US Spy Chiefs Look For UK Guidance On Cybersecurity

Uploaded on 2018-03-13 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

American spymasters are concerned over the vulnerability of US companies to cyberattack and are turning to the UK for guidance on how to boost protection in the face of a growing threat from hostile state hackers.

A US intelligence official told the Financial Times that US intelligence is braced for the cyber threat to “get worse”, likening the US to a city at the bottom of a dam that is fast developing cracks. 

“Something horrible has to happen to fix it,” said Rick Ledgett, former deputy director of the NSA who left the agency last year after four decades. “The US should follow the UK model.”

One possible solution being weighed by US intelligence officials is to replicate the UK’s National Cyber Security Centre, the public-facing division of Britain’s digital eavesdropping agency GCHQ.

Admiral Michael Rogers, head of the NSA and US Cyber Command, which tackle cyber defence and offence respectively, visited the NCSC’s London headquarters this year, in a sign of the close links between the American and British services.

“The UK example is interesting,” said the US intelligence official, adding America has not been able to address the cyber threat.  The official cited the UK’s effort to develop a national cyber strategy and house its own cyber security protection regime within each of the intelligence agencies, adding the US has “not yet done any of this”.

The official said that countries such as the UK also had more of a tradition of interference in the private sector that probably “wouldn’t be tolerated as much” in the US. “The problem is the US is bigger and more complex and there isn’t a unity of focus,” said Mr Ledgett.

Set up in 2016, the NCSC works closely with companies to manage incidents, protect critical services from attack and provide guidelines for tackling the cyber threat. 

“Every country is grappling with this and trying to work out how to do this coherently,” explained Robert Hannigan, a former director of GCHQ who was instrumental in establishing the NCSC. “There are often too many players in cyber and a lack of clarity over who is responsible for what.”

Although the US boasts some of the world’s most advanced and best resourced cyber capabilities inside government bodies such as the National Security Agency and the Department for Homeland Security, senior American officials are divided over the best way to organise and co-ordinate sprawling cyber defence programmes.

Responsibility for defending the US private sector from cyber-attack rests with the Department for Homeland Security. But US cyber defence operations also sit with the NSA, the FBI, the Department of Defense, the National Guard and the CIA. Fears over US vulnerability come amid growing evidence of cyber hostility from Russia, North Korea and China. US intelligence chiefs describe continuing efforts from Moscow to subvert US democratic institutions, amid allegations that Donald Trump’s campaign colluded with Kremlin to secure his election as president. 

Foreign hackers have also previously stolen classified plans from defence contractors, including for high-tech weapons such as the flagship stealth F35 fighter jet.

The private sector’s lack of enthusiasm for engaging more directly with US spying agencies is partly based on a lingering paranoia among company executives after the 2013 leaks from Edward Snowden revealed the extent of NSA surveillance.

The Hacking News

You Might Also Read: 

UK To Increase National Cyber Defences:

Will NSA & CyberCom Split?:

 

« Further Cyberattacks On German Government Networks
Philosophy Of The Information Age »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

Security Current

Security Current

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

Holiseum

Holiseum

Holiseum delivers innovative cybersecurity solutions for the critical infrastructure organizations, as well as cybersecurity services and consulting.

Nyx Security Solutions

Nyx Security Solutions

Nyx is committed to excellence in embedded cybersecurity, delivering top-tier secure design, development, and penetration testing services that meet and exceed industry standards.