Cyber GSeC

The Government Security Centre for Cyber (Cyber GSeC) is one of 5 centres of technical expertise, embedded in host departments to provide security consultancy and advice services across UK Government. We are hosted by HMRC, and work to help government organisations improve their cyber security posture, directly in support of the Government Cyber Security Strategy.

We do this through a set of core service offerings, which we provide free at point of delivery to government organisations:

• GovAssure support
• Purple teaming
• Supply chain security consultancy
• Optimising Microsoft security solutions
• Active cyber defence and open standards adoption
• Bespoke consultancy
• Business partnering

We are supporting departments with the 5-stage GovAssure process:

1. Departmental context, essential services and mission – to gain an understanding of the department, and communicate what Cyber GSeC can provide during the GovAssure process
2. In-scope systems and alignment to GovAssure profile – help Government Security Group (GSG) and departments to define the self–assessment scope, set boundaries and assign the applicable GovAssure profile
3. Self-assessment – support departments in the completion of their GovAssure self-assessment return through quality documented independent advice and guidance.
4. Peer review – support departments by conducting documented independent reviews of completed GovAssure self-assessment.
5. Final assessment and ‘targeted improvement plan’ – Provide consultancy to help departments prioritise the necessary remediation activities from their targeted improvement plan, to increase cyber risk resilience.

Cyber GSEC GovAssure Brochure

Purple teaming combines the traditional Red Team (offensive) and Blue Team (defensive) exercises, to aid organisations to fully understand how prepared they are to respond to various attack scenarios. We coordinate this through a central function within the client organisation, and conduct exercises blind to the majority of people involved. This enables us to test real-world scenarios in a safe and secure way.

The service involves three distinct phases:

1. Scoping
   Understanding the shape of the organisation, their cyber security processes, and determining the most appropriate ways to test cyber security defences.

2. Test execution
   Building tools and scenarios for active testing and communicating appropriately with key stakeholders.Working within both the department’s defensive team and external offensive team to understand where there are vulnerabilities in process, policies or infrastructure.

3. Reporting
   Providing both a written and verbal debrief to the department alongside a series of recommendations on ways to improve their cyber security posture. We work with Government Security Group’s Red Team and others in GSG to understand the priority for organisations to undertake a purple teaming exercise.

Since the Cyber GSeC was first established we have worked extensively with departments across government to improve understanding of their biggest cyber security issues. One of the more common themes is the lack of visibility or capability most departments have across their managed services; in particular how cyber security is managed by both prime suppliers and further down the supply chain. This also extends to legacy contracts in which departments often face challenges understanding the security obligations and expectations.

We have developed the SCSC Framework to help departments with any security related needs across their supply chain. It is formed from seven distinct consultancy offerings which cover the main stages of a procurement lifecycle such as:

• pre-procurement
• in-service
• contract end

We designed it to help departments strengthen their maturity across their supply chain whilst using key security guidance from:

• UK government
• the national technical authorities (NTAs), such as National Cyber Security Centre (NCSC)
• National Protective Security Authority (NPSA)

We continue to work alongside colleagues across government to further develop best practice, including a framework toolkit; and align the collective view of cyber security within the supply chain.

The service is provided through a number of consultancy offerings covering the procurement lifecycle.

Optimising Microsoft security solutions

Our Optimising Microsoft Security Solutions (OMSS) service can help organisations with existing or planned Security Operations Centre (SOC) implementations in accordance with NCSC guidance. The service can also help organisations to fully utilise Microsoft security solutions within existing or planned licensing and subscription arrangements. Using the service can help organisations meet cyber resilience and information protection compliance objectives within the Government Cyber Security Strategy.

The following Microsoft product sets are covered by the service:

• Sentinel
• Entra
• Defender
• Purview

This service offers support to departments in three areas:

• Feasibility – initiating and planning how Microsoft security and compliance solutions will be utilised ahead of adoption by the organisation, and how best to leverage the security tools included within the E3/E5 license
• Implementation – deployment of pre-licensed Sentinel, Entra, Defender or Purview features within an organisation for the first time. The service also provides guidance and best practices to leverage the full value of these tools
• Enhancement – ensuring the organisation’s set up and use of their Microsoft cyber security tools is optimised effectively, and how to make best use of the tools available

The service assists departments and arm’s length bodies (ALBs) throughout the implementation lifecycle from planning through to go-live, to help realise the best return on their investment.

Active Cyber Defence and open standards adoption

NCSC’s Active Cyber Defence (ACD) is a suite of tools and services produced by the NCSC to provide broad protection for the most common cyber-attacks. The tools are available to organisations across the UK, including government departments and ALBs.

The Cyber GSeC supports departments with the adoption of these tools, often where they do not have the resources or capability in house to implement the tools independently. We also work with them to implement open-source defensive standards such as DMARC and MTA-STS.

Beyond this, we are now looking at the future of email security to understand the next standards that should be introduced to continue to protect government, what support organisations will require to plan and implement the standards, and to build services that provide that support. We will also continue to support organisations in implementing new initiatives as they are developed by NCSC.

We have published guidance on how to set up MTA-STS and TLS-RPT email security standards.

Bespoke consultancy

As well as offering services to help organisations across government to address specific security challenges, we also work directly with departments to help with bespoke requirements using the wide range of expertise that exists within our teams.

We continue to bolster our skill sets to ensure that we are best placed to respond to a wide variety of cyber security problems, working with Government Security Group (GSG) and the NCSC to provide robust cyber security services for all government departments and their ALBs in support of the Government Cyber Security Strategy.

Business partnering

In addition to our core services, we have also adopted a business partner approach to give government organisations a single point of contact with Cyber GSeC, and to enable open conversations and transparent feedback processes designed to ensure that we’re delivering exactly the kind of guidance and advice government customers need to mitigate the latest threats.

Contact the team

If you would like to know more about any of our services or find out how to engage with us to improve your cyber security, email cybergsec@hmrc.gov.uk.