Queen opens Centre to protect against Attacks

Uploaded on 2017-02-21 in FREE TO VIEW, INTELLIGENCE--Europe, NEWS-Cybersecurity News

The Queen was shown how hackers could target the UK's electricity supply as she opened a centre to protect the nation from cyber-attacks.

The National Cyber Security Centre, part of intelligence agency GCHQ, started work in October as part of a £1.9bn five-year strategy.

Staff in Victoria, central London, will be joined by experts from the private sector to help identify threats. NCSC chief Ciaran Martin said: "We want to make the UK the hardest target".

The secondments to the centre by 100 private sector employees will be funded by their own companies.

Announcing the initiative, Chancellor Philip Hammond said the "best and the brightest in industry" will help "test and to challenge the government's thinking" in cyber security.

Russia Concern

There were 188 cyber-attacks classed by the NCSC as Category Two or Three during the last three months.

And even though the UK has not experienced a Category One attack, the, highest level, an example of which would have been the theft of confidential details of millions of Americans from the Office of Personnel Management, there is no air of complacency at the NCSC's new headquarters.

Ciaran Martin, the Centre's Chief Executive, told the BBC: "We have had significant losses of personal data, significant intrusions by hostile state actors, significant reconnaissance against critical national infrastructure, and our job is to make sure we deal with it in the most effective way possible."

As well as protecting against and responding to high-end attacks on government and business, the NCSC also aims to protect the economy and wider society.

The UK is one of the most digitally dependent economies, with the digital sector estimated to be worth over £118bn per year, which means the country has much to lose.

It is not just a crippling cyber-attack on infrastructure that could turn out the lights which worries officials, but also a loss of confidence in the digital economy from consumers and businesses, as a result of criminals exploiting online vulnerabilities.

A sustained effort was required by government and private sector working together to make the UK the hardest possible target, officials say.

Russia has been the focus of recent concern, following claims it used cyber-attacks to interfere with the recent US presidential election.

"I think there has been a significant change in the Russian approach to cyber-attacks and the willingness to carry it out, and clearly that's something we need to be prepared to deal with," Mr Martin said.

French and German officials have warned of the possibility of interference in their upcoming elections, but the NCSC's head said there was no evidence that a significant attack or compromise had yet taken place against the UK democratic process.

"There has been an identifiable trend in Russian attacks in the West, in terms of focusing on critical national industries and political and democratic processes," Mr Martin added.

"And so it follows from that that we will look to be sure we are protecting those sectors in the UK as well as we possibly can."

The centre will be working on a voluntary basis with political parties and giving advice to high-profile individuals - including MPs - on how to protect their sensitive data.

The UK is already targeting computers in other countries being used for cyber-attack, particularly if there is no possibility of prosecution or for co-operation with authorities where the hackers are based.

In the past, UK cyber protection was largely situated within GCHQ in Cheltenham, which was criticised by businesses and others as overly secretive.

The NCSC aims to be more public facing and accessible. It will also protect a far wider range of sectors, rather than just government and national security-related industries, like defence.

GCHQ will still be the parent body for the NCSC, meaning it can draw on the intelligence agency's skills and capabilities. Sometimes, the intelligence arm of GCHQ spots compromised networks as it watches adversaries move across the Internet.

It was through this type of work that GCHQ spotted the compromise of the US Democratic Party's information by Russian hackers, which it then informed US authorities about.

The NCSC is working on trial services to pro-actively discover vulnerabilities in public sector websites, help government departments better manage spoofing of their email, and take down tens of thousands of phishing sites affecting the UK.

"We're actively working to reduce the harm caused by cyber-attacks against the UK and will use the government as a guinea pig for all the measures we want to see done by industry at national scale," says the NCSC technical director, Dr Ian Levy.

He says results would be published openly to enhance collaboration. The centre will be publishing some of its code as open source, so that others can use the techniques.

BBC

 

« Dell Says Security Is Plaguing Business
Bitcoin Is Increasing Ransom Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Venrock

Venrock

Venrock helps entrepreneurs build some of the world's most disruptive, successful companies. We invest in technology: Security, Cloud Services, Big Data, Healthcare IT, AdTech.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

Nexsan

Nexsan

Nexsan offers versatile and robust data storage solutions tailored to adapt seamlessly across a diverse range of sectors, ensuring reliable performance for critical data management.

eTech S.C.

eTech S.C.

eTech specialize in a broad range of technology solutions, including software development, cybersecurity, infrastructure, and IT outsourcing (ITO) services.