Security

National Cyber Security Centre to shift UK to 'active' defence

Cyber chief calls for 'offensive' weapons

By John Leyden

53 SHARE

The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security.

The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days after the publication of a damning report by the National Audit Office into the UK government’s current approach to digital security.

Martin called for the "development of lawful and carefully governed offensive cyber capabilities to combat and deter the most aggressive threats".

Active cyber defence means hacking back against attackers to disrupt assaults, in US parlance at least. Martin defined the approach more narrowly as "where the government takes specific action with industry to address large-scale, non-sophisticated attacks".

During his speech at the Billington Cyber Security Summit in Washington DC, NCSC's Martin also floated the idea of sharing government network security tools such as DNS filters with private-sector ISPs, as previously reported.

Security vendors praised the UK government's more pro-active approach to cybersecurity, arguing it’s (if anything) overdue.

“The Government is right to look for innovative ways to disrupt organised cybercrime,” said Paul Taylor, partner and UK Head of cyber security at management consultants KPMG. “It’s crucial that we stay one step ahead of attackers and that takes constant innovation and coordination. No one is immune from cyber-attacks but UK small businesses are especially vulnerable as the reality is that many struggle to deal with an onslaught of ransomware and cyber enabled frauds.”

Taylor also backed the greater sharing of information security intelligence, a key plank in the NCSC’s policy that’s viewed with suspicion by privacy advocates*.

“A new partnership between Government and industry is needed to protect our society, take the offensive against criminals, and work together to disrupt digital crime,” Taylor explained. “At the moment many companies are reluctant to share information on attacks they’ve suffered, we need to build a safe space for Government and industry to share intelligence so that we have the best chance of tackling cybercrime.”

Matt Walker, VP Northern Europe, HEAT Software, noted that stronger defences were needed as government services such as universal credit become available online.

“The protection of citizens’ information from the threat of cyber-attack needs to become a higher priority for central and local government as we continue to move more and more interaction online,” Walker said. “The universal credit system alone will pay out seven per cent of UK GDP– making it a target for online fraud. Equally, the ransomware attack that locked Lincolnshire County Council out of its own systems for days had repercussions for mission-critical services such as health and social care.”

The NCSC will act as a hub for sharing best practices in security between public and private sectors as well as taking a lead role in national cyber incident response. The organisation will report to GCHQ, the signals intelligence agency.

Bootnote

*The US's Cybersecurity Information Sharing Act was bitterly but ultimately unsuccessfully opposed by privacy activists.

Sign up to our NewsletterGet IT in your inbox daily

53 Comments

More from The Register

GCHQ asks tech firms to pretty please make IoT devices secure

Hive, HP Inc sign up to refreshed code of practice

Creepy or super creepy? That is the question Mozilla's throwing at IoT Christmas pressies

'Tis the season to be tracked by your connected water bottle

IoT shouters Chirp get themselves added to Microsoft Azure IoT

Now your devices can join you in bellowing at Redmond's products

From Firefox to fired cocks: Look who's out to save you being shafted by insecure Internet of Dingalings – it's Mozilla!

Secret-keeping screw-ups bedevil amorous appliances

Bad news, mobile operators: Unlicensed IoT tech rocketing ahead of NB-IoT and LTE-M – report

Plus global mobe mobs name Sigfox top IoT tech lag

Sigfox cracks open IoT radio protocol specs for world+dog (+badgers?)

Low-power ultra-narrowband network for your street, ma'am?

Mozilla security policy cracks down on creepy web trackers, holds supercookies over fire

Firefox maker sets out dodgy practices the browser will block

Q. What connects the global financial crisis, Ursnif malware, and Coldplay's Viva la Vida?

A. Bad things from 2008 we can't seem to shake

Brit police forces spend peanuts on cybercrime training

£1.3m over three years? Get with the times, plod

Microsoft's next trick? Kicking things out of the cloud to Azure IoT Edge

Open-source service sticks containers in internet of stuffs