Luis Louro - Fotolia

UK National Cyber Security Centre set to launch

NCSC is due to launch officially on 1 October 2016 and will help the healthcare sector deliver consistent quality of data security

The National Cyber Security Centre (NCSC) is set to launch officially on 1 October, and will be open for business from 3 October.

“The first sign that we are up and running will be the NCSC’s website, which is scheduled to go live on 4 October,” the NCSC’s Alison Whitney told the Cyber Security in Healthcare conference in London.

The government outlined what the NCSC would do, how it would work and who it would work for in May this year, but had not given a precise date for the official opening of the centre until now.

The NCSC will be led by CEO Ciaran Martin, formerly director general of government and industry cyber security at intelligence agency GCHQ, and the technical director will be Ian Levy, formerly technical director of cyber security at GCHQ.

The NCSC will be run from new offices in London as well as from offices near Cheltenham, Gloucestershire.

“The primary goal of the NCSC is to simplify the complicated [cyber security] picture across government that made it difficult for organisations to know who to talk to,” said Whitney. “It brings together all the key organisations under a single organisational umbrella to provide better support and bridge the gaps between government, industry and critical national infrastructure.”

She said there were four main goals for the NCSC, which began preparatory work and conducted trials and pilot studies over the summer.

These are to reduce cyber security risk to the UK; to respond effectively to cyber incidents and reduce the harm they cause to the UK; to understand the cyber security environment, share knowledge and address systemic vulnerabilities; and to build the UK’s cyber security capability, providing leadership on key national cyber security issues.

The organisation will also help to develop the UK’s pool of cyber security skills. “We are all desperate for skilled people,” said Whitney. “We all have gaps to fill and are having to do the best we can with the people we have.”

The NCSC has five areas of focus, she said: engagement, strategy and communications, incident management, operations, and technical research and innovation.

Read more about cyber security

Whitney, who is responsible for engagement with the public sector, said that with up to 1.3 million users and 40,000 organisations, healthcare clearly required a special approach.

“It is impossible to engage with 40,000 organisations, so we have worked with the Department of Health to identify ‘pinch points’ and have held exploratory meetings with key stakeholders to learn what users need and how best the NCSC can help the healthcare sector,” she said.

The chief goal of the NCSC in healthcare is to understand how it can support the delivery of consistent quality of data security across the sector.

“We want to demonstrate that we are able to deliver positive impact through pathfinder activities and have adopted a strategic approach to maximise impact,” said Whitney. She added that the NCSC’s activities in the sector would be guided by the National Data Guardian Review, published in July 2016.

Main lines of work

According to Whitney, the main lines of work for the NCSC in the healthcare sector would be to provide expert advice on the Health and Social Care Network (HSCN); embedding the National Data Guardian Standards; providing leadership education and board briefings; and providing expert advice on NHS Digital’s Confidentiality Code of Practice and Anonymisation Guidance.

“Over the summer, we have been working to understand better how the healthcare sector works, what the cyber security issues are, and how best to engage with the sector,” said Whitney.

In the next six months, the NCSC will test its strategic plan and refine it further based on feedback received, she said.

“Already from the pilots we have seen the greater impact and positive benefits of having everyone all together in a single organisation to evolve responses to changes in the way government uses technology and to changes in the threats,” said Whitney.

Read more on Privacy and data protection