The Government Protective Marking Scheme – a Case of the Emperor’s New Clothes?

Confidential shred imageThe emperor may not be naked but he’s not wearing very much!

At the back end of 2012 the Government made it clear that they intend to move to a new information classification policy. Draft documents were produced that provide an overview of the new scheme and the intention was to publish and go live in Spring 2013.They want to change the old 6-level model of UNCLASSIFIED, PROTECT, RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET to just 3 levels.

In our blog ‘ What’s New for Cyber Security in 2013? ‘ we touched briefly on the subject of this new Government Protective Marking Scheme and pondered whether it was another case of the emperor making a poor choice of attire!

Well, the initial rush to put the scheme into operational use has now been delayed until April 2014 so it does look as though the tailor’s stitching was lacking at the very least.

The new Government Classification Scheme is causing a stir

The Government Classification Scheme (or GCS as it is now known) has certainly caused a stir. At a recent Intellect workshop industry leaders were asked three key questions:

  1. How can industry best capitalise on the opportunities presented through the new policy?
  2. Articulate the main risk of implementation by industry – how might these be mitigated?
  3. What additional information do industry partners required (from Cabinet Office, Government Procurement Service, or their contracting authority)?

Responses varied but the underlying theme was that there is insufficient information coming from Cabinet Office about how it the scheme would work in practice and where the real cost savings would be. There was a general concern that without clear direction, the perceived benefits of change would be lost and government departments would resort to type. Cabinet Office stated that training material would soon be available and delivered to Departmental Security Officers for internal circulation. Industry could expect to get copies via their associated departments.

On the technical security front, there was also concern that the requirement for security controls would again be overly complex and costly. Cabinet Officer agreed that the initial drafts from CESG, expected in the next 4-6 weeks, would be discussed at another Intellect held workshop so that Industry views can be collected.

PSN Concerned

The PSNGB Security Committee has gathered some comments/feedback/questions regarding the new scheme. It covers topics such as how Shared Services may be affected, how accreditation will continue to be maintained and what ‘good practice’ may mean for different industries. It is worth a read if you are working towards PSN accreditation.

Keep up to date with developments

We’ll keep you up to date with all developments on this. Watch this blog and the Ascentor monthly newsletter for further information on the GCS as and when it comes in.

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:

You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.