A new Government Cyber Unit has been announced which will coordinate risk management and incident response across departments.
The unit is being created as part of the government's cyber action plan, which was launched this morning. Backed by more than £210m of funding, the unit will drive the plan forward, setting stronger central direction, backing departments with expert support and demanding measurable progress.
The plan aims to rapidly improve cyber defences and digital resilience across government departments and the wider public sector. The Department for Science, Innovation and Technology said it will include setting clear minimum standards and investing in "more hands-on support" to minimise the impact when incidents do occur.
As part of the plan, the government will create a set of functions to give the Government Cyber Unit "the right structures, resources and skills to lead in cyber security and resilience with a focus on continuous improvement".
Clear and transparent feedback channels will also be created so departments can share input, while the Government Cyber Unit will in turn show how departmental input is shaping policies through forums and a structured feedback loop.
The government will also launch of a new government cyber profession to help attract and retain the best talent.
DSIT, which took on responsibility for government cyber secruity in June, said the plan will help to shine a light on cyber and digital resilience risks across government, so departments can focus efforts where it matters most.
The department said it will also lead to stronger central action on the toughest challenges, with "decisive, joined-up action across departments on severe and complex risks that no single organisation can solve alone with a dedicated team overseeing coordination".
To enable departments to react more quickly to fast-moving cyber threats and vulnerabilities, departments will be asked to put robust incident response arrangements in place.
DSIT said the plan will also enable higher resilience across government by boosting resilience at scale, with targeted measures to close major gaps and protect critical services.
Announcing the move, digital government minister Ian Murray said the government "must move from a model where individual organisations act alone to one where the government truly defends as one".
Murray pointed to the recent cyberattack affecting the Legal Aid Agency which compromised personal data and impacted the organisation's ability to digitally process legal aid applications and bills as an example of "the devastating real-world consequences of inadequate cyber resilience".
"This plan ensures that cyber security is no longer a trade-off against other priorities, but the bedrock upon which our national safety and economic growth depend," Murray added.
The action plan has been released as the cyber security and resilience bill has its second reading in the House of Commons.
The bill sets out clear expectations for firms providing services to government to boost their cyber resilience. To help drive this, the government has launched a new software security ambassador scheme.
Ambassadors – which include Cisco, Palo Alto Networks, Sage and Santander – will help drive adoption of the Software Security Code of Practice, a voluntary project designed to reduce software supply chain attacks and disruption. The firms will champion the code across sectors, showcasing practical implementation, and providing feedback to inform future policy improvements.