UK moving to ‘active cyber-defence’, NCSC says

According to the UK’s new National Cyber Security Centre (NCSC), Britain is moving towards a more active defence in cyberspace.

The news comes ahead of the centre’s launch in October, which will aim to take on existing roles such as protecting government and critical infrastructure. The NCSC will examine new ways of engaging with businesses and the public.

In particular, the NCSC will develop automated defences to offer protection from high-volume but relatively unsophisticated cyber-attacks, taking a lead on protecting government networks and those of national level importance.

Data has revealed that twice as many ‘national-security-level cyber-incidents’ were detected in 2015, compared with a year before.

Speaking in Washington, Ciaran Martin, chief executive of the NCSC, said: “The great majority of cyber attacks are not terribly sophisticated. They can be defended against. But far too many of these basic attacks are getting through. And they are doing a lot of damage.

“There are great companies, great people, there’s great innovation, and barriers to information sharing are being broken down. But given the record of the past few years it’s hard to say that we’ve got ahead of the threat.

“Like the US and other allies we have a chronic cyber security skills challenge that can only be addressed through sustained, long-term action. We’re also piloting ways of tackling commodity attacks, where we’re sending automated takedown requests to hosters, registrars and others.

“We’re currently working with the UK telecommunications industry to stop the well-known abuse of the BGP and SS7 protocols to reroute traffic. If we’re right, this will mean it’s much more difficult for UK machines to participate in a DDOS attack. And if we’re right then everyone else can do it.”