“Make the UK the safest place in the digital world.” This motto was relentlessly echoed by representatives of the UK’s National Cyber Security Center (NCSC) at the CYBERUK 2023 conference in Belfast on 19-20 April 2023.
The event was set against the backdrop of the UK’s new National Cyber Strategy, finalized in December 2022, and the latest Integrated Review of Government Security, Defense, Development and Foreign Policy Priorities, published in March. there was.
CYBERUK was an opportunity for the NCSC to outline the measures the country is taking to strengthen the UK’s cyber defenses and resilience.
here Information securityA roundup of five highlights from the event.
1. Pathways and GovAssure
During CYBERUK 2023, the UK Government announced Active Cyber Defense, a suite of interventions and services aimed at minimizing high-volume commodity attacks, Assured Industry Services, accredited to act on behalf of the NCSC 400. company’s corporate catalog.
The agency also announced its pilot project Pathways. The initiative has been tested by NCSC partners, his IASME consortium, for the last six months. It offers certification organizations a new way to earn the Cyber Essential Plus certification, the highest format NCSC offers. The Pathways approach tests an organization’s technical controls against specially crafted Internet-facing threat scenarios.
NCSC CEO Lindy Cameron acknowledged that progress is still needed to make some UK businesses more cyber resilient. “We are ahead of the curve, but change needs to happen at the national level, and it has not happened in all sectors yet,” she said at a press conference.
Principality of Lancaster, Oliver Dowden, also called for all government departments to undergo annual independent and more robust security audits based on the guidelines set out in the NCSC’s Cyber Assessment Framework in his introductory speech to CYBERUK. Announced the launch of a new requirement, GovAssure. .
Read more: UK steps up cybersecurity audits of government agencies
2. State-run group targeting UK critical infrastructure
The NCSC said the growing threat to the UK’s Critical National Infrastructure (CNI) posed by a “state-aligned” Russian group was announced at the launch of CYBERUK in Belfast on 19 April. issued a warning about
This is the first time British authorities have recognized the emergence of an ideologically motivated adversary, not necessarily state-sponsored, but still acting in national interests.
The alert warns that the group is “not subject to formal state control” and is therefore “difficult to predict.”
“Why are you sharing this warning now with the UK CNI? There have been cyber events in the last few months that have made us think we need to do that. Frankly, we are not ready to call anyone at this time,” NCSC Operations Director Paul Chichester said at a press conference.
In his keynote, Cameron added that the UK needs to do more to protect its infrastructure from cyberthreats. “For the UK to be the safest place to live and work online, it needs to be resilient to all threats, whether from the state or from cybercriminals. [..] You need to move to the top of your investment list ASAP. “
Read more: NCSC warns of devastating Russian attacks on critical infrastructure
3. Public-Private Partnerships
One of the key lessons from the Ukrainian cyber conflict is the key role the private sector plays in helping Ukrainian organizations remediate attacks and protect data, Chichester said. said. “Microsoft and Amazon, for example, have been key factors in enabling Ukraine’s cyber response and resilience to Russian cyberattacks,” he argued.
The UK needs to take a page from the Ukrainian book and “work more with cybersecurity vendors and initiate public-private partnerships,” Cameron added.
4. Strengthening international cooperation
Another lesson from Ukraine’s cyber response, Cameron said, is closer coordination among allies. “I am really proud of the role that NCSC has played. [Foreign, Commonwealth and Development Office] FCDO and its allies are helping Ukrainians to solidify their cyber defense in the face of Russian hostility. “
Dowden added that this is especially true now that some adversaries have gone from only attacking Ukraine to targeting allies.
But Cameron said there was still work to be done and that the UK intended to work more closely with Ukraine, the US and other allies in cyberspace.
Read more: NCSC Calls for International Cooperation to Build Cyber Resilience
5. “Responsible behavior” regarding the use of hacking tools
International cooperation is also at the core of the fight against the growing threat posed by the “irresponsible” use of commercial hacking tools such as spyware and hacking-for-hire services, the NCSC issued a new assessment on April 19. Announced.
A joint effort of 11 countries, including the UK, was launched in March.
NCSC’s Director of Resilience and Future Technologies, Jonathon Ellison, elaborated on the goals. He said.
However, Ellison and other NCSC representatives acknowledged that the joint statement was just the beginning and that “much work remains to be done to provide a joint and comprehensive response.”
Read more: NCSC warns of growing threats from ‘irresponsible’ use of commercial hacking tools
