Cybersecurity policy, policing and intelligence bodies in the UK
Overview of UK government bodies responsible for cybersecurity policy, policing, and intelligence
| Cybersecurity bodies of the United Kingdom | |
| Abbreviation | |
|---|---|
| Type | Government agencies and units |
| Formation | |
| Predecessor | |
| Purpose | |
| Headquarters | London and other locations |
| Parent organization | |
The cybersecurity policy, policing and intelligence bodies in the UK form a coordinated network of government agencies, intelligence units, law enforcement teams, and cross-departmental initiatives focused on defending against cyber threats.
The National Cyber Security Centre (NCSC) serves as the primary technical authority for cyber security.[1] It operates as part of GCHQ.
The National Cyber Force (NCF) handles offensive cyber operations as a joint defence and intelligence partnership.[2]
Active operational units
Key entities include the National Protective Security Authority (NPSA), successor to the Centre for the Protection of National Infrastructure (CPNI), operating as part of MI5.[3]
Defence and law enforcement
- Defence Digital
- Cyber Defence Operations Centre (CDOC)
- National Cyber Crime Unit (NCCU) of the National Crime Agency
Historical units
Legacy bodies merged into current structures, such as CESG and CERT-UK into the NCSC.
Governance and strategies
High-level oversight is provided by the National Security Council (NSC) Cyber Subcommittee.
| Entity | Dates | Purpose | Intel-related? | Predecessor/Successor | Notes |
|---|---|---|---|---|---|
| National Cyber Security Centre (NCSC) | 2016–present | UK's technical authority on cyber threats/incidents/advice [4] | Yes (GCHQ) | Merged CESG, CERT-UK, CCA, CPNI cyber | Part of core intel community |
| National Cyber Force (NCF) | 2020–present | Joint offensive cyber ops vs threats [5] | Yes (GCHQ/MI6/MOD) | Successor NOCP | Samlesbury base |
| National Protective Security Authority (NPSA) | 2023–present | Physical/personnel/holistic state-threat security [6] | Yes (MI5) | Successor CPNI (2007–2023) | Broader CNI remit |
| Government Cyber Coordination Centre (GC3) | 2022–present | Gov-wide threat coordination/incident response | No | Under Gov Cyber Strategy | Visibility/sharing |
| Government Security Group (GSG) / Gov Cyber Unit | Active | Overarching gov security standards (GovAssure) | No | Cabinet Office | Enforcement |
| Central Digital and Data Office (CDDO) & GDS | Active | Secure digital baselines | No | DSIT | Infrastructure |
| Defence Digital (ex-ISS) | Active | Military network backbone | Partial (MOD) | Corsham | Perimeter defence |
| Cyber Defence Operations Centre (CDOC) | Active | MOD network threat mitigation | Partial (MOD) | - | Defensive ops |
| Joint Cyber Reserve Force | 2013–present | Crisis support reservists | Partial (MOD) | - | Strategic Command |
| Land Intelligence Assurance Group (LIAG) | Active | Tactical cyber assurance | Partial (Army) | Under Defence Digital | Worldwide |
| National Cyber Crime Unit (NCCU) | 2013–present | Cyber crime investigation/prosecution | No (NCA collab) | - | Ransomware focus |
| CESG | Historical | GCHQ info assurance | Yes (GCHQ) | Predecessor NCSC | Closed 2016 |
| Office of Cyber Security and Information Assurance (OCSIA) / CGSD | Historical | 2009–2017 | Policy/funding, based in NSS and included Fusion Unit with intel input MI5, GCHQ | To NCSC | Cabinet Office |
| Cyber Security Operations Centre (CSOC) | 2009–2016 | Network monitoring | Yes (GCHQ) | Pre-NCSC | Testbed |
| CERT-UK | 2014–2016 | National incident coordination | Partial | To NCSC | Dissolved |
| GovCERTUK | Closed 2014 | Gov network response | Partial | Early CERT | Predecessors |
| Centre for the Protection of National Infrastructure (CPNI) | 2007–2023 | CNI physical/cyber guidance | Partial (MI5) | NISCC/NSAC → NPSA | Evolved |
| National Offensive Cyber Programme (NOCP) | Historical | Offensive coordination | Yes | To NCF | Precursor |
| GovAssure Framework | 2023–present | Resilience assurance (CAF) | Policy | Cabinet Office | Mandatory |
| Defence Cyber Protection Partnership (DCPP) | Active | Supply chain security | Partial | MOD/DSIT | Industry links |
| Defence Cyber Academy (DCA) | Active | Training hub | Partial (MOD) | Shrivenham | Skills |
- Key Policies/Strategies:
(underpins GC3, GovAssure). National Cyber Security Programme.
- Committees: NSC Cyber Subcommittee (2010–), JCNSS, PAC cyber oversight.
All claims drawn from official/gov sources; NCSC, NCF, NPSA form core of modern intel-linked cyber posture.
Notes
- ↑ National Cyber Security Centre website NCSC, accessed June 2026.
- ↑ National Cyber Force GOV.UK, accessed June 2026.
- ↑ National Protective Security Authority NPSA, accessed June 2026.
- ↑ NCSC Official
- ↑ NCF Gov
- ↑ NPSA Official