The UK’s National Cyber Security Centre (NCSC) has released a new version of its flagship security guidance, designed to help critical infrastructure (CNI) providers keep pace with the threat landscape.
The Cyber Assessment Framework (CAF) offers a collection of best practice security advice so CNI firms can better protect critical services in the energy, healthcare, transport, digital infrastructure and government sectors.
However, it must keep pace with threat actor innovation and the regulatory landscape, the NCSC explained in a blog post.
“The cyber threat to the UK’s CNI has continued to increase. Keeping pace with the evolution of attack methods is essential to close the widening gap between the escalated cyber threats to critical services, and our collective ability to defend against them,” it noted.
“These two themes have driven our updates the CAF to ensure the framework remains relevant, and that organizations’ defenses are up to date.”
Read more on threats to UK CNI: UK Recognizes Data Centers as Critical National Infrastructure
CAF v4.0 contains four major updates to the previous version:
- A new section on building a deeper understanding of attacker methods and motivations, designed to help CNI providers improve their cyber-risk decision making
- A new section on ensuring software used in essential services is developed and maintained securely
- Updates to the section on security monitoring and threat hunting to improve the threat detection
- Expanded coverage of AI-related cyber risks throughout the CAF
The NCSC produced the latest CAF version in consultation with various regulators and oversight bodies that use the framework. It claimed that the CAF is now used by “nearly all” UK cyber regulators and GovAssure, the cybersecurity assurance scheme for assessing UK CNI.
The NCSC is already looking to develop the next iteration of the framework to align with the forthcoming Cyber Security and Resilience Bill, which updates the NIS Regulations and should become law later this year.
No tags.
