The Police Digital Security Centre (PSDC) – formerly known as the London Digital Security Centre (LDSC) – was set up in London in 2015 by the Mayor’s Office for Policing in Crime, MOPAC, with the Metropolitan and the City of London police forces. Its focus; supporting small and medium-sized businesses across the UK to improve their resilience against the most common types of cybercrime and fraud.
PDSC is a not-for-profit body, owned by the police. Given the cyber landscape – last year there were 4.6m incidents of fraud and computer misuse which accounts for many of the 11m crimes reported to police, never mind what’s unreported – the PDSC seeks to help individual consumers and businesses alike find the most appropriate digital security products and services for them.
To deliver, the PDSC needs to be able to recommend trusted digital security providers and have a consistent model in place for making those recommendations. They teamed up with the British Standards Institution (BSI) to put together an assessment framework and certification process – the Digital Security Provider (DSP) scheme. That way, recommended digital security providers meet certain standards. Organisations must be checked for:
– Financial solvency, ensuring that their business continuity is solid;
– Staff skill sets to demonstrate they are skilled across their areas of expertise;
– Criminal background; all front-facing staff undergo a baseline security check against police records, with more thorough screening available for organisations working with particularly vulnerable or high-security end users; and
– A ‘Secured By Design’ approach to their products or services
To create a standardised model of accreditation, the PDSC approached authentication product company Yubico in the early development phase. They were invited to advise and inform how the framework would be shaped for future applications, with a view to being one of the early adopters of the scheme for its two-factor authentication device, the YubiKey.
YubiKeys are designed to secure access to computers, phones, networks and online services such as Dropbox, 1Password, Google and Facebook with a single touch. The USB-style device is able to verify the identity of the user in possession of the key. Used with your username and password, the YubiKey can stop incidents of phishing or man-in-the-middle attacks.
As a result, there is now a police and BSI-endorsed scheme in development that will give individuals and organisations the peace of mind that every accredited service provider is a robust, reliable and trustworthy partner supplying specialist digital security products or services.
Simon Newman, Head of Cyber and Business Services at the PDSC, said: “The partnership with Yubico and the wider certification scheme was borne out of a simple challenge; we wanted a clear answer when individuals and organisations asked us ‘who should I talk to about this particular cybersecurity challenge?’ and now we have a consistent and scalable way of identifying digital security providers that customers can trust. We expect the scheme to be a great success, with dozens of companies already interested in gaining an accreditation. Yubico has been invaluable from the start in helping to develop the process, and we’re delighted to recommend the organisation as an innovative and trustworthy provider.”
John Gilbert, GM and Regional VP of Sales at Yubico said: “The world of digital security can be confusing and overwhelming to consumers and small businesses, so we applaud the PDSC for taking steps to bring clarity and consistency for end users. The accredited scheme will be a powerful way of making it crystal clear which organisations have invested in highly-skilled staff and a Secured by Design approach, and we’re delighted to be involved.”
The PDSC is looking to launch the DSP scheme in early 2020, and Yubico hopes to be one of the first accredited providers endorsed by British Standards.
