A duo of providers first signed up in 2023 will remain under contract for 12 further months to support the work of government’s internal red team in testing departments’ defences
The Government Security Group has retained for a further year two specialist cyber consultancies contracted to deliver “adversary simulation” tests of departments’ defences.
In October 2023, GSG signed contracts with two UK-based security providers: CyberIS; and Pen Test Partners. Each firm was awarded an 18-month agreement to support delivery of the Government Cyber Adversary Simulation Exercise (GCASE) – a penetration-testing offering available to agencies across Whitehall.
Freshly published commercial notices that each of these deals has been extended for a further year, to a new end date of 31 March 2026. Cumulative spending via the engagements is thus projected to rise from about £1m to more than £1.5m, inclusive of VAT.
Related content
- MoD signs £1.5m deal for ‘cyber adversary simulation’
- How GovAssure is bringing ‘rigour and objectivity’ to departments’ cyber credentials
- GDS signs £500k deal for ‘live cyberattack simulation’
The GCASE services covered by the contract are, effectively, a slimmed-down version of the complementary GBEST service, which “is an intelligence-led simulated attack framework developed and managed” by GSG – which, earlier this year, was moved from the Cabinet Office to its new home in the Department for Science, Innovation and Technology.
The GCASE exercise “provides a less in-depth level of assurance, while being faster to deploy” than GBEST.
The two services are described by the procurement documents as “two cyber penetration [that] form part of the Government’s overall assurance programme”.
Their delivery is overseen by the specialist Government Security Red Team, the remit of which is to test departmental defences – including via hostile digital and in-person reconnaissance.
Both CyberIS and Pen Test Partners were also awarded contracts to deliver the more in-depth GBEST penetration-testing exercise, alongside two other providers: Security Alliance Limited; Orpheus Cyber.
