Right out of a scene from James Bond’s Spectre, today marks a historic moment in the fight against cybercrime and cyber attacks.
Later today, the Queen will officially open the UK’s National Cyber Security Centre (NCSC).
The NCSC will form part of the intelligence agency GCHQ.
It’s sole purpose will be to provide Britain a foothold in the cyber war currently raging.
>See also: The UK’s new National Cyber Security Centre
Not only will the centre defend the nation from cyber attacks, but it will also respond in kind to attacks that threaten the UK’s critical infrastructure and digital economy.
“In the most serious cases, we have lawful powers where we can go after the infrastructure of adversaries – the infrastructure that people use to attack us – and we would do that in some of the most serious cases several dozen times a year,” Ciaran Martin, the centre’s chief executive, told the BBC.
The UK is a digitally dependent economy, with the digital sector estimated to be worth over £118 billion per year. A lot is at stake.
The fact that the Queen is opening this centre is significant in itself and highlights the importance of this new operational centre in the heart of London.
Scott Rubin, head of policy at Tanium agreed and suggested that “it is fitting that this initiative receives a regal opening, given the significant role it will play in bridging the gap between business and government, and coordinating a response to the growing cyber threat that faces the UK”.
“We want to make the UK the hardest target,” said Martin.
Yesterday, it was reported that there were 188 serious cyber attacks, classified as Category Two or Three, in the last three months. Attacks are on the increase.
“We have had significant losses of personal data, significant intrusions by hostile state actors, significant reconnaissance against critical national infrastructure – and our job is to make sure we deal with it in the most effective way possible,” Martin said.
The greatest threat, reportedly, has come from Russia in recent times, with a particular focus on the US election and whether it was compromised.
“I think there has been a significant change in the Russian approach to cyber-attacks and the willingness to carry it out, and clearly that’s something we need to be prepared to deal with,” Martin said.
“There has been an identifiable trend in Russian attacks in the West, in terms of focusing on critical national industries and political and democratic processes.”
“And so it follows from that that we will look to be sure we are protecting those sectors in the UK as well as we possibly can.”
The NCSC’s role will not only be to protect government, but as mentioned, to protect the economy and other critical infrastructure.
The need to defend these is crucial. A sustained attack, as seen in the Ukraine, could turn out the lights, while an attack on the economy would cause a loss of confidence in the digital economy for consumers and businesses.
“The NCSC’s creation shows that the government recognises the scale of the cyber threat to both individuals and businesses, said Ollie Whitehouse, technical director at NCC Group.
The private sector’s role
“However,” continued Whitehouse, “organisations and users alike can’t become complacent – more action is needed. We recently surveyed UK companies and found that only 13% of CEOs have direct responsibility for cyber risk. We will know businesses have started to take cybersecurity seriously when that figure gets close to 50% and market pressures take hold”.
“It’s also time for individuals to recognise the responsibility they have to themselves and the organisations they work for when it comes to security. As the Chancellor mentioned in his recent article for the Sunday Telegraph, the rise in connected consumer devices – from cars to fridges – adds a new facet to threats facing consumers. There needs to be a better understanding of what this ubiquitous connectivity means for consumer privacy and security as well as wider industry and government.”
Indeed, to make the NCSC’s impact significant and successful, organisations will have to weigh in and work with this government centre: to give advice, provide techniques and share experiences of previous attacks directed at them. Without this collaboration, the job to defend and attack will be that much harder.
Greg Day, VP and chief security officer, EMEA from Palo Alto Networks offered some advice “to bridge these gaps and maximise the role of organisations in national cyber security.” He provided a range of strategies that all organisations should take, including:
- Focusing on education to consolidate cybersecurity insights into regular, digestible updates that provide business leaders with grounded, real-world information.
- Finding common ground by clearly quantifying the business value that such ideas would bring.
- Running regular ‘fire drills’ – training and testing to ensure the organisation is quick to respond to cyber incidents.
- Using the new stipulations from the government to make sure the investment to risk ratio is correct.
- Learning to be critical and assess any current shortcomings honestly”.
The skills gap
Stuart Facey, VP EMEA at Bomgar has suggested that while the official opening of the NCSC is a positive sign the UK is taking cyber threats seriously, the digital skills gap could prove damaging.
“Governments in part have the budgets to purchase the technologies needed to counteract and reduce these threats, however they can struggle with a lack of knowledgeable resources. It’s here that the NCSC needs to ensure that not only are they bolstering the countries resilience to attacks, but that they are also addressing the skills gap in the sector.”
“The UK needs to create a future workforce to successfully fight cyber-attacks and lessen the reliance on contractors and third-parties due to the skills gap that often expands the attack surface of an organisations network. We’ve already seen progress in this space with the launch of The Cyber Schools Programme, but there is still a way to go.”