Defence Online

The NCSC has released the 2019 cybersecurity Annual Review

Homeland November 1, 2019

The NCSC (National Cyber Security Centre) has released its Annual Review into cybersecurity. The document details progress made in 2018 and 2018, the challenges remaining, and examines the threats faced by Britain. The review includes extensive statistics and data compiled over the year. It begins with a timeline of the NCSC’s activity over the course of a year. This includes events, details of reports released by the NCSC, guidance delivered to organisations and the general public, and goals reached over the year. The NCSC lists a number of achievements, such as reducing Britain’s share of global phishing from 3.33% in 2018 to 2.07%. HMRC is one the biggest target for phishing, and Active Cyber Defence (ACD) strategies have reduced their ranking to 126th in the world from 16th. They also report an increase in local authorities using their web check service. The review covers;

• Cyber Security for individuals and families.
• Targeting the biggest risks.
• Countering the adversary.
• International cooperation.
• Securing the digital homeland.
• Cyber capability for the future.
• Celebrating 100 years of GCHQ’s cyber mission.

The NCSC divides ‘cyber security for individuals and families’ into four interventions needed to secure data; reducing the burden, making it easier, equipping the nation, and raising awareness. The NCSC advocates creating tech that is ‘secure by design’ and making security accessible. An NCSC survey found that two-thirds of people know ‘a great deal/fair amount’ about how to use the internet safely and 70% believe they will be a victim of cybercrime within the next two years. The report includes a list of the most hacked passwords including names, numbers, musicians, football teams, and fictional characters. The review explains how the NCSC fights cybercrime in everyday online interactions. These include the Haulster operation, which provides automated protection for credit cards as well as a service flagging potential attacks. The NCSC has also conducted successful trials preventing attacks on online shopping. They have tested 19 mobile networks for security and improved responses to Borger Gateway Protocol (BGP) misuse. The report explains the Active Cyber Defence (ACD) programme. ACD includes Web Check, highlighting potential weaknesses to website owners, Protective DNS, which blocks the public sector from accessing dangerous sites, a takedown service, which notifies owners of dangerous sites to remove them from the internet, and Mail Check, which prevents phishing on public sector emails. The report also examines cyber attacks on the NHS. Following the 2017 WannaCry attack on the NHS, the NCSC has been working with NHS Digital to procure a new perimeter security solution. NCSC experts examined bids for the position against security standards.

The report looks at how the NCSC protects crucial infrastructure. This includes protecting ATMs, online banking, energy providers air passengers’ data, and smart cities. The report includes the NCSC’s work with the MOD to maintain defence cybersecurity. The Continuous at Sea Deterrent (CASD) is supported through threat and incident reporting. The NCSC also provides advice on cybersecurity risk and policy and identifies supply chain vulnerabilities. They also supported the F-35B entering service through the UK’s Freedom of Action. The Joint Crypt Key Programme (JCKP) researches high-end cryptography to protect intelligence and communications. Telemetrics, which involves sending information collected about an object somewhere else electronically, are being worked on by the NCSC and MOD to improve security. Other projects include the Wassenaar agreement, which updates crypt definitions and removes the need for export licences on IoT devices, and the Sovereign Enabling Framework (SEF), which unites the JCKP and Initiate. The top five sectors that receive NCSC Incident Management support are; government, academia, information technology, and managed service providers, with transport and health in joint fifth. The NCSC runs threat operations, Incident Management (IM), and assessments which make up their strategy to reduce cyberattacks. The NCSC works with national and international partners to counter large threats. This year has seen the launch of the Cyber Defence Ecosystem (CDE) which aims to create an international system to explore threat analysis and release information about potential threats to ensure a fast and comprehensive response.

The NCSC has created the Indicator of Compromise (IOC) machine in order to change how declassified information is released into the public domain. The IOC went live this year. It checks information automatically to see if it can be released in a process that used to be time-consuming and complicated. Indicators of compromise can include signatures of malware or IP addresses used by an attacker or recurring methods and patterns. The time needed to assess potential threats has been dramatically reduced and information can be communicated with government organisations much more easily. Over the last year, the NCSC has welcomed delegates from 56 countries to improve international cooperation on cybersecurity. NCSC representatives have attended international events and explored collaboration with Canada, the US, Europe, and Japan among others. The report includes details of some of the events held and attended by the NCSC since last year. These events include CyberUK 2019, the Cyber Defence Conference, and the Billington Cyber Security Summit in Washington DC. Another focus of the report is how citizens can contribute to national cybersecurity. The public enquiries service has dealt with 11,000 questions over the course of a year from members of the public and has expanded the NCSC’s online resources on cybersecurity. Social media awareness has grown, NCSC posts have been liked and shared thousands of times and their twitter following has increased to 50,000. They have also provided the public with information on the security of social media platforms including Whatsapp.

The NCSC supports organisations and businesses with the aim of improving their cybersecurity procedures. Their Small Business Guide helps SMEs plan for attacks and get their systems back online as quickly as possible. The scheme is available to organisations of all sizes across Britain. They can receive a certification from the NCSC recognising their policy if they demonstrate a minimum level of cybersecurity competence. The NCSC also provides online tools for businesses and public sector organisations to test their resilience to attacks. The report features tips for organisations and information on charities and services to improve cybersecurity. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative which creates an exchange to share threat information and reduce possible harm. It allows members to communicate with government and industry and share any potential threats. The report looks at the NCSC’s future plans for cybersecurity. A large area of focus is apprenticeships and training, starting at school. The CyberFirst scheme offers bursaries to young people from different backgrounds to develop their talents for cybersecurity. The NCSC has seen a 181% increase in industry partners supporting the scheme since 2017. They are continuing to support research partners to advance areas such as protecting critical infrastructure and cybersecurity among the general public. The NCSC has recognised 19 universities as Academic Centres of Excellence in Cybersecurity Research. They helped create the Colloquium for Information Systems Security Education (CISSE) which brings together industry, academia, and government to support programmes for education and training.

Manging Partner at Marlin Hawk, John-Claude Hesketh, said: “While the NCSC’s report does a great job of informing us about how it protects UK citizens and SMEs, information for larger organisations feels lacking. Most noticeable is that we still don’t seem to have a recognised professional body that accredits CISOs and other senior cyber security professionals, despite the NCSC saying last year that they were working on it. This makes hiring a tough task for boards, who may all have their own opinions on what a good cyber hire looks like.”

“Relative to other business risks, cybersecurity is still an emerging threat. Due to its dynamic nature, boards often appoint CISOs for the here and now; focusing on somebody who can get the job done in the current climate, rather than looking for somebody with a more strategic, long-term vision. Whenever this cyber body appears, it must educate boards on the benefits of a strategic CISO, rather than somebody who’s job is solely reactive.

“With the private sector – including the growing cyber startup scene – continually innovating, the NCSC should look to collaborate with these businesses in order to ensure they are offering best-in-class training to cyber professionals, while setting a high bar for cyber security accreditation.”

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

cyber security Defence digital NCSC review supply chain Universities

Post written by: Ciara Houghton