Government spends £2m with four suppliers to support simulated cyberattacks


Cabinet Office unit the Government Security Group has awarded six contracts to support its delivery of GBEST and GCASE services, which allow agencies to test their defences by simulating attacks

Government has spent a cumulative total of more than £2m with four suppliers who will support a centralised service which allows departments to test their defences by simulating cyberattacks.

The Government Security Red Team (GSRT) – which sits within the Cabinet Office’s Government Security Group (GSG) – operates two cyberattack simulation services: GBEST and GCASE.

Common in the cybersecurity field, red teams are intended to help better understand the effectiveness of an organisation’s defences by mimicking attackers or other hostile actors. According to online government guidance, the GSRT’s two attack-simulation services have, in recent months, adopted a “new hybrid model encompasses both cyber and physical elements”.

PublicTechnology last year revealed that the unit – also know as OPEN WATER – had signed a deal for a “physical penetration testing” supplier to conduct hostile digital and in-person reconnaissance at three departments, with the aim of finding “vulnerabilities and exploitable information”, and then reporting the findings back to senior managers and security professionals.

Two specialist suppliers – Cyberis and Pen Test Partners – have now each been signed to two contracts by the GSG to support penetration testing across government using the GBEST and GCASE frameworks, respectively.  The deals all began in the first half of last month and run until 31 March 2025, and are cumulatively worth about £1.9m.


Related content


Alongside these engagements, two other companies – Security Alliance and Orpheus Cyber – to support the delivery of GBEST by providing “cyber threat intelligence services” over the next 18 months. Each of these contracts is worth £120,000.

According to the Government Cyber Security Strategy published last year, “GBEST is an intelligence-led simulated attack framework developed and managed by the Cabinet Office [that] is derived from the Bank of England’s CBEST framework but is focused on building the overall cyber resilience of government”.

Documentation from the Bank of England indicated that CBEST – developed in conjunction with cyber industry and accreditation body CREST – is designed to offer “tests [that] mimic the actions of groups and individuals who are perceived by government and commercial threat intelligence providers as posing a genuine threat to… critical national infrastructure”.

GCASE – which stands for Government Cyber Adversary Simulation Exercise – “is similar to GBEST provides although provides a less in-depth level of assurance, while being faster to deploy”, according to the cyber strategy.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *