The organisation’s third annual report shows how much has been done to secure Britain’s digital networks—and how much is left to doby Sneha Dawda / October 23, 2019 / Leave a comment
The UK’s National Cyber Security Centre (NCSC) has published its third annual report, showcasing its efforts to build a safer digital Britain. Despite roots in GCHQ, the NCSC’s commitment to transparency is clear and significant. Cybersecurity is often spoken and written about in an inaccessible way. From obscure technical language to secretive capabilities, all too frequently the topic is confined to the few in the field who already have deep knowledge. Instead, the NCSC’s non-technical annual report engages with the public. One aim is to help wider society understand cybersecurity initiatives such as “Secure by Design” or “Active Cyber Defence.” The NCSC also provides guidance on good everyday cyber hygiene in a simple and digestible format.
The next UK Cyber Security Strategy will require this sustained transparency, clear communication, and commitment from the NCSC to maintain a high level of engagement with the public. But how does the organisation build on the work it has already done? What areas of cybersecurity should it focus on in future? Where does it need to be even more transparent?
Cybersecurity is a Tier 1 threat and will remain so, as a result of the widespread and enduring impact that cyberattacks have—not just on individual citizens but also businesses and critical national infrastructure. An important focus for the NCSC is increasingly sophisticated state and non-state actors. On 21st October, the Russia-based Turla Group was exposed as piggybacking on Iranian hacking group OilRig. Turla mimicked the Iranians’ cyberattack methods, accessed their infrastructure and used their unique tools to target its own victims. Previously, the Turla Group was attributed to the Russian intelligence agency the FSB. Paul Chichester, Director of Operations at the NCSC, said that the operation was at a level of sophistication that has never been seen before.
State actors such as Russia, China, North Korea and Iran have become bolder in their approach, launching complex attacks on hard-to-reach targets. In its report, the NCSC outlined its work in attributing such attacks to nation states. Working with the Foreign and Commonwealth Office, it has developed a robust framework for information sharing internationally, to ensure partners work together in “calling out” adversaries. The impact of public attribution in deterring adversaries remains to be seen. There are some claims that the US in particular…