lolloj - Fotolia
Speaking at the Billington Cyber Security Summit in the US on 13 September 2016, National Cyber Security Centre (NCSC) CEO Ciaran Martin said too many “basic” cyber attacks are getting through, as he laid out plans to scale up British security defences.
Martin said NCSC and GCHQ are working to use a series of automated measures “aimed at making UK government networks the most secure in the world”.
One of the biggest projects currently ongoing is its flagship programme on scaling up DNS filtering, which aims to block bad websites.
“What better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?” said Martin.
However, he added that these “economy-wide initiatives” have to be led by the private sector.
“The government does not own or operate the internet. Consumers must have a choice. Any DNS filtering would have to be based on an opt out basis. Addressing privacy concerns and citizen choice is hardwired into our programme,” he said.
Unsophisticated cyber attacks
The NCSC, which was first announced by then-chancellor George Osborne in November 2015, is still in its infancy and will officially open in October 2016.
Its aim is to host a cyber force ready to handle cyber incidents and respond faster and more effectively to attacks. It will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact.
Martin said the majority of cyber attacks “aren’t terribly sophisticated”, but that too many of “these basics attacks are getting through and they’re doing far too much damage”.
“There’s a legitimate role for the government in taking a lead, at least temporarily, and that is the thinking behind our strategy,” said Martin.
“Tackling low-grade, high-volume cyber attacks is a vital part of this three-pronged approach that our government agreed to in 2015 as part of its post-election strategic defence and security review.”
The review, which was published November 2015, aimed to ensure the UK was taking advantage of pioneering technologies to tackle cyber threats. The spending review pledged a £1.9bn investment in cyber security over the next five years.
Read more about cyber security
- A majority of businesses do not comprehend the methods and motivations of cyber attackers or fully understand the scale of the threat, a BT-KPMG report reveals.
- More than half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime, says a PwC report.
- Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.
Martin said NCSC is already piloting ways of tackling commodity attacks, “sending automated takedown requests to hosters, registrars and others”.
“We’re starting to see real, measurable results. Looking at phishing attacks against UK government brands, the median time the phishing site is up has dropped from 49 hours to 5 hours,” he said.
“If we’re right, this will mean it’s much much more difficult for UK machines to participate in a DDOS [distributed denial-of-service] attack. If we’re right, then everyone else can do it,” Martin said.