US Spy Chiefs Look For UK Guidance On Cybersecurity

Uploaded on 2018-03-13 in NEWS-News Analysis, INTELLIGENCE--USA, FREE TO VIEW

American spymasters are concerned over the vulnerability of US companies to cyberattack and are turning to the UK for guidance on how to boost protection in the face of a growing threat from hostile state hackers.

A US intelligence official told the Financial Times that US intelligence is braced for the cyber threat to “get worse”, likening the US to a city at the bottom of a dam that is fast developing cracks. 

“Something horrible has to happen to fix it,” said Rick Ledgett, former deputy director of the NSA who left the agency last year after four decades. “The US should follow the UK model.”

One possible solution being weighed by US intelligence officials is to replicate the UK’s National Cyber Security Centre, the public-facing division of Britain’s digital eavesdropping agency GCHQ.

Admiral Michael Rogers, head of the NSA and US Cyber Command, which tackle cyber defence and offence respectively, visited the NCSC’s London headquarters this year, in a sign of the close links between the American and British services.

“The UK example is interesting,” said the US intelligence official, adding America has not been able to address the cyber threat.  The official cited the UK’s effort to develop a national cyber strategy and house its own cyber security protection regime within each of the intelligence agencies, adding the US has “not yet done any of this”.

The official said that countries such as the UK also had more of a tradition of interference in the private sector that probably “wouldn’t be tolerated as much” in the US. “The problem is the US is bigger and more complex and there isn’t a unity of focus,” said Mr Ledgett.

Set up in 2016, the NCSC works closely with companies to manage incidents, protect critical services from attack and provide guidelines for tackling the cyber threat. 

“Every country is grappling with this and trying to work out how to do this coherently,” explained Robert Hannigan, a former director of GCHQ who was instrumental in establishing the NCSC. “There are often too many players in cyber and a lack of clarity over who is responsible for what.”

Although the US boasts some of the world’s most advanced and best resourced cyber capabilities inside government bodies such as the National Security Agency and the Department for Homeland Security, senior American officials are divided over the best way to organise and co-ordinate sprawling cyber defence programmes.

Responsibility for defending the US private sector from cyber-attack rests with the Department for Homeland Security. But US cyber defence operations also sit with the NSA, the FBI, the Department of Defense, the National Guard and the CIA. Fears over US vulnerability come amid growing evidence of cyber hostility from Russia, North Korea and China. US intelligence chiefs describe continuing efforts from Moscow to subvert US democratic institutions, amid allegations that Donald Trump’s campaign colluded with Kremlin to secure his election as president. 

Foreign hackers have also previously stolen classified plans from defence contractors, including for high-tech weapons such as the flagship stealth F35 fighter jet.

The private sector’s lack of enthusiasm for engaging more directly with US spying agencies is partly based on a lingering paranoia among company executives after the 2013 leaks from Edward Snowden revealed the extent of NSA surveillance.

The Hacking News

You Might Also Read: 

UK To Increase National Cyber Defences:

Will NSA & CyberCom Split?:

 

« Further Cyberattacks On German Government Networks
Philosophy Of The Information Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

National Forensic Sciences University (NFSU)

National Forensic Sciences University (NFSU)

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Third Wave Innovations

Third Wave Innovations

Third Wave Innovations (formerly RCS Secure) offers a full spectrum of cybersecurity safeguards and IT services.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.