We help to support the work of government and the operation of the Critical National Infrastructure (CNI) by providing advice and guidance, bespoke support and tools, to help CNI organisations make informed decisions about security.
Government and its industry supply chain
The NCSC will provide advice, guidance and support to the public sector on cyber security for internal IT and for citizen-facing online services. This includes central and local government, health and social care, emergency services and the devolved administrations. We also provide support to the crown dependencies and British Overseas Territories when appropriate.
We can’t have a direct relationship with every public sector body in the UK, so we work through a mixture of bespoke support for particularly high risk networks, systems and services and providing access to self-help facilities.
NCSC’s own published guidance can help organisations to help themselves –10 Steps to Cyber Security is a good starting point, and other useful documents such as End User Device guidance, Cloud security principles or our risk management collection are linked from the Guidance section of this website. If you can’t find the right guidance on here, we also provide access to a number of virtual communities on CiSP.
If you are a supplier to government, or aspire to be, we also encourage you to follow the free guidance in the government’s own Cyber Essentials scheme. By focusing on basic cyber-hygiene, your organisation will be better protected from the most common threats. If you implement all the criteria for good basic cyber-security practice, you can apply for the Cyber Essentials badge, which demonstrates that your organisation meets government-endorsed standards. This is mandatory for all for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain products and services. Find out more here.
Finally if things do go wrong and you are a victim of an attack, take a look at our cyber incident response pages.
The Critical National Infrastructure
Along with our colleagues in CPNI who lead on physical and personnel security, we help to ensure the resilience of the UK’s Critical National Infrastructure against attack. We work closely with the organisations that own and operate the key networks, and the relevant lead government departments, regulators and policy makers.
We believe that a holistic approach to security that encompasses physical and personnel as well as cyber security is necessary for our customers to manage their security risk. Whilst the NCSC will focus on cyber security, our advisers have an understanding of all three security disciplines and will be able to advise customers on where to find the right information.
The services we offer to the CNI are mainly tailored to meet the specific requirement of the sector, however, much of our general guidance is relevant to the CNI as is our threat information and incident management guidance.
Protective DNS service for the UK public sector
NCSC is working with partners to provide the UK public sector with a reliable DNS resolution service with some additional security benefits. The key benefit being that the service will aim to prevent public sector users from accessing domains known to be malicious, by simply not resolving them.
This service is one of the NCSC's Active Cyber Defence projects, where we are taking positive action to make it much harder for criminals to perpetrate or gain from cyber attacks in the UK.
For further information, read the full announcement or view the FAQs page.