The government has unveiled a dedicated cyber profession which is intended to help departments recruit security specialists, while providing a more compelling offer for staff.
The profession will be jointly run by two government entities: the GCHQ-based National Cyber Security Centre; and the Department for Science, Innovation and Technology – which last year replaced the Cabinet Office as the department responsible for cross-government cyber issues.
As part of the revamp of the Whitehall career specialism, the civil service will “establish a dedicated Cyber Resourcing Hub to streamline recruitment, and create a clear career framework aligned with UK Cyber Security Council professional standards”, according to the government.
For prospective new joiners – and existing cyber-specialised civil servants – the intention is to “introduce a competitive total employee offer”.
Government claimed that the North West of England “will serve as a primary hub for the profession”. This will build on and take advantage of “Manchester’s growing digital ecosystem and the forthcoming Government Digital Campus”, which will be based in the city’s Ancoats neighbourhood.
The overall aim is to “recruit and train the top-tier cyber experts needed to keep public services safe”, the government said.
Digital government minister Ian Murray added: “[We’re] launching a new government cyber profession to attract and develop the talented people we need to stay ahead of increasingly sophisticated threats – making government a destination of choice for cyber professionals who want to protect the services that matter most to people’s lives.”
Alongside the unveiling of the new profession, government also announced that a vulnerability-monitoring service (VMS) introduced by DSIT in January 2025 has reduced by 84% the average length of time it takes to address cyber-weaknesses across the public sector.
The service monitors potential security gaps in the internet’s domain name system (DNS) – which, effectively, translates website URLs into IP addresses. Prior to the introduction of the monitoring tool, it typically took almost two months to identify government DNS vulnerabilities. This has been reduced to eight days and, once a flaw has been detected, the service “alerts the right people with clear, practical guidance on how to fix the problem, and tracks progress until each issue is resolved”, according to the government.
It added that the backlog of vulnerabilities awaiting remediation has been cut down by three quarters since the monitoring offering began operating last year.
The VMS “continuously scans 6,000 UK public sector bodies” and is trained to spot 1,000 different types of vulnerability.
NCSC chief executive Richard Horne said: “Cybersecurity is more consequential than ever today with attacks in the headlines showing the profound impacts they can have on people’s everyday lives and livelihoods. As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.”
Following the US and Israel’s attacks on Iran, the NCSC has said that businesses and public bodies in the UK should take steps to “prepare to respond to the risk of collateral impacts in the UK from Iran-linked hacktivists”. The cyber intelligence body – which added that “there is likely no current significant change in the direct cyberthreat” – suggested that organisations could read its previously issued guidance related to DDoS and phishing attacks.