sector information - this licence will cover any information that a data provider offers for re-use under its terms and conditions.

Data.gov.uk

The government regularly publishes open data on: central and local government spending, senior staff salary details and how the government is doing against objectives. This helps people monitor government performance, make informed choices on the use of public services or hold the government to account.

Data.gov.uk has more than 17,000 datasets on it already, including local crime statistics, sentencing rates, hospital infection rates and GP performance.

Data published by the Department of Health has been used to create tools that compare GP surgeries by the quality of health outcomes they achieve and their level of patient satisfaction.

The Home Office and Ministry of Justice publish data that lets people see where crime is happening in their local area, and the level of reoffending after a conviction and court sentences. The website, www.police.uk, also allows people to compare crime levels for a certain borough or district.

Background

In May 2010, the Prime Minister wrote to all government departments instructing them to become more transparent and open, by releasing data on finance, resources and procurement in an open, regular and re-usable format. A second letter in July 2011 concentrated on data releases from major public services including health, education, crime and justice, and transport.

Transparency and open data formed an important part of the second phase of the government’s Growth review, published in November 2011. In this, we outlined plans to release more aggregate data and set up the Open Data Institute (ODI).

Who we’ve consulted

We ran ‘Making open data real: a public consultation’ in August 2011 to look at ways for making the government more transparent through releasing data.

The ‘Making open data real consultation - summary of responses’ showed public support for transparency but questioned how publishing public data might work in practice.

The Information Commissioner’s Office (ICO) consulted on the draft ‘Anonymisation code of practice’ in 2012. The code sets out how effective anonymisation of personal data is possible.

Who we’re working with

We have set up the Open Data User Group (ODUG) to review, prioritise and petition the government to release data sets that aren’t available, on behalf of people and businesses that use data.

Open Government Partnership (OGP)

The UK is leading this initiative until October 2013.

The Open Government Partnership is a partnership of 58 countries and civil society organisations. It asks governments to become more open by committing to promoting transparency and access to information to enable citizens to hold their governments to account more easily.

Civil society from each country works with its governments to develop new OGP commitments. The idea behind this is that people are best placed to identify problems in their communities, and also to come up with solutions.

Video: From Commitment to Action: The Open Government Partnership’s first year: Bringing together governments and civil society organisations

Public Sector Transparency Board

The Public Sector Transparency Board was established in 2010. Its purpose is to set data standards, encourage the release of more government data, and provide guidance through a set of shared public data principles. These principles show departments how to maintain inventories of data and release data based on public demand.

International Development Sector Transparency Panel

The International Development Sector Transparency Panel was set up by the Department for International Development (DFID) to challenge, influence and advise DFID on its approach to international development transparency.

This booklet describes the government’s personnel security and national security vetting policies and how the processes work including:

• why and in what circumstances personnel security and national security vetting controls may be applied
• the information you may be asked to provide about yourself, your partner, your family and other third parties, and the checks that may be made against it
• decision making criteria and avenues of appeal

A statement of HMG’s personnel security and vetting policy and set of frequently asked questions and answers can be found at the back of this booklet.

The Security Policy Framework (SPF) describes the standards, best practice guidelines and approaches that are required to protect UK government assets (people, information and infrastructure). 

It focuses on the outcomes that are required to achieve a proportionate and risk managed approach to security that enables government business to function effectively, safely and securely.

This guidance is intended for use by local partnerships in order to assess and evaluate public service transformation proposals and to better understand fiscal, economic and public benefits, and how these are apportioned across local and national organisations and communities.

List of strategic suppliers, current as of 2 April 2014 and the Strategic Supplier Risk Management Policy document.

More than 700,000 civil servants and military personnel are using the new markings, and the wider public sector will adopt them at a later date. The new system is specifically designed for working in a digital way and is more straightforward to understand.

The new markings will also allow information to be classified in a more consistent way and make it easier to share information between departments and with partner organisations without undermining security.

New security classifications

There are now 3 levels of security:

Official

Most public sector information is classed as Official, including routine government businesses, public service delivery and commercial activity. Around 90% of government business will be marked as Official.

Secret

This level is for very sensitive information that justifies heightened protective measures - eg where compromising this could seriously damage military capabilities, internal relations or the investigation of serious organised crime.

Top Secret

The most sensitive information requiring the highest levels of protection from the most serious threats should be marked as Top Secret – eg where compromising could cause widespread loss of life or threaten the security or wellbeing of the country, or friendly nations.

Previous security classifications

The 6 previous levels of protective marking were Unclassified, Protect, Restricted, Confidential, Secret and Top Secret.

This system dated from a time when civil servants only worked with paper. Using this system with government IT has led to unnecessary controls, complexity, and misunderstandings. Reforming the system will help save the taxpayer money, allowing government to buy standardised IT rather than expensive bespoke solutions.

The changes are part of the government’s civil service reform programme, designed to strip away bureaucracy and give civil servants greater responsibility for the work they do.

Minister for the Cabinet Office Francis Maude said:

We have changed a security classification system that was designed decades ago and introduced a new system fit for the digital age. It will make it easier to share information and save money. There has been a tendency to over-mark documents rather than to manage risk properly. The most important and sensitive materials must continue to be protected as ‘Top Secret’ or ‘Secret’ but for other information the new ‘Official’ category, with its emphasis upon personal responsibility and accountability, will be appropriate for most of what government does.