Technology Assurance Principles Documentation

Home>Industry, Government, Media>Resources>Technology Assurance Principles Documentation

In late 2021, the UK’s National Cyber Security Centre (NCSC) published a White Paper outlining a new approach to technology assurance and plans for its implementation. This approach partly arose following the publication of the 2021 Integrated Review of Security, Defence, Development and Foreign Policy which emphasized the need for “cutting edge cyber capability” and outlined the UK’s ambition to become a “science and technology superpower” by 2030. NCSC acknowledged that the technology assurance systems in place at the time fell short of enabling this ambition and so a new approach to the assurance of cyber security technologies had to be implemented. For this to happen, a paradigm shift was necessary.

The new approach introduced by NCSC focused on demonstrable outcomes that reduce the risk of systemic cyber security failures. This was termed Principles Based Assurance (PBA) and comprises three main pillars: development (“an assessment of the security of the vendor and where appropriate this would include the security of the development environment”); design & functionality (“an assessment of the resilience of the product to cyber attack and the efficacy of any security functionality”); and through-life (“an assessment of how well the security of the product or service will be maintained during its operational lifetime”). It is important to note that these technology assurance principles are not meant to apply to security products alone, but rather to all inter-connected technologies whose potential compromise could have a significant security impact.

Quantum Communications Hub investigators Christopher Chunnilall and Tim Spiller have considered the application of these principles in the context of quantum communications technologies, and have produced annotated versions of the NCSC documentation with added commentary on quantum implications where necessary. This commentary can be accessed through the downloadable documents below, which reproduce the NCSC PBA principles verbatim, with the quantum-specific text clearly marked as distinct using text boxes. It is recommended that interested users read the following documents in the order listed below:


·         Introduction_Quantum Assurance

·         Principles Based Assurance_QComms Sector

·         Principles_Product Development_QComms Sector

·         Principles_Product design and functionality_QComms Sector

·         Principles through life_QComms Sector