maxkabakov - Fotolia

UK National Cyber Security Centre looks to future in annual review

While there is still much work to be done, the NCSC’s first annual report says it has prevented thousands of cyber attacks since its inception

The National Cyber Security Centre (NCSC) received 1,131 incident reports, with 590 classed as “significant”, according to the agency’s first annual review.

Those “significant attacks” ranged from attacks on key national institutions such as the National Health Service (NHS) and the UK and Scottish Parliaments, through to attacks on large and small businesses and other organisations, said Ciaran Martin, chief executive of the NCSC.

But, he said, so much of the NCSC’s work aims to make successful attacks less likely, and to that end the NCSC has so far produced more than 200,000 protective items for military communications; supported the Cabinet Office in developing more secure communications for key government organisations; and supported the Home Office in ensuring the security of new mobile communications for emergency services.

While operational since October 2016, the NCSC’s new London headquarters were opened by HM The Queen and HRH The Duke of Edinburgh in February 2017.

The NCSC, part of GCHQ, brought together elements of its parent organisation with previously separate parts of government and intelligence to create a single, one stop shop for UK cyber security, with the aim of making the UK the safest place to live and work online.

A crucial part of the NCSC’s role, said Martin, is to help everyone in the UK operate more securely online. “Through a pioneering partnership with the private sector, tens of millions of suspicious communications in the UK are being blocked every month,” he said.

Martin highlighted the fact that the NCSC’s Active Cyber Defence programme has developed capabilities, which have seen the average lifetime for a phishing site hosted in the UK reduce from 27 hours to less than an hour.

He added that the NCSC’s information-sharing platform with industry, the Cyber Security Information Sharing Partnership (CiSP), grew 43% over the year.

“We are forging new partnerships in key industries like retail. And we are helping nurture the next generation of skilled professionals we need,” he said, with 1,000 young people taking advantage the NCSC’s free CyberFirst courses.

The NCSC’s CyberFirst Girls competition saw 8,000 13-15 year olds take part. “This is an initiative we hope will play a role in the long term in addressing the damaging under-representation of females in the cyber industry,” said Martin.

However, he said the NSCS still has much to do in the years ahead to “counter this strategic threat to our values, prosperity and way of life” in collaboration with GCHQ and the UK intelligence community, law enforcement, wider government, industry and the rest of the world.

In the past year, the NCSC has worked with more than 50 countries across five continents, including signing Nato’s ground-breaking cyber Memorandum of Understanding, according to the review.

Martin said cyber security is crucial to the UK’s national security and prosperity. “We’re incredibly proud of what we have achieved in our first year, bringing together some of the best cyber security brains in the country in a single place.

“But the threat remains very real and growing – further attacks will happen and there is much more for us to do. We look forward to working with our partners at home and abroad in the year ahead in pursuit of that vital goal,” he said.

Active Cyber Defence programme reduces web injections

According to the review, tens of millions of cyber attacks are being blocked every week by industry partners implementing NCSC’s Active Cyber Defence programme

The programme currently includes the NCSC’s protected domain name server (DNS) service built by Nominet to block bad stuff from being accessed from government systems; the use and support of the domain-based message authentication, reporting and conformance protocol (Dmarc) to block bad emails pretending to be from government; and a phishing and malware countermeasures service to protect the UK, including government brands.

Talking about the effectiveness of the programme at the 2017 Wired Security Conference in London, NCSC technical director Ian Levy said web injection hosted in the UK – which used to last about a month – is now being taken down in a couple of days, while UK government phishing hosted anywhere in the world used to last two days, but is now being taken down within six hours.

Similarly, while the number of IP-addresses associated with phishing around the world is up 47% this year, Levy said the UK share of those has gone down from 5.1% to 3.3%.

“One year’s data is not sufficient to say we are causing that, but it is an interesting side statistic, and over the next year [as the NCSC gathers more data] we hope to work out if it is becoming harder for cyber criminals to operate in,” he said. “If the answer is yes, we will look to take what we are doing and scale it by encouraging other countries to do the same.”

Cyber plays bigger role in UK security

Jeremy Fleming, director of GCHQ, said that in an increasingly digital world, cyber is playing a more important part in people’s daily lives and in the UK’s approach to security.

“The threats to the UK are evolving rapidly as technology advances. Our response has been to transform to stay ahead of them,” he said.

“The NCSC is a pivotal part of that transformation. It is a critical component not only of GCHQ, where it benefits from the data and expertise it has access to as part of the intelligence community, but of how the government as a whole works to keep the UK safe.”

Fleming said the NCSC has brought together “unparalleled” skills, capabilities and partnerships. “In its first year [the NCSC] has made enormous strides in increasing and improving our cyber capabilities. It is in the front line in protecting the UK against a growing number of cyber attacks,” he said.

The NCSC led the UK response to the global WannaCry incident, which affected 47 NHS trusts, and providing vital assistance and reassurance to those affected, the review said.

In responding to WannaCry, the NCSC worked with NHS England’s emergency response teams, the Department for Health, NHS Digital, and NHS Improvement to coordinate actions.

“The NCSC reacted quickly to offer victim support and advice on the day of the attack, updating our ransomware guidance,” the review said.

NCSC experts were deployed to Barts Hospital Trust to provide bespoke advice. “We continue to work and support government departments in identifying vulnerabilities and mapping out what data matters and should be baked up,” the review said.

Other NCSC achievements in the past year highlighted by the review include:

  • Creating a website to provide easy-to-understand advice and information to the public. The site received 100,000 visitors in a single month and issued 2,000 tweets over the year.
  • Hosting 2,300 delegates and 173 speakers at a three-day CyberUK conference in Liverpool, to share insights and build understanding of cyber security
  • Creating the pioneering Industry 100 initiative to work with or embed 100 industry professionals in the NCSC to provide challenge and innovation.

Read more about the NCSC

Read more on Hackers and cybercrime prevention