Five Eyes issues five tips on thwarting nation state threats

Intelligence agencies from across the anglophone Five Eyes alliance have come together to outline guidance on how organisations at risk of cyber intrusions conducted by nation state threat actors can protect themselves.

Sharing a public stage for the first time today at the Hoover Institution at Stanford University, the heads of Australia’s Security Intelligence Organisation (ASIO), Canada’s Security Intelligence Service (CSIS), New Zealand’s Security Intelligence Service (NZSIS), the US’s Federal Federal Bureau of Investigations (FBI) and the UK’s MI5 outlined five principles they would like businesses to try to adopt to help keep themselves secure.

The speakers warned that hostile states continue to seek to steal intellectual property to fast track their own technological and military capabilities, and undermine the competitive advantages that many western organisations enjoy.

The Five Principles to Secure Innovation collectively advise organisations to get to know the risks and threat environments they face, and then take consecutive steps to secure their business IT systems, their products, their partnerships with third parties, and their future growth.

“Across all five of our countries we are seeing a sharp rise in aggressive attempts by other states to steal competitive advantage,” said MI5 director general Ken McCallum, who has previously been outspoken about these challenges, particularly as they relate to China.

“This contest is particularly acute on emerging technologies; states which lead the way in areas like artificial intelligence, quantum computing and synthetic biology will have the power to shape all our futures.

“We all need to be aware, and respond, before it’s too late,” he said. “So, today we’ve jointly bolstered security across our five nations by offering practical steps organisations can take to keep themselves safe. At the same time, in the UK, we are launching NPSA’s Secure Innovation guidance.”

This will be the first campaign run by the NPSA, which was set up in March 2023 and is overseen jointly by MI5 and the National Cyber Security Centre (NCSC).

It comprises new and updated guidance on secure innovation, outlining practical steps both startups and spin-outs can take to improve their protections against nation state threats, as well as those from more ordinary cyber criminal gangs, and even competitors in some circumstances. It covers areas such as managing risk and security around investments, supply chains, travel and IT networks.

The guidance – which is to be promoted across the UK through a new publicity campaign – also includes a free Quick Start Guide to help those who may lack sufficient security expertise take the first steps along the road to protecting their ideas and innovations.

“The UK has one of the best environments for startups working in the field of emerging technology, but we know this can make companies a target for malicious actors,” said NCSC CEO Lindy Cameron.

“It is vital organisations take state and criminal threats seriously and ensure they are effectively managing the risks, including those emanating from cyber space.

“That’s why, working jointly with the NPSA, we have strengthened our Secure Innovation guidance, which will help organisations implement cost-effective measures to stay resilient online,” she said.