The UK government has launched a new department to boost the security of organisations against international threats including cyber espionage. The National Protective Security Agency (NPSA) will also serve to provide further intelligence for UK intelligence service MI5, which will be presiding over the new department.
The new body was announced as a part of the 2023 Integrated Review, which was released on Tuesday and updated the government’s security, defence, development and foreign policy priorities in light of global events. The last Integrated Review took place in 2021.
The role of the National Protective Security Agency
The NPSA has replaced the Centre for the Protection of National Infrastructure and will have a wider remit than its predecessor, working with other government agencies to provide advice and training to any organisations which hold key intellectual property or run critical national infrastructure.
The introduction of the new agency reflects the UK’s response to heightening geopolitical tensions around the world. The Integrated Review states that these measures are being put into place to respond to threats ranging “from Russia’s illegal invasion of Ukraine to China’s economic coercion and increased competition between states.”
MI5 says the NPSA has been set up specifically to protect, “private and public sector organisations, including tech start-ups, businesses, events venues and universities,”, particularly from growing “espionage activity by the Chinese state.” It is an attempt to present a joined-up approach to cybersecurity across government.
The value of the information held by many of these organisations makes them prime targets for hackers, said security minister Tom Tugendhat. “Science, technology, and academia are as much on the front lines of national security as the UK’s critical national infrastructure,” Tugendhat said. “We know that hostile actors are trying to steal intellectual property from UK institutions in order to harm our country.
“The NPSA will play a crucial role in helping businesses and universities better protect themselves and maintain their competitive advantage.”
Who will the NSPA benefit?
The NPSA is likely to be particularly beneficial to tech start-ups, says Matthew Ellison, cyber security specialist at threat hunting platform Corelight.
“The UK has a significant number of start-ups that are spread across numerous industries with a wide range of technological innovations,” Ellison says. “While these companies are working with exciting new technological innovations, they typically do not have the necessary skills or awareness to understand the risks that they face, despite the best efforts of cloud providers to ensure the security of their customers’ systems and data.
“Such an investment of time and money taken and used by a foreign nation state would be devastating in both the short and long term not just for these companies, but for the UK’s skills and capabilities in the future.”
The security service could also benefit from the new agency, says James Shires, a senior research fellow in cyber policy at the Chatham House thinktank,
Due to the increasing use of cyberespionage to target intellectual properly within organisations in the UK, the NPSA will be working closely with the UK’s technology start-up sector, explains senior research fellow in cyber policy at Chatham House, James Shires:
“The benefits for MI5 will be that if they work very closely with businesses, especially in the tech sector. they will also get lots of tip-offs and probably also unsolicited pointers, or intelligence leads,” Shires says. “It will need to work closely with the NCSC, the UK authority for cyber espionage.”