Government Cyber Security Guidelines For Business Lack Clarity

Apr 16, 2014

Following the launch of the UK government’s Cyber Security Implementation Profile earlier this week, the Institution of Engineering and Technology (IET) has called for greater clarity.

According to IET cyber security lead Hugh Boyes, the new publication intended to define minimum cyber hygiene for UK businesses has caused confusion that the government needs to clear up.

Previously, Whitehall has endorsed two other sets of cyber safety guidelines, as well as its own “10 Steps to Cyber Security,” which was publish in September 2012.

“Having three separate sets of guidelines on cyber security endorsing 20, 10 and 5 controls respectively, is very confusing,” claimed Boyes.

“UK businesses are unlikely to understand which are the definitive guidelines and, worse still, there is a real danger they will ignore the advice altogether, simply because there is no clear message about which guidelines are most applicable to them,” he continued.

Boyes went on to explain his view that for the newly published guidelines to have any impact or conviction, the government needs to issue clear guidance about when each set of suggestions should be used.

“Even better would be if the government led from the front by auditing its own services against these latest guidelines and then declaring the results publicly as a matter of urgency,” he added.

Government Should Set Example And Follow Own Advice

The cyber security chief also took issue with Whitehall’s recent agreement with Microsoft to provide extended support for the now discontinued Windows XP.

After pointing out that one new guideline advises on patch management, he cited the recent example of this deal, calling it “at best a short-term gap measure.”

“The government should set an example by ensuring that PCs using the XP OS within its IT estate are upgraded or replaced within the 12-month support contract the Cabinet Office has just signed with Microsoft,” he claimed.

“The government has an open source software policy and this is a good opportunity to expand the use of open source operating systems within the public sector IT estate,” Boyes concluded.

The New Guidelines

The new Cyber Security Implementation Profile covers five basic controls that businesses need to consider including secure configuration, access control, malware protection, patch management and firewalls and Internet gateways.

Universities and science Minister David Willetts has claimed that it is an easy and cost effective way to help businesses protect themselves against the risk of operating online.




Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now




Sign up to receive latest news