News

The funds aim to “spark a step change in public sector cyber defences”, as well as “holding organisations to account for fixing vulnerabilities”

Today, the UK government has unveiled a new cybersecurity plan, introducing new measures aimed at making government departments and public services more secure.

The Government Cyber Action Plan, created by the Government Cyber Unit (GCU) and backed by £210 million, aims to achieve clearer visibility of cybersecurity risks across government units, more centralised and coordinated decision-making to meet those risks, and a faster response to emerging threats.

It will also increase and define new cyber resilience standards for commercial companies providing support for critical services such as health, energy or utilities.

“Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life. This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike,” said Digital Government Minister Ian Murray. “This is how we keep people safe, services running, and build a government the public can trust in the digital age.”

The GCU itself was formally formed under the Labour government in July 2024, based out of the Government Cyber Coordination Centre that itself was formed two years earlier. It forms a central pillar of the Government Cyber Security Strategy 2022–2030, which emphasises the need for more a more unified cybersecurity approach (i.e., ‘Defend as One’) across government departments.

Initially operated by the Cabinet Office, operation of the GCU was transferred to the Department for Science, Innovation and Technology (DSIT) in June 2025.

In tandem with this new plan, the government is also introducing a new Software Security Ambassador Scheme, which aims to promote cybersecurity best practices across the software market. This is one by the championing of the Software Security Code of Practice, a voluntary set of cybersecurity measures developed in collaboration by the National Cyber Security Centre (NCSC) and industry experts.

Cisco, Palo Alto Networks, Sage, Santander, and NCC Group are among those joining the scheme as ambassadors.

The announcement notably coincides with the second reading of the Cyber Security and Resilience Bill in Parliament, legislation that would replace the aging NIS Regulations and give the government greater powers to regulate organisation in its digital supply chain.

All of these measures combined cannot come soon enough. The cybersecurity threat landscape is growing and evolving at an alarming rate, with public sector organisations increasingly in the firing line. According to the NCSC, between September 2024 and August 2025 the UK saw 204 ‘nationally significant’ cybersecurity incidents, up from 89 the previous year. Category 2 incidents, defined as those with serious impact on central government, essential services, or large portions of the population, rose by 50% year-on-year.

The public sector, long hamstrung by fragmented legacy systems and a widening skills gap is poorly equipped to defend itself in this environment. Updating these defences will require significant investment and collaboration with the private sector, both of which today’s measures begin to initiate.

Keep up to date with all the latest telecoms news with the Total Telecom newsletter

Also in the news
World Communication Award Winners 2025
Ofcom clears the way for satellite-to-smartphone services
LG Uplus’s AI voice call app glitch leaks user data

News

This weekend, Swedish telecoms giant Arelion has confirmed that its BCS East submarine cable, connecting Latvia and Lithuania, was damaged on Friday.

The damage appears to have been caused by a ship passing overhead a few kilometres from the cable’s landing station in Liepāja, Latvia. The exact location and extent of the damage is still being identified.

Whether the damage was caused by accident or intentionally remains to be determined. According to reports, information analysed by the Latvian armed forces shows the ship in question initially sailing over an inactive cable before changing course and heading towards the BCS East cable, which was subsequently impacted.

“I am in contact with the crisis management centre and the responsible authorities. The police have started an investigation, and the clarification of the circumstances continues,” Latvian Prime Minister Evika Silina said in a press conference on Sunday.

“We cannot speculate on the reasons yet. After conducting analysis and digital measurements, the company does not rule out any version at this time,” said Arvis Zile, head of the crisis management centre.

The ship being investigated has since docked at Liepāja and was boarded by police and the Latvian coast guard on Sunday evening. It is not currently being detained, and its crew are cooperating with the investigation.

Latvian users were not impacted by the incident, with traffic successfully redirected to other routes.

Repairs to the cable will be completed “within the next week or two”, according to Arelion spokesperson Martin Sjogren.

The Baltic Sea has become something of a hotbed for submarine cable damage in recent years, with numerus high profile cable cuts, including Arelion’s own BCS East-West Interlink cable, connecting Lithuania to the Swedish island of Gotland, in November 2024.

Given the geopolitical tensions between the Baltic states and Russia since the Russian invasion of Ukraine, the security of these critical cables is becoming an increasingly hot topic, both for subsea cable operators and politicians. However, it should be noted that deliberate sabotage of submarine cables is rarely proven  while accidental damage is commonplace around the world.

Submarine cable security is becoming an international priority. Join the experts in discussion at the inaugural Subsea Security Summit

Also in the news
World Communication Award Winners 2025
Ofcom clears the way for satellite-to-smartphone services
LG Uplus’s AI voice call app glitch leaks user data