Its focus is to address the strategic-level security concerns that impact the UK tech sector, and providing a forum for the Government’s national security community to engage with technology suppliers on industry engagement opportunities. 

The National Security Committee is techUK’s authoritative voice on national security issues, and highlights the opportunity for the technology industry to offer solutions to them. The National Security Committee seeks to engage with relevant stakeholders in HMG, bringing them together with the technology industry to agree views and perspectives on a wide range of topics. These include promoting a community of open collaboration in what is typically a secret, complex and risk-averse environment and addressing the specific challenges of SMEs operating in the national security sector. 

The National Security Committee will meet bi-monthly to discuss the above.

This is an elected committee - please get in touch with the team below if you want to learn more.

National Security Committee

Committee Member Committee Representative Company Role
Vodafone Stephen Knibbs (Chair) UK Head of Security and CISO, heading Secure CNI
Leidos UK Alan Potter (Vice-Chair) VP & MD National Security & Defence Division
Accenture Madeline H. Lewis Managing Director and UK Armed Forces Network Sponsor 
Amazon Web Services  Mike Nayler  Senior Manager
Arqit Daniel Shiu Chief Cryptographer
Baker & McKenzie LLP  Ross Evans Senior Associate
BT Group  Neil Seabury Head of Technology Office, Major Government
Capgemini Michael Willis Director 
Capita plc Jim Fox  Business Consultant Manager
CDS Defence & Security Martin Nash Head of Cyber Security and Information Assurance (CS&IA) Services
CGI Patrick Hutchings UK & Australia Sector Lead for Secure Innovation & Advisory
Clue Software Matt Horne Head of Policing & Government
CyberHive Ltd Sarah Blundell Chief Operating Officer 
Electralink Kulwinder Johal Head of Information Security
Fujitsu Paul Dickens Public Sector UKI CISO, Enterprise Cyber Security
IBM Giles Hursey Technology Sales Leader
iProov Campbell Cowie Head of Policy, Standards & Regulation
QinetiQ Simon Wilcox Data Intelligence, Business Development Lead
SC Strategy Dan Spacie Senior Advisor - Defence and National Security
Sopra Steria Neil Salter Director National Security

 

Upcoming events

25 November 2024

DefTech: Technology Transforming Defence – Campaign Week Launch

London Networking
20 – 22 November 2024

Industry 4.0 delegation to Turkiye

Istanbul, Turkiye

 

National Security Committee Priorities

Supply Chain Security

Risk Ledger

Risk Ledger - Many UK Government departments and public bodies have increasingly looked to technology to support their understanding of the operational risk presented by their extended supply chain. Their goal is to establish fact-based views that inform their operating resilience by minimising the impact of cyber security events. Risk Ledger is one of the tools chosen with over 4,000 organisations already signed up. Experience shows that it typically takes less than 10 days to enter company information and this is then automatically reused across government. The organisational data is refreshed every 6-months or by exception on significant change or emerging vulnerability requests.

With several legislative and international standard overlays, compliance and audit reports can be generated in hours and not days allowing the correct focus on priority risk areas.

Cyber Essentials Certification

Cyber Essentials is a UK Government backed scheme overseen by the National Cyber security Centre (NCSC).  It seeks to demonstrate that an organisation has a minimum level of protection in cyber security through annual assessments to maintain their company certification.  By achieving at least this level of protection then an organisation:

  • helps to safeguard the intellectual property stored on its own systems
  • becomes eligible for government contracts that involve handling sensitive and personal information
  • becomes eligible for the provision of certain technical products and services.

Cyber Essentials is a self-certification trademark.  It is recommended that independent, technical verification is conducted and that you therefore achieve Cyber Essentials Plus.  Support for the certification process is an area where other techUK members might be able to assist.

Introducing the technical controls

There are five technical controls:

  1. Firewalls
  2. Secure configuration
  3. Security update management
  4. User access control
  5. Malware protection

As a Cyber Essentials scheme applicant organisation, it's your responsibility to make sure that your organisation meets all the requirements. You might also be required to supply evidence before your certification body can award certification at the level for which you’re applying.

What you should do first:

  • Establish the boundary of scope for your organisation, and then determine what is in scope within this boundary.
  • Review each of the five technical control themes and the controls they embody as requirements.
  • Take the necessary steps to ensure that your organisation meets every requirement it needs for the scope you have determined

Getting certified?

NCSC’s Cyber Essentials Partner the IASME consortium can help you to get certified. We also have a number of techUK members who can provide coaching or further support.  For example:

  • Rizikon is offering free access to its platform for a single-use assessment.

Phishing training and awareness

Threat actors have much success in crafting plausible content on SMS text, email or published media that less aware users may click on or through embedded links to access seemingly legitimate web pages and potentially enter sensitive details that are harvested and used against individuals and organisations. The introduction of Quick Response (QR) codes in 1994, enables users to simply scan 2-dimensional bar-coded images with a camera enabled device to interact with richer services and information behind the image. With the straightforward ability for tampering with published codes through stick on overlays having now become a prevalent technique to hijack the original intended purpose and harvest user information. According to one source, the QR phishing (Quishing) threat has increased by over 2400% since May 23.

Both email Phishing and Scanned Quishing techniques or combined approaches attempt to lead a victim to a malicious website where login credentials and personal information can be stolen. Commonly there is an urgency or request for help that does not follow normal business process. Once credentials are harvested, they may be sold on or used for criminal activity.

Common signs to watch out for are:

  • Unexpected emails or messages
  • Poor use of native language that may be generic and contain poor grammar and typos in any message text
  • Poor image quality
  • Unrecognizable URL
  • Suspicious websites

Users should consider undertaking security awareness training to understand the risks, ensure their device software is kept up to date and has anti-virus software installed and should be encouraged to think before giving out personal information unless certain the webpages and need are legitimate. If in any doubt report to business security teams or law enforcement authorities.

Please remember that reputable companies do not send unsolicited mail requesting that you provide sensitive information!

 

 

techUK newsletter

Sign-up to receive our newsletters covering news, events, training and engagement opportunities across all our programmes exploring tech markets, policy and innovation.

Sign-up here

 

Our team

Raya Tsolova

Programme Manager, techUK