Britain’s digital economy minister has sent forth a raft of companies as “ambassadors” to help organizations across the land embrace the UK’s Software Security Code of Practice.
Baroness (in waiting) Liz Lloyd unveiled the scheme in a speech last week that for some reason was not noted by the government’s own press service until yesterday.
Lloyd, a former advisor to the Blair government and chair of trustees for The Tony Blair Governance Initiative, said the benefits of the digital economy and AI could not be realized without confidence in the systems underlying it.
“So software security isn’t just technical. It’s a commercial imperative. And trust is what unlocks growth.”
She said a “government’s first duty is to keep citizens safe,” and in today’s world that includes strong cybersecurity.
British readers will be reassured to hear: “We’re starting in a good place. The UK has some of the strongest cyber defenses globally.” Lloyd pointed out “fast-growing clusters of expertise in Cheltenham and Manchester, as well as Belfast and Scotland’s cyber cluster.”
She also claimed the UK’s cyber sector was the third largest in the world.
But while last year’s Software Security Code of Practice laid the groundwork for software suppliers to help build a more secure supply chain, the government had to move to get the broader message out. Barely a quarter of organizations considered cybersecurity when buying software.
Lloyd noted that some wanted more regulation and oversight to change this, while others took a more laissez-faire approach, leaving it to companies to work it out themselves. “I believe we can be more ambitious than that.”
So the government is looking to “a group of leaders… who are making a public commitment to champion secure software and to be role models for the UK government’s Software Security Code of Practice.”
This will include UK-based software giants such as Sage, and, well, that’s it for UK-based giants. Gateshead’s finest will be joined by Cisco, Palo Alto, and Accenture.
Also playing is NCC Group, ISACA, and ISC2. And UK-based cyber specialists including Cheltenham’s Nexor and Salus, and Zaizi and Hexiosec are on board too. At the customer end are Lloyds and Santander.
Lloyd drew a comparison with the World Health Organization’s 2009 code of practice for hand hygiene, saying it has become a global benchmark “despite not being enforced by law, and has helped to significantly reduce infection rates as hospitals can draw on a single, definitive source of best practice in one place.”
So apparently the aim is to make cybersecurity as easy as washing your hands.
“That’s exactly what we want the Software Security Code of Practice to become,” said Lloyd. ®