The Government Protective Marking Scheme – a Case of the Emperor’s New Clothes?

Confidential shred imageThe emperor may not be naked but he’s not wearing very much!

At the back end of 2012 the Government made it clear that they intend to move to a new information classification policy. Draft documents were produced that provide an overview of the new scheme and the intention was to publish and go live in Spring 2013.They want to change the old 6-level model of UNCLASSIFIED, PROTECT, RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET to just 3 levels.

In our blog ‘ What’s New for Cyber Security in 2013? ‘ we touched briefly on the subject of this new Government Protective Marking Scheme and pondered whether it was another case of the emperor making a poor choice of attire!

Well, the initial rush to put the scheme into operational use has now been delayed until April 2014 so it does look as though the tailor’s stitching was lacking at the very least.

The new Government Classification Scheme is causing a stir

The Government Classification Scheme (or GCS as it is now known) has certainly caused a stir. At a recent Intellect workshop industry leaders were asked three key questions:

  1. How can industry best capitalise on the opportunities presented through the new policy?
  2. Articulate the main risk of implementation by industry – how might these be mitigated?
  3. What additional information do industry partners required (from Cabinet Office, Government Procurement Service, or their contracting authority)?

Responses varied but the underlying theme was that there is insufficient information coming from Cabinet Office about how it the scheme would work in practice and where the real cost savings would be. There was a general concern that without clear direction, the perceived benefits of change would be lost and government departments would resort to type. Cabinet Office stated that training material would soon be available and delivered to Departmental Security Officers for internal circulation. Industry could expect to get copies via their associated departments.

On the technical security front, there was also concern that the requirement for security controls would again be overly complex and costly. Cabinet Officer agreed that the initial drafts from CESG, expected in the next 4-6 weeks, would be discussed at another Intellect held workshop so that Industry views can be collected.

PSN Concerned

The PSNGB Security Committee has gathered some comments/feedback/questions regarding the new scheme. It covers topics such as how Shared Services may be affected, how accreditation will continue to be maintained and what ‘good practice’ may mean for different industries. It is worth a read if you are working towards PSN accreditation.

Keep up to date with developments

We’ll keep you up to date with all developments on this. Watch this blog and the Ascentor monthly newsletter for further information on the GCS as and when it comes in.

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:

You may also be interested in:

Building business resilience

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How strong is your business resilience to threats to IT, information and physical security? And how can security standards like ISO 27001 and ISO 22301 help?

Ascentor's cyber security review 2020

Ascentor’s cyber security review of 2020

It was the year a different kind of virus dominated. But that didn’t stop cyber criminals exploiting it. We look back at 2020.

Cyber security myths of SMEs

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals and, in the worst case scenario, may not survive. We look at some of the myths that put SMEs at risk of cyber crime.