Laurent -

NCSC to scale up intelligence sharing, says GCHQ director

The GCHQ director has outlined the agency’s cyber security mission in the third decade of the internet age at CyberUK, promising to scale up the sharing of declassified cyber intelligence with industry

The technological revolution is providing extraordinary opportunity, innovation and progress, but also exposing society to increasing complexity, uncertainty and risk, said GCHQ director Jeremy Fleming.

It also “brings new and unprecedented challenges for policymakers as we seek to protect our citizens, judicial systems, businesses – and even societal norms”, he told CyberUK 2019 conference in Glasgow 

In light of this, Fleming said there is a need for new policies and new ways of thinking to complement existing approaches to dealing with these threats.

“From online crime to terrorist propaganda, and to the impact that exposure to technology has on children, liberal democracies are all trying to find the right policies,” he said, citing the government’s recently published Online Harms whitepaper example of how the UK is responding.

“It contains new thinking about where the statutory duty of care for the safety of users should lie. It places specific requirements on firms to make sure their content complies with the law relating to counter-terrorism and child abuse.

“And, to give the regulations teeth, it raises the potential for enforcement action – ranging from warning notices to fines. Bringing new ways of thinking is something we’ve tried to do in the field of cyber security too,” he added.

Getting cyber security right is critical for the UK’s future, said Flemming, adding that while a good start has been made, the next stage is even more critical.

“It’ll need a national effort if it’s to succeed,” he said, noting that the first priority is to make the strategy more citizen facing and more citizen relevant.

Referring to the recent results of the UK Cyber Security survey which found that only 15% of people said they knew how to protect themselves online, Fleming said GCHQ’s National Cyber Security Agency (NCSC) plans to do more to more to take the burden of cyber security away from the individual. 

This includes continuing to work closely with device manufacturers and online platform providers to build security into their products and services at the design stage, working with internet service providers (ISPs) to enhance the security of internet-connected devices in the home, and sharing intelligence with banks to enable them to alert customers to threats in close to real time.

The NCSC, he said, will also seek to expand the cyber security ecosystem by using “its unique insights into the structural vulnerabilities of the internet in partnership with business to detect, disrupt and fix malicious online behaviour”, he said, citing as an example the success of the Active Cyber Defence (ACD) programme which uses automation to block attacks at scale to make the internet safer for people to use.

Fleming said the ACD programme has had a significant impact, noting that in March 2017, the UK hosted share of global phishing dropped below 2% for the first time, down from 5.4% in 2016 when the programme began.

He also noted the success gained from working in partnership with others by saying how “HMRC is an excellent case study of a department leading the way in protecting its customers”.

“In 2016, HMRC was the 16th most phished brand globally, accounting for 1.25% of all phishing emails sent,” he said. “Today it is ranked 146th and accounts for less than 0.1% of all phishing emails.”

Read more about cyber security

The ACD programme’s protective DNS system for the public sector, he said, blocked access 57.4 million times with malware such as Conficker, which is malware from 2008 that is still running in public sector networks. 

Fleming called on businesses in all sectors to work with GCHQ to find new ways of incorporating these automated services. “If enough do, the results could be truly transformational – a whole-of-nation, automated cyber defence system,” he added.

Improving the cyber security of the UK, said Fleming, is achievable “only if we build a genuinely national effort – with more connections and deeper cooperation with the private sector and even closer working with our partners and allies”.

For this to work, he said, intelligence must flow both ways. To this end, he said the NCSC is sharing real-time cyber security information with industry. “We have made it simple for our analysts to share time-critical, secret information in a matter of seconds. With just one click, this information can be shared and action taken. 

“In the coming year, we will continue to scale this capability so – whether it’s indicators of a nation state cyber actor, details of malware used by cyber criminals or credit cards being sold on the dark web – we will declassify this information and get it back to those who can act on it,”  he said.

In closing, Fleming emphasised the need for continued and increasing collaboration between government, academia, industry partners in the UK and abroad. “To make this a success, our strongest defence and most powerful weapon will be our ingenuity; our ability to imagine what has yet to be imagined; and to see further into the future than anyone else. 

“Our vision for the next stage of the UK’s cyber security strategy aims to do just that. The prize is great – a world-leading cyber security approach and, as a consequence, a safer, more successful UK. I’m confident we will succeed. Because with the right mix of minds, inside and outside government, we know that anything is possible.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management