The UK’s National Cyber Security Centre (NCSC), part of GCHQ, has announced two major initiatives to bolster the nation’s cyber resilience. Revealed at the recent CYBERUK conference, these programmes aim to strengthen cyber defences across both public and private sectors.
The new initiatives include a network of Cyber Resilience Test Facilities (CRTFs) and a Cyber Adversary Simulation (CyAS) scheme set to launch this summer.
Enhancing Product Assurance and Threat Response
The CRTFs will provide technology vendors with accredited facilities to test and demonstrate the cyber resilience of their products. These facilities will enable independent audits and structured assessments, helping organisations—including government bodies—ensure the security of connected products.
Unlike traditional compliance-based schemes, the CRTFs will follow a principles-based assurance (PBA) approach. This method focuses on practical resilience rather than checklists, aiming to improve consumer confidence and expand the range of assured products available in the market.
Meanwhile, the CyAS scheme will allow certified providers to simulate real-world cyber attacks, testing an organisation’s ability to prevent, detect, and respond to threats. Developed with input from cyber regulators and oversight bodies, CyAS is designed for organisations with high maturity and critical infrastructure. It will launch as a Minimum Viable Product and evolve based on user feedback.
“These initiatives represent a significant step forward in our mission to enhance the UK’s cyber resilience,” said Jonathon Ellison, NCSC’s Director for National Resilience. “Through product testing and adversary simulations, organisations will be better prepared to defend against evolving threats.”
AI Accelerates Cyber Threats
The NCSC also warned of increasing risks to critical UK systems due to the widening “digital divide”—the gap between organisations capable of adapting to AI-driven threats and those falling behind. A report released during the conference highlights how AI advancements are accelerating the time between the discovery of software vulnerabilities and their exploitation by malicious actors. This growing threat is expected to intensify through 2027.
Addressing the Resilience Gap
These new initiatives are part of the NCSC’s broader strategy to address concerns about the gap between advancing cyber threats and existing defences. In December 2024, NCSC CEO Richard Horne warned of this growing divide, urging UK organisations to follow NCSC guidance and take proactive steps to improve their cyber resilience.
The government has also introduced a voluntary Software Security Code of Practice, aimed at improving the security of software supply chains. This code is designed to help vendors and their customers reduce the risks of supply chain attacks and other vulnerabilities linked to poor software development and maintenance practices.
The CRTFs and CyAS schemes mark the latest efforts by the NCSC to support UK organisations in strengthening their cyber defences and keeping pace with an increasingly aggressive digital threat landscape.
