Setting up active cyber defence

Britain is moving towards more active defence in cyberspace, the head of the UK’s new National Cyber Security Centre (NCSC) has said.

Speaking in Washington, Ciaran Martin was giving his first public comments as the chief executive of the NCSC.

The NCSC will take a lead on protecting government networks and those of national level importance, but Martin also outlined ways in which it would be more ambitious in improving the UK’s overall cybersecurity.

Digital economy dependence

One-eighth of the UK’s gross domestic product (GDP) comes from the digital economy, the highest in the G20 group of industrialised economies, and Martin said retaining public confidence in online transactions and ensuring economic growth was a priority in the same way as protecting national security.

Last year, twice as many “national-security-level cyber-incidents” were detected compared with a year before, amounting to about 200 per month.

The attacks are not always highly sophisticated. “Far too many of these basic attacks are getting through,” Martin said. “And they are doing a lot of damage.”

The new strategy will include using technology to automate defences against unsophisticated but high-volume cyber-attacks.

Martin described this as “active cyber-defence”, distinguishing it from the US use of the term, which relates to pursuing hackers into their networks.

Two to three years ago, there had been an expectation in government that a market of supply and demand would help deal with the low- to medium-end cyber-threats, leaving government to concentre on high-end threats.

But officials acknowledge this has not taken place and that information sharing has often reached limits leading to a shift towards a more “activist and automated approach”.

The NCSC has already been working on using automated measures on government networks.

This includes ensuring UK government email is trusted and not spoofed to fool members of the public.

“We trialled it, and whoever was sending 58,000 malicious emails per day from taxrefund@gov.uk... isn’t doing it anymore,” Martin said.

The centre has also been piloting ways of tackling commodity attacks - off the shelf, easy-to-use malware.

Incident response

The new centre will take over incident response (ranging from covert detection to a stronger, more visible role in providing public advice and reassurance in a crisis).
In protecting critical networks, Martin pointed to two challenges ahead.

One was the switch to universal credit, where, Martin said, 90% of claims would be processed online - meaning one system would pay out 7% of GDP.

This means preventing online fraud will be a priority.
Another challenge is the switch to smart meters, which are connected to the internet.
There have been reports of weaknesses in the system, but Martin said efforts had been undertaken to ensure they could not be easily compromised.