The new National Cyber Security Centre (NCSC) has opened for business. Created by the government to effectively become the backbone of the government’s new national cybersecurity plan unveiled by the then Chancellor, George Osborne, last November, the NCSC will work closely with GCHQ to tackle cyber threats affecting UK industry.
It was interesting to see that in his first public outing at a recent summit in Washington DC, Ciaran Martin, the chief executive, spoke about the need to move towards a more active cyber defence. Apparently the NSCS will be adopting a more active posture in defending the UK from cyber threats and is also championing the need for government, industry and law enforcers to work more closely together.
This is something that we’ve been talking about for the past few years, particularly when it comes to the need for organisations to be more proactive. We continue to see organisations, often large, high profile businesses, react (badly) when data breaches happen, and fail to have the right processes and procedures in place to effectively mitigate risks.
It’s surprising how many businesses still do not have the basics in place when it comes to information security, such as effective patch management or incident response processes.
The NSCS’s Ciaran Martin talks about the need to address large-scale unsophisticated attacks – “...far too many of these basic attacks are getting through. And they are doing far too much damage. They're damaging our major institutions.”
He’s right – last year’s Global Threat Intelligence Report revealed that a staggering 76% of the vulnerabilities identified had been known for two or more years. Perhaps more surprising was that 10% were over 10 years old.
It’s interesting to see that as part of its plans for a more active cyber defence, the NCSC will look into large-scale DNS filtering to automate blocking malware.
The NSCS will also prioritise the protection of our national infrastructure against cyber threats. Apparently more than 200 national security-level cyber incidents are logged every month and, while we haven’t yet seen a major national level attack of any scale, it’s only a matter of time according to Martin.
The days of sitting tight and doing nothing are long gone. The risk of a cyber attack is not going away and critical systems are not becoming less vulnerable to attack. The role of NCSC will be a hugely valuable one for UK businesses, but only if it does what it sets out to do in order to reduce the risk of cyber attacks.
All eyes are on the NSCS now it is open for business.
The UK's new National Cyber Security Centre (NCSC) has officially opened as part of the GCHQ that will aid the government in delivering advice on how best to tackle cyber security issues. The NCSC will be based in London in the Nova office and shopping complex located near Victoria Station. It was announced last year that the centre would be based in Cheltenham at GCHQ. Though that is no longer case, the NCSC will also have offices there. The NCSC will have a staff of 700 and half of these employees will occupy the new headquarters. They will begin moving into the building later this year and in early 2017. The NCSC will have specialist teams dedicated to the City, Whitehall, intelligence and security services, energy, telecoms and other areas that are critical to the national infrastructure.