Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

National Cyber Security Centre

UK businesses looking for more cybercrime support from government

960 640 Stuart O'Brien

Research has revealed that UK businesses are looking to the Government for greater support to safeguard them from the ongoing threat of cybercrime.

According to RedSeal, nearly three-quarters (68%) of IT bosses polled for the survey said that their business had suffered at least one attack in the past 12 months, while almost a third (31%) said that the Government didn’t offer enough support or guidance on best cybersecurity practices.  

Other statistics included 19% of businesses polled admitting to not having a plan in place to deal with a cyberattack, along with 65% of IT teams  suggesting that senior management needed to take more notice to cybersecurity in 2019.

“We commissioned this research to explore how prepared businesses are to continue operating during an attack,” said Ray Rothrock, CEO of RedSeal.  “The number of high profile breaches has meant that 2018 has become the year where businesses are left wondering what more they can do to protect themselves, how to remain resilient, to keep operating and minimise customer damage.

“Our research highlights the fact that that senior IT bosses want the UK government direct more attention, money and resource to supporting their businesses in the face of cyberattacks.”

The research follows recent revelations from the National Cyber Security Centre which found that only 30% of UK businesses have a board member with responsibility for cybersecurity and only 10% require their suppliers to adhere to any cyber standards.

UK Government cyber security efforts ‘lack clear political leadership’

960 640 Stuart O'Brien

The cyber threat to the UK’s critical national infrastructure (CNI) is as credible, potentially devastating and immediate as any other threat faced by the UK, according to the Joint Committee on the National Security Strategy.

The Committee’s latest report says the Government is not acting with the urgency and forcefulness that the situation demands, with the UK’s CNI a natural target for a major cyber attack because of its importance to daily life and the economy.

The Report on Cyber Security of the UK’s Critical National Infrastructure says that as some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing.

In fact, the head of the National Cyber Security Centre has said that a major cyber attack on the United Kingdom is a matter of ‘when, not if’.

The state-sponsored 2017 WannaCry attack greatly affected the NHS even though it was not itself a target and demonstrated the potential significant consequences of attacks on UK infrastructure.

Ministers have acknowledged that more must be done to improve the cyber resilience of CNI and the Government has taken some important steps in the two years since the National Cyber Security Strategy was published.

It set up the National Cyber Security Centre as a national technical authority, but the Joint Committee says its current capacity is being outstripped by demand for its services.

The Joint Committee added that while a tightened regulatory regime, required by an EU Directive that applies to all member states, has been brought into force for some, but not all, CNI sectors, it will not be enough to achieve the required leap forward across the thirteen CNI sectors (including energy, health services, transport and water).

Chair of the Committee, Margaret Beckett MP, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat.

“It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.

“There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.

“My Committee recently reported on the importance of also building the cyber security skills base.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

NCSC deals with 1,100 cyber attacks in first two years

960 640 Stuart O'Brien

The National Cyber Security Centre (NCSC) has defended the UK from an average of more than 10 attacks per week in the two years since it was set up.

The NCSC, a part of GCHQ, has published its second Annual Review, which highlights the sustained threat from hostile state actors and cyber criminals.

Since it became fully operational in 2016, the NCSC’s cyber security front line has helped to support with 1,167 cyber incidents – including 557 in the last 12 months. The report reveals the majority of attacks against the UK are carried out by hostile nation states.

The Annual Review gives detail about the tactics used by the NCSC’s Incident Management team, who work behind the scenes to co-ordinate defences to support UK victims when attacks do get through.

For the first time, the NCSC is giving a glimpse into the work against the ongoing cyber threat in a podcast, “Behind the scenes of an incident”, which features interviews with a range of staff who defend the UK from cyber attacks.

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: As the minister with responsibility for overseeing the implementation of the National Cyber Security Strategy, I am proud of what NCSC has achieved in just two years of operations.

“Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.

“NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half.”

The NCSC takes a proactive approach to securing the UK’s online defences. The Active Cyber Defence (ACD) initiative aims to protect the UK from high-volume commodity attacks that affect people’s everyday lives.

Since its launch, ACD has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3% to 2.4%. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK.

Ciaran Martin, Chief Executive of the National Cyber Security Centre said: “I’m extremely proud that the NCSC is strengthening the UK’s defences against those who seek to harm us online.

“We are calling out unacceptable behaviour by hostile states and giving our businesses the specific information they need to defend themselves. We are improving our critical systems. We are helping to make using the Internet automatically safer.

“As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age.”

Earlier this year, the government’s flagship cyber security conference, CYBERUK, was held in Manchester and attracted 2,500 delegates.

Following the success of CYBERUK 2018, the NCSC will widen its geographical footprint in year three as Scotland will, for the first time, host the 2019 event. Government and industry professionals will gather in Glasgow, one of the first UK cities to get 5G internet, on 24 and 25 April to share cyber security best practice in the face of complex problems and threats.

Director GCHQ, Jeremy Fleming said: “In just two years, the NCSC has become a world leading organisation. I’d like to thank everyone at the NCSC for the outstanding work they do every day.

“Whether that’s thwarting the growing cyber threat from hostile nation states, providing excellent incident management services to large and small businesses, or pushing the boundaries of research and innovation, the NCSC operates on the front line of efforts to keep us all safe online.”

The Annual Review 2018 can be reached here and you can also listen to the NCSC’s first podcast – behind the scenes of an incident.

NCSC outlines case against Russian military hackers

960 640 Stuart O'Brien
The National Cyber Security Centre (NCSC) says it has identified that ‘a number of cyber actors’ widely known to have been conducting cyber attacks around the world are, in fact, the GRU – the Russian military intelligence service.

It says the attacks have been conducted ‘in flagrant violation of international law’, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

The statement came as part of a joint message coordinated with the likes of the US and France.

Specifically, the NCSC says cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.

It says the campaign by the GRU shows that it is working in secret to undermine international law and international institutions.

The Foreign Secretary, Jeremy Hunt said: “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.  This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

The statement from the NCSC used the strongest language possible, saying: “Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.”

The body says the GRU are associated with the following names:

  • T 28
  • Fancy Bear
  • Sofacy
  • Pawnstorm
  • Sednit
  • CyberCaliphate
  • Cyber Berkut
  • Voodoo Bear
  • BlackEnergy Actors
  • STRONTIUM
  • Tsar Team
  • Sandworm

UK universities recognised for excellence in cyber security research

960 640 Stuart O'Brien

Three UK universities have been recognised as Academic Centres of Excellence in Cyber Security Research (ACE-CSR).

The National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council (ESPRC) have identified the University of Kent, King’s College London, and Cardiff University as having first-rate research with scale and impact.

The universities will now join 14 other institutions in a scheme forming part of the Government’s National Cyber Security Strategy, which is making the UK the safest place to be online and helping to support the country’s thriving digital economy.

The universities will now have the opportunity to bid for funding to develop cutting-edge research in cyber security, including at Doctoral level, as well as attend annual conferences and workshops.

The scheme aims to create a better understanding of the strength of the UK’s academic capability in cyber security and identify areas where there are research opportunities or technical gaps. It makes collaboration between academia, business and government easier, and helps make sure cutting-edge research is turned into practical products and services. This includes developing tools to tackle mass marketing fraud online and better understand cyber criminals.

Minister for Digital Margot James said: “These universities are doing fantastic research in cyber security and they are rightly being recognised for their pioneering work. We have some of the best minds in the world working in the field and thanks to this scheme they can now help shape our National Cyber Security Strategy and develop the talent and services of tomorrow.”

Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, said: “The UK has world-class universities carrying out cutting edge research into all areas of cyber security. It’s fantastic to see three more universities recognised as Academic Centres of Excellence and I’m especially pleased that we now have centres in all home nations. The NCSC looks forward to collaborating with these institutions to make the UK the safest place to live and work online.”

Professor Pete Burnap, Professor of Data Science & Cybersecurity, and Director of the Airbus Centre of Excellence in Cybersecurity Analytics at Cardiff University said: “We are delighted to receive this recognition as it evidences our long track-record of research excellence in cyber security. Our core identity is the interdisciplinary fusion of artificial intelligence and cybersecurity, a concept we call Cyber Security Analytics. AI is at the heart of the UK government’s industrial strategy and our aim is to innovate with AI to improve automated cyber threat intelligence and support decision making and policy responses to make the UK more secure for individuals, business and the government. We are proud to be the first Welsh university to be recognised by NCSC for our cyber research capability, and we hope to build on the impressive expertise that already exists across the region between academia, government and business.”

Dr Jose M. Such, Director of the Centre, and Senior Lecturer in the Department of Informatics at King’s College London said: “We are thrilled to be recognised for the high-quality socio-technical cyber security research we conduct at King’s College London. This recognition acknowledges the critical and diverse mass of researchers working on this area at King’s from different but complementary angles and points of view. Our research focuses on three main research themes and their interrelationship: the use of AI for cyber security together with the cyber security of AI itself, the theoretical aspects of cyber security like verification and testing, and the socio-political and strategic aspects of cyber security.”

Shujun Li, Professor of Cyber Security and Director of the Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) at the University of Kent, said: “We are excited to be given the ACE-CSR status as an acknowledgement of the excellent research in cyber security at the University of Kent. Our research is truly interdisciplinary drawing on the expertise of colleagues from computer science and engineering as well as wider disciplines such as psychology, law, business and sociology. Our ambition is to have one of the largest and most productive cyber security research centres in the UK by 2022 as well as helping to grow the next-generation cyber security researchers.”

The ACE-CSR programme is supported by Government’s £1.9 billion National Cyber Security Strategy (NCSS) 2016-2021.

List of institutions that are recognised as Academic Centres of Excellence in Cyber Security Research are:

  • University of Birmingham
  • University of Bristol
  • University of Cambridge
  • Cardiff University
  • University of Edinburgh
  • University of Kent
  • Imperial College London
  • King’s College London
  • Lancaster University
  • Newcastle University
  • University of Oxford
  • Queen’s University Belfast
  • Royal Holloway, University of London
  • University of Southampton
  • University of Surrey
  • University of Warwick
    University College London

UK government introduces ‘Minimum Cybersecurity Standard’

960 640 Stuart O'Brien

The UK government has outlined the minimum cybersecurity standards that it expects for its own day-to-day operations in a new document developed in collaboration with the National Cyber Security Centre.

Over time, the measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of new Active Cyber Defence measures.

The new standard will be incorporated into the Government Functional Standard for Security, obliging government departments and suppliers to comply.

The Minimum Cybersecurity Standard was published last week – you can view/download it here.

The HMG Security Policy Framework (SPF) provides the mandatory protective security outcomes that all Departments are required to achieve. The document defines the minimum security measures that Departments shall implement with regards to protecting their information, technology and digital services to meet their SPF and National Cyber Security Strategy obligations.

The Standards comprise 10 sections, covering five categories: Identify, Protect, Detect, Respond and Recover, and also set expectations for governance, such as obliging government departments to create “clear lines of responsibility and accountability to named individuals for the security of sensitive information and key operational services”.

Other elements of the Standard include the requirement for departments to identify and catalogue sensitive information they hold, implement access controls, and also implement TLS encryption standards for email. In addition, departments will be required to have cyber-incident response plans, as well as cyber-attack detection measures.

NCSC warns of growing cyber security threat to UK business

960 640 Stuart O'Brien

Criminals are launching more online attacks on UK businesses than ever before, according to a new report published by the the National Cyber Security Centre (NCSC).

The NCSC, which is part of GCHQ, released the report to coincide with its flagship CYBERUK 2018 summit, which is taking place this week in Manchester.

The Cyber Threat to UK Business‘ was jointly authored by the NCSC and the National Crime Agency (NCA) in collaboration with industry partners, and details some of the biggest cyber attacks from the last year and notes that risks to UK businesses continue to grow.

Emerging threats are also highlighted, such as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.

The report acknowledges that a basic cyber security posture is no longer enough and most attacks will be defeated by organisations which prioritise cyber security and work closely with government and law enforcement.

Ciaran Martin, Chief Executive of the NCSC, said: “We are fortunate to be able to draw on the cyber crime fighting expertise of our law enforcement colleagues in the National Crime Agency.

“This joint report brings together the combined expertise of the NCA and the NCSC. The key to better cyber security is understanding the problem and taking practical steps to reduce risk.

“This report sets out to explain what terms like cryptojacking and ransomware really mean for businesses and citizens, and using case studies, shows what can happen when the right protections aren’t in place.”

The report also notes that firms are under increasing threat from ransomware, data breaches and supply chain weaknesses which it says can mean serious financial and reputational damage.

It sites real-life case studies from businesses damaged by cyber crime, including ransomware attacks that have affected companies ranging from multi-national firms to independent restaurants.

Furthermore, the report states that while law enforcement and government have successfully battled many cyber threats this year, under-reporting of cyber crime by businesses means crucial evidence and intelligence about cyber threats and offenders is being lost.

Donald Toon, director of the NCA’s Prosperity Command, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.

“By increasing collaboration between law enforcement, government and industry we will make sure the UK is a safe place to do business and hostile zone for cyber criminals.

“Full and early reporting of cyber crime to Action Fraud will be essential to our efforts.”

 

Queen’s Uni rolls out £5m research scheme to tackle cyber threats

960 640 Stuart O'Brien

Queen’s University in Belfast is set to improve the research into hardware security with the launch of a £5m cyber-security centre, tackling threats in smart technology in particular.

With the increase in smart technology in everyday appliances, such as kettles, cars and toys, the focus will be to keep hackers out of the public’s homes.

Funded by the Engineering and Physical Sciences research Council (EPSRC) and National Cyber Security Centre (NCSC), the Research Institute in Secure Hardware and Embedded Systems (RISE) at Queen’s will be a global centre for research in hardware security over the next five years, one of four cyber security institutes in the UK.

“We will also work closely with leading UK-based industry partners and stakeholders, transforming research findings into products, services and business opportunities, which will benefit the UK economy,” said RISE director Prof O’Neill.

NCSC first year anniversary of protecting the UK

960 640 Stuart O'Brien

A report published to mark the first year anniversary of the National Cyber Security Centre (NCSC) protecting the UK from cyber threats has revealed that within 12 months the organisation received 1,131 incidents, with 590 classed as ‘significant’.

Part of GCHQ, the NCSC focuses on cyber security for the UK. The incidents listed within the report outlined the work undertaken by the organisation to help improve security of online transactions throughout the country, along with providing support for the UK Armed Forces.

“Our response has been to transform to stay ahead of them,” said Jeremy Flemming, director of GCHQ.

“The NCSC is a pivotal part of that transformation. It is a critical component not only of GCHQ, where it benefits from the data and expertise it has access to as part of the intelligence community, but of how the government as a whole works to keep the UK safe,” Flemming added.

In its first year, the NCSC has been credited for a 43% increase in the Cyber Security Information Sharing Partnership (CISP), leading the UK response to the WannaCry virus, hosting the three-day Cyber UK Conference in Liverpool and enrolling over 1,000 youngsters on the CyberFirst courses.

UK Cyber Attacks

UK company bosses ‘not trained to deal with cyber attacks’

960 640 Stuart O'Brien

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68 per cent) despite more than half saying cyber threats were a top risk to their business (54 per cent).

One in ten FTSE 350 companies said they operate without a response plan for a cyber incident, while less than a third of boards receive comprehensive cyber risk information.

The Department for Digital, Culture, Media & Sport says the report highlights the scale of the cyber security and data protection challenge in the UK, with only six per cent of businesses completely prepared for new data protection rules.

However, there has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53 per cent up from 33 per cent) and more than half of businesses having a clear understanding of the impact of a cyber attack (57 per cent up from 49 per cent).

The Government says it is fully committed to defending against cyber threats and a five-year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9 billion of transformational investment. This includes opening the National Cyber Security Centre and offering free online advice as well as training schemes to help businesses protect themselves.

Minister for Digital Matt Hancock said: “We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.

“These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.”

The FTSE 350 Cyber Governance Health Check is carried out in collaboration with the audit community, including Deloitte, EY, KPMG and PWC.