What sort of companies is the NCSC Cyber Accelerator looking for?

As part of its mission to make the UK the safest place to live and work online, the NCSC is looking for start-up companies who:

offer next-generation cyber security solutions that are better and cheaper than existing products
are using innovative techniques to solve a known problem
that can make a difference now rather than research proposals.
have an active UK presence including a UK registered business.

The solutions could be for any customers, from individuals at home to the world’s biggest companies, but must address one of the NCSC challenge themes outlined below.

What does the NCSC Cyber Accelerator programme involve?

The NCSC Cyber Accelerator is run in partnership with Wayra, combining the NCSC’s technical expertise and Wayra’s commercial connectedness to London’s entrepreneurial ecosystem.

‍

The programme runs for 9 months and meets three days a week. In order to make best use of working with the NCSC and GCHQ, the programme is based in Cheltenham and a founder of each company is expected to attend each day. To have a national reach but a Cheltenham-focus, the programme offers a £25,000 stipend to cover travel costs.

‍

The programme selects up to 10 companies, which range in their maturity from early stage angel investment to securing initial seed investment.

‍

Through a combination of technical and commercial mentorship and introductions, the programme works with start-ups to:

articulate their fundamental proposition and strengthen their business foundations.
develop and communicate their core product or service .
facilitate introductions to companies and investors.

What we offer

£25,000 grant (to cover the costs of travelling to Cheltenham)

Wayra's investor network

Wayra's acceleration services

Access to a dedicated accelerator facility in Cheltenham

Access to NCSC cyber experts

Data

IMPORT TRANSFORMATION AND VERIFICATION

Existing solutions tend to consider cross-domain technology as meeting a high-assurance need. We are interested in similar capabilities, but developed with more of a commodity threat model in mind.

Following on from this, MSPs, for example, manage in a ‘Browse-up’ manner. Solutions that achieve segregations such that an infection in one device does not infect others are important in this regard.

BEYOND ANTI-VIRUS

Anti-virus companies are well-versed in identifying cyber attacks and iterate their response as attacks evolve. Cutting-edge, disruptive techniques that would identify attacks are of interest, especially those that can anticipate early stages of process – preparation, information gathering, reconnaissance, and build-up. An attacker will generally assemble an infrastructure and utilise a number of methods to anonymise themselves. Next-generation tools to help characterise this are also welcome.

Tools that take account of real time threat and vulnerability information and allow a manager to change their operational posture in an agile way are also of interest. We acknowledge that it is difficult to keep track of vulnerabilities in real time – and that the vigilant will be patching as they go – but tools that assist in this regard are considered helpful.

DATA SHARING

Making threat intelligence actionable for small companies in an automated fashion is of value.

Conversely, there are some use cases where data aggregation can be a problem. A specific example here would be in Building Information Management where, for example, every person involved in the design of a building gets access to the totality of information, resulting in the entire design (complete with vulnerabilities) being – effectively – publically available.

AUDIT AND MONITORING

Not ‘total cyber awareness’ but some simple straightforward tools/techniques and capabilities to make it easy to monitor the network of systems. Today, most people pipe the logs to disk and only review them post-incident.

Software agents that provide a monitoring capability are of interest; those which are agnostic of operating system would be most valuable. However, all operating system manufacturers want their system to operate in a controlled way (for example to prevent malware from obtaining the kind of privileges that AV products enjoy) and they typically provide system functionality to enable this.

Tooling that makes use of enterprise audit, monitoring or other existing functionality to identify anomalies or make improvement – eg spotting system crashes and working how many lost business hours there are – is preferred.

ENTERPRISE DATA DISCOVERY

A big challenge in securing a large organisation is keeping track of where sensitive information actually is, against where the user thinks it is. This may be because of inadvertent data replication of data, or by users taking copies of data, or starting to use new processes and solutions outside of the visibility of the enterprise.

Tooling to help an organisation discover exactly where its data is, and provide indications of its relative value and the information and services that it relies upon, is valuable in helping to prioritising focus, and also to identify compliance issues in regulated sectors.

DATA PROCESSING

As with detection methods, there are numerous mature products in existence. We are interested in innovative, simplified, more efficient ways to stream, store, mine, and visualise heterogeneous network data, while retaining necessary security policy and auditing requirements, to enable the greatest capacity of analysts.

This could include the automation of routine procedures around data landing, linkage, sematic assignment, formatting, identity resolution, aggregated feature construction, imputation, and interpretation of missing data, anomaly detection and correction.

People

AUTHENTICATION

People find it very hard to generate and remember different and complex passwords for the range of devices and services they use. They also find it tiresome to enter them manually.

We are looking for approaches that reduce the burden of passwords without compromising security. Ideally solutions should adopt existing standards, and make use of hardware security features built into commercially available devices.

Existing products use a range of biometrics and physical tokens, with variations in the level of protection offered to credentials. We believe there is room to improve the state of the art in terms of the options available, the protection of critical components, and also novel combinations of techniques (such as multi-factor or continuous authentication).

OUT-OF-THE-BOX SOLUTIONS FOR THE VULNERABLE

Whilst it is true that there is a kids’ version of, for example Youtube or Itunes, it is difficult for the responsible adult to configure a machine to be child-friendly (or vulnerable person-friendly). An out-of-the-box solution that makes it safe for vulnerable people to interact on line would be a welcome addition to the marketplace. This includes making it harder to become the victim of grooming activities or visiting unsuitable websites.

NOT ALL ANIMALS ARE EQUAL

Some users can be classed as VVIPs and require bespoke support. Tools that enable such individuals to understand their digital footprint and which can easily offer advice and guidance – or ‘canned’ environments – dependant on the situation are of interest. Enterprise versions of such tooling – which expose the digital footprint of an organisation – are also valuable.

GETTING THE BOARD TO ‘GET IT’

Board members generally have limited time, limited understanding of cyber risks, limited money and a set of other pressing problems to solve. In this challenging environment, we are looking for mechanisms that help boards take the cyber risk more seriously, where information is presented in a way that is both compelling and digestible to that specific audience.

This same issue is prevalent more generally. Mechanisms that will allow a cyber conversation in a way that is accessible and persuasive to different audiences are of interest.

MAKING IT EASIER TO BE SECURE

Tools that enable mobile phone users to be aware of and manage the activities and privileges of the apps they run are of interest, as are those that enable users to more easily use white/black lists for apps.

In addition, tools that make it easier for app users to manage the risks they face when they click “yes” to highly complex and voluminous terms and conditions, or how much identity and other information they are giving away, would be of value. Low-cost solutions are preferred.

Easy to digest, modern, high-quality training packages that are suitable for the lay person (and could potentially be NCSC approved) are currently in short supply and would be of interest.

Having said that, attempts to train users on ways to avoid phishing attacks do not work for everyone; humans are not best placed to make these decisions. Tools that enable the computer to determine whether an e-mail is trustworthy could help with this problem.

IDENTIFYING ‘THE GOOD’

Tools that have a capability to ’learn’ what normal looks like (noting and accommodating the fact that the norm is not always the good) in terms of system/user access to sensitive sets of data in order to allow system owners to produce profiles (or other artefacts) from which anomalous behaviour can be identified and acted upon.

Related to this, an ability to profile user behaviour would assist us in awareness campaigns and to highlight areas where greater awareness may be necessary (or where no intervention is required).

GDPR READINESS

Whilst large corporates are alive to the issues, organisations such as SMEs, charities and other non-profits are yet to fully understand the implications of GDPR, which require companies to prove they have taken adequate steps to properly manage personal data.

Charities in particular are focused on their front-line delivery and, as a rule, spend little on IT security. They believe that their mission – to do good – is enough to prevent any accusation of poor practice.

An ICO fine is likely to have a disproportionate effect on the survivability of organisations like these. Low cost, easily implemented solutions to this problem are required if we are to make a difference here.

Note that awareness raising alone is insufficient; we ae looking for products or services that improve security.

IMPROVED TAKE UP OF CYBER ESSENTIALS AND INCREMENTAL IMPROVEMENTS

We would like to see many more small companies meeting the Cyber Essentials benchmark. Any tools that can assist in this regard would be of interest.

We want companies both to achieve Cyber Essentials, but also to maintain their security posture so, for example, automated vulnerability assessment may also feature here, as would any products and services that helped companies who had already achieved cyber essentials to take affordable next steps. As the objective relates to small companies, a low-cost solution is preferable.

Technology

‍

No items found.

Challenge Questions

Theme 1: Making it easier to be secure:

Helping users to be safe online.

‍

This theme applies to users from individuals to organisations. Examples include (but are not limited to):

products that make it easy for users to make secure decisions in online or connected environments;
automated tools that take the onus off the user to avoid being phished;
tools that enable users to manage the risks they face when using apps and online services, such as app-locking or other privacy mechanisms;
products that integrate training and user education in novel ways.

‍

Theme 2: Understand and defend

Understand and defend: Enabling understanding of all the devices that are present on a network (including 3rd party components) and enhancing security.

‍

This theme applies to enterprises of all sizes. Examples include (but are not limited to):

tools that use hardware-backed attestation to provision new devices;
products that enable the use of cloud technology for highly secure data storage and processing;
tools that aid enterprise data discovery and management, including in cloud services;
solutions that allow the agile sharing of sensitive data between networks;
tools that help organisations effectively manage risks in their legacy estates;
capabilities that enable the secure operation and management of devices and services in low-trust environments.

‍

Theme 3: Detect and respond:

Enabling the analysis of network activity to detect, respond to and recover from cyber-attacks rapidly; and helping organisations prepare for incidents and understand what actions to take when they occur.

‍

This theme applies to organisations of all sizes. Examples include (but are not limited to):

efficient, compliant ways to stream, store, mine and visualise heterogenous network data;
software agents that monitor networks and make use of enterprise audit and monitoring to identify anomalies;
solutions that make threat intelligence actionable in an automated way;
techniques for anticipating the early stages of a cyber attack, or that enable action to be taken on real-time threat and vulnerability information;
cross-domain solutions that achieve segregations of devices to contain infections;
ways of testing cyber incident preparations.

‍

Areas of Interest

No items found.

FAQs

Q. WHAT IS NCSC's ROLE IN THE PROGRAMME?

A, An NCSC team are involved in the running of the accelerator and NCSC experts provide mentoring to the start-ups.

Q, WHERE WILL THE PROGRAMME BE BASED?

A, The programme is be based in Cheltenham and start-ups are required to have a founder present 3 days a week.

Q, WHY IS WAYRA UK SUITED TO HELP NCSC?

A, As well as being part of Telefónica Open Future_ – a global accelerator programme, which has 11 academies in 10 countries, and is part of the wider Telefónica network – Wayra UK has partnerships with major corporates including pharmaceutical company Merck Sharpe & Dohme (MSD) and fashion retailer ASOS.

As a result, Wayra UK is especially well-placed to work with start-ups to help them understand the challenges faced by larger corporate and government entities, and how to work with them successfully.

Q, WHO ARE NCSC AND WHAT IS THEIR RELATIONSHIP WITH GCHQ?

A, The National Cyber Security Centre is a part of GCHQ and is integral to the UK’s efforts on cyber security.

Q, HOW WAS WAYRA SELECTED?

A, A Competing against anumber of high quality submissions, Wayra won the procurementcompetition run by NCSC , run inaccordance with normal NCSC procurement procedure., considereda number of high quality submissions, with Wayra being theeventual winner.

Q, WHO IS WAYRA?

A, Wayra UK is part of Telefónica Open Future, the open programme that integrates the different initiatives of the whole Telefónica Group related to entrepreneurship and innovation.

Q, AFTER THE PROGRAMME, WILL THE COMPANIES BE INVITED TO WORK WITH NCSC?

A, NCSC does not comment on its relationship with any of its suppliers. All of the companies who participate in the accelerator programme have access to NCSC’s and GCHQ’s technical expertise to support them in developing their products, solutions and businesses.

Q, WHAT DOES THE WAYRA PROGRAMME OFFER?

A, Wayra UK gives selected start-ups direct funding, acceleration and pre-acceleration services (such as co-working space, connectivity services, mentoring, access to Wayra UK’s network and knowhow, training in entrepreneurship and business skills).

Since its launch in 2012, WAYRA UK has supported over 160 start-ups, which have gone on to raise close to $150M in third-party investment.

‍

Q, WHAT HAPPENS WHEN THE PROGRAMME ENDS?

A, By connecting companies with the wider ecosystem during the programme, they are better positioned to secure contracts and investment and become self-sustaining or, where appropriate, to submit a strong application for other leading UK Accelerators.

By agreement, companies can also continue to use the NCSC Cyber Accelerator brand in their corporate communications even after the programme has finished.

Wayra UK has an active Alumni community, who return regularly to provide updates and take advantage of the networking opportunities available at many of Wayra’s events. Alumni can also utilise the academy in Central London to run their own events and hold meetings. Wayra are in the process of developing an alumni network for the NCSC Accelerator programme specifically.

Q, WHAT FACILITIES ARE MADE AVAILABLE WITHIN THE ACCELERATOR FACILITY?

A, The companies are given desk space in a high-specification dedicated accelerator facility, with internet access, meeting rooms, event space and kitchen.

Q, ARE THE COMPANIES EFFECTIVELY WORKING FOR NCSC/GCHQ?

A, No. Those companies entering the accelerator will be developing products and solutions for wider commercial distribution.

Q, ARE THERE ANY RESTRICTIONS ON THE TYPE OF COMPANIES WHO CAN APPLY?

A, The accelerator is for companies who are registered as a UK company, with an active presence in the UK.

Given the access that the programme provides, companies and their staff should be prepared to undergo Government security checks as required.

Q, ARE THE COMPANIES REQUIRED TO LICENCE OR TRANSFER ANY OF THEIR INTELLECTUAL PROPERTY TO NCSC OR WAYRA?

A, No. By participating in the programme the companies are not required to give away any rights to their IP whatsoever.

‍

Q, WILL NCSC / WAYRA TAKE ANY EQUITY IN THE COMPANIES?

A, Neither NCSC, GCHQ or DCMS will be taking equity in any of the companies.

Wayra and other companies supporting the start-ups are welcome to invest if they wish and the companies agree to this, but this is not a requirement for entry to the programme.

‍

Q, WHAT FUNDING DO COMPANIES RECEIVE THROUGH THE PROGRAMME?

A, The companies will receive financial support of £25,000. This “travel stipend” is provided to ensure that cost doesn’t prohibit a company basing at least one founder in Cheltenham throughout the programme.

Q, HOW LONG IS THE PROGRAMME?

A, The programme runs for 9 months.

Q, HOW ARE THE COMPANIES CHOSEN?

A, Companies are invited to apply through an open competition. The start-ups will be chosen by an expert panel of NCSC, GCHQ, Wayra and Telefónica staff, alongside a panel of investors.

Q, WHY IS NCSC RUNNING AN ACCELERATOR?

A, The accelerator is a key component of one of two cyber innovation centres announced by the Government in 2015. These centres are intended to support the growth and development of the next generation of cyber security companies, growing capacity and capability nationally, supporting NCSC’s core activity as well as contributing to Government ambitions to promote prosperity.

NCSC Cyber Accelerator

What is the NCSC Cyber Accelerator?