On day one of the UK’s flagship CYBERUK conference in Manchester, the UK official National Cyber Security Centre (NCSC) – a part of the Government monitoring agency GCHQ – has announced a Cyber Resilience Test Facilities (CTRFs) programme. That’s a national network of assured facilities for technology vendors to show the cyber resilience of their products.
The NCSC will launch a scheme for Cyber Adversary Simulation (CyAS) in early summer. Companies assured under that scheme will deliver services to test an organisation’s cyber resilience, including their ability to prevent, detect and respond to simulated cyber attacks.
NCSC Director for National Resilience Jonathon Ellison, among the day one speakers, said: “The Cyber Resilience Test Facilities and Cyber Adversary Simulation schemes mark a significant step forward in our mission to enhance the UK’s cyber resilience. The test facilities will allow consumers to be more confident in the security of connected products. And through testing their response to simulated cyber attacks, the UK’s most critical infrastructure will be further empowered to defend against evolving online threats.”
Comment
James Neilson, SVP International at OPSWAT, says: “At its very heart, a cybersecurity operation is an exercise in ensuring organisational resilience. The NCSC’s newly announced CRTF programme urges organisations to adopt a secure-by-design approach. It provides an opportunity for vendors to assess and demonstrate the resilience of their solutions and boost confidence among their operators.
“Ensuring that technology vendors follow at least the minimum security best practices is crucial in combating sophisticated threats. Increasingly, attacks exploit vulnerabilities that could have been mitigated during the design phase, with particular attention to software update integrity, logging, and access authentication.
“Likewise, operators need to validate their security controls and hone their security operations. The newly announced Cyber Adversary Simulation (CyAS) scheme presents an opportunity to bolster robust testing of operators’ systems, people, and processes that underpin their security operations programme.
“This is especially important in critical sectors like healthcare, energy, and finance, which cannot afford downtime due to insecure technology. These sectors face rising demand, regulatory pressure, and growing threats from cybercriminals and nation-states. It’s also where we continue to see significant investment in tools and manpower to build and operate their security programmes.”
