The Cabinet Office will on Friday call for industry to contribute to new Organisational Cyber Security Standards. Industry will have a window of six weeks to express an interest in contributing and four months thereafter to submit their proposals.
The aim is to put together a code of standards that ordinary businesses can follow to be assured of reasonable cyber security, said Giles Smith, deputy director of cyber security and resilience at the Department for Business, Innovation and Skills (BISS).
Arms dealers turn to cyber security One year on: The UK Cyber Security Strategy UK cyber security - fragmented and failing
"We are not talking about a standard to protect, for example, BAE Systems from all the threats that it is going to face," he said. Smith was speaking at the UK Cyber Security: Protecting our National Infrastructure conference in London today.
"Many businesses and individuals are either unwilling to take decisive and positive action or are unable to take action and address the risks that they are facing," he added. "The BISS agenda is to make sure that cyber security is an enabler of business and not a barrier."
However, critics have claimed that the Organisational Cyber Security Standards initiative duplicates BS 7799, the British standard for computer security that was turned into the global standard, ISO 17799 standard.
BS 7799 has been criticised for being expensive to achieve certification and very much a high-level, tick-box administrative exercise, rather than ensuring that organisations are technically secure.
"This [new initiative] is about giving industry a standard that they can adopt and point to to say that they have adopted 'good' cyber security risk management processes; that they are taking the agenda seriously.
"The standards we are looking for... should be fit for purpose for the economy as a whole. In that sense, it will be 'low threat' cyber security, but that will take us a long way towards raising the bar quite considerably," said Smith.
The Cabinet Office's strategy has been informed by its discussions with industry, he continued.
"First, what is out there at the moment is lots of overlap, lots of complexity and lots of confusion - no real understanding of which one that industry should plump for.
"Second, in our view, of what is out there at the moment, there isn't a single standard that government believes necessarily deals with all the things that we think it should, delivering all the outcomes that we want to deliver," said Smith.
The Standards initiative opening on Friday forms a part of a broader cyber security strategy being pursued by BISS, which includes the launch in March of the Cyber Growth Partnership, co-chaired by David Willetts MP, the government minister responsible for cyber security.
It will bring together government with industry representatives, business and academia to examine the policies that need to be collectively pursued to help nurture the computer security sector in the UK, with a particular emphasis on exports and opening up export markets for UK computer security services.
