Updated fifth version of guidance reveals that the National Cyber Security Centre will take on responsibility for assuring departmental spending on technology to secure communications systems against attacks from adversaries
All departmental investments in cryptography systems will now be covered by government’s spending controls, and will require assurance from the National Cyber Security Centre.
The Cabinet Office-based Central Digital and Data Office has published an update to version 5 of the Digital and technology spend controls, first released in 2018 and overseen by CDDO since its creation in 2021. While the amendments do not constitute a full new iteration of the controls, there are a couple of significant tweaks – in particular the inclusion, for the first time, of dedicated assurance processes for so-called ‘crypt-key’ systems.
According to the National Cyber Security Strategy published by the government last year, “crypt-key is the term used to describe the UK’s use of cryptography to protect the critical information and services on which the UK government, military and national security community rely, including from attack by our most capable adversaries”.
Related content
- Surprising sources for skills and 10,000 problem passwords – eight things we learned at PT Cyber Security Conference
- Home Office and BEIS first departments under the microscope in pilots of new independent cyber audits
- Analysis: Public sector cyber contracts have doubled since Covid
The concept of cryptography is thousands of years old and, in modern security technology parlance, refers to techniques to encode communications so as to protect them from interception or attack. Cryptographic methods underpin distributed-ledger technologies – such as blockchain.
In November 2020, the NCSC set up a National Crypt-Key Centre to oversee how the government and the UK at large “develops, operates and maintains the systems providing highly secure communications for the government, military, industry and allies”.
As part of its work, the NCSC facility will now also take on responsibility for assuring all spending by government bodies on cryptographic technology – regardless of value.
“Within the Digital and Tech Spend control, the Cabinet office also monitors investment in crypt-key above a threshold of £0,” said a new section added to the procurement guidance document. “Any spend on crypt-key needs to be assured by the National Crypt-Key Centre in NCSC to ensure that the spend is aligned with the National Crypt-Key strategy.”
Procurement teams affected by this new measure are instructed to contact their departmental lead for crypt-key systems, as well as alerting CDDO by updating their existing digital and tech spend pipeline. More information is available by emailing spendcontrols@ncsc.gov.uk, the document added.
The National Cyber Security Strategy – which sets out a range of measures intended to ensure “the UK in 2030 will continue to be a leading responsible and democratic cyber power” – includes plans to boost the country’s cryptography credentials, particularly in government.
The strategy enshrines a commitment that “the UK remains one of a handful of nations able to develop sovereign crypt-key into the future”.
“[We will ensure that] the UK has stronger crypt-key capabilities and services in government, able to meet the evolving needs of the UK and our allies and ensuring we remain at the forefront of crypt-key development,” the document adds. “We will provide strong technical leadership to understand user requirements and improve our core services, including provision of key material and assurance of products and systems. We will also transform crypt-key services, harnessing new technologies so that they become more flexible and invisible.”
In the other main update to the digital and tech spend controls, the threshold at which CDDO, on behalf of departments and agencies, is required to work alongside the government commercial function to submit requests for ministerial spending approval has been raised from £10m to £20m.
The amended guidance explains: “When an activity owner marks an activity as ‘control’ they need to get approval from the CDDO. Your CDDO senior technology adviser provides a recommendation, usually with conditions, [and] a submission is made to the Cabinet Office minister [for approval]. CDDO and GCF will make a joint submission to the minister if the spend activity costs over £20m. CDDO will make the submission alone if the spend activity costs below £20m.”
very nice publish, i definitely love this website, carry on it
Good
I appreciate, cause I found just what I was looking for. You have ended my four day long hunt! God Bless you man. Have a nice day. Bye
Hey there I am so delighted I found your blog, I really found you by mistake, while I was searching on Aol for something else, Regardless I am here now and would just like to say kudos for a fantastic post and a all round interesting blog (I also love the theme/design), I don抰 have time to go through it all at the moment but I have bookmarked it and also added in your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the fantastic work.
I just couldn’t depart your web site prior to suggesting that I extremely loved the usual information an individual supply on your guests? Is gonna be again incessantly in order to check up on new posts
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
Porn
Porn site
Pornstar
Sex
Viagra
Porn site
Sex
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.