UK officially opens National Cyber Security Centre
- Published: Wednesday, 15 February 2017 08:17
The UK National Cyber Security Centre’s new London ‘operational nerve centre’ was officially opened on February 14th 2017 by the Queen. The NCSC has been operational since October 2016 and is now fully functional.
According to chief executive officer Ciaran Martin, the NCSC will reduce the cyber threat to critical services; identify and address vulnerabilities; and provide expert incident management when a major attack does occur.
The UK government announced a five-year National Cyber Security Strategy (NCSS) in November 2016, supported by £1.9 billion of investment.
In a report issued by the organization to mark the opening, the NCSC detailed some of its early work, including:
- The organization has delivered trial services that proactively discover vulnerabilities in public sector websites, help government departments better manage spoofing of their email and taken down tens of thousands of phishing sites affecting the UK.
- The NCSC has worked with key critical infrastructure providers to assess and improve their security and the improved incident management process has helped victims better manage the impact of successful cyber attacks.
During the opening ceremony, UK Chancellor Philip Hammond stated:
“The cyber attacks we are seeing are increasing in their frequency, their severity, and their sophistication. In the first three months of its existence, the NCSC has already mobilised to respond to attacks on 188 occasions.
“65 percent of large businesses reported a cyber breach or attack in the past 12 months. Yet nine out of ten businesses don’t even have an incident management plan in the event of a cyber breach. Business has to sharpen its approach as the scale of the threat from cyber increases and intensifies.
“Just as you would expect a shop on the high street to fix its locks and burglar alarms, so businesses operating digitally need to fix their online security. And this Centre stands ready to help them in doing that.”
Industry comments about the NCSC launch event:
Roger McArdell, CTO and partner at Ashton Bentley:
“It’s great to see that the government is investing in cyber security with the opening of the National Cyber Security Centre. It demonstrates that as a nation we are taking this issue seriously and implementing steps to reduce the problem. But this can only have a real impact if businesses also take on the responsibility and do their best to combat the ever growing challenge.
“We know that today’s young professionals want to use the apps they use in the private lives, in their place of work. Especially for communication and collaboration. It makes sense given that businesses are increasingly affording employees more flexibility and responsibility in their working lives. But this sense of empowerment is increasingly encouraging staff to make decisions that put the company in jeopardy – even if they don’t realise it.
“As employees choose to use apps that aren’t ‘company approved’ on the business network, they are opening up unexpected holes in the safeguarding processes. And this is made all the more dangerous because IT teams are not empowered with systems to administer and manage apps and therefore don’t necessarily have visibility of the problem until it’s too late.
“This shadow IT challenge must be addressed by decision makers. Investing in platforms that offer a range of approved apps required for the business, that employees can be allowed to use safely. This enables the employer to offer autonomy and flexibility to suit their communication needs, but also ensures the network remains protected by being administrated through a secure system. Ashton Bentley is fully behind this government investment but we all need to be in this together to tackle the cyber security beast and business leaders must play their part in that process.”
Mark Weir, regional director UK & Ireland, Fortinet:
“This is a welcome and needed investment representing the government’s commitment to protecting the nation’s critical infrastructure. It’s another step towards the defenders becoming as co-ordinated, well-regimented and collaborative as the attackers. Cybercriminals also benefit from having a lot of time to prepare their attacks than those defending, so a more co-operative partnership between government and private sectors, where organizations share intelligence is key to counteracting the threats. Security vendors can do their bit to help by sharing knowledge and skills that organizations need to fill the skills gap and tackle the increasing threat from cyber criminals.”
Neil Owen, director at Robert Half Technology:
“The number of cyber-attacks carried out against UK targets each month continues rising. Yet, our research shows that only every third CIO is confident that their teams have the skills to manage these threats.
“This chronic shortage of skilled IT talent to fend of potential attacks comes down to two things – the evolution of cyber threats and the current skills shortage in cyber security. In an increasingly competitive labour market, candidates with the required skill set might not always be available. In these cases, businesses need to nurture talent internally and seek out development opportunity within their current workforce to mitigate the risk of falling victim to a cyberattack.”
Richard Lack, managing director, EMEA, Gigya:
“The official opening of the National Cyber Security Centre (NCSC) is a grand gesture by the UK government to demonstrate that cyber security is firmly on the official agenda. But it will only have real impact on the issue if business decision makers, rather than just government and national security-related industries, also take responsibility in order to protect the enterprise and consumers in a sustainable way. Unsurprisingly, it was found recently that CEOs identify cyber security, data privacy breaches and IT disruptions as the top three technology threats to stakeholder trust.
“The cybercriminals have already realised the immense value of consumers’ online accounts, so now is the time to act. With massive losses possible for those that don’t, it is important that businesses protect customers from their own bad habits and in turn protect company reputation and customer assets. In an age where customer expectations are higher than ever and competition is tight, it has never been more important that businesses take cyber security just as seriously as our government proves today that it has.
“There are many ways in which companies can introduce new processes, technology or rules in order to tighten control. One approach, for example, would be to insist on the use of multifactor authentication, where a customer needs to combine something they know (i.e. a password) with something they have (such as a token or mobile phone) or something they are (such as a fingerprint). The key is that these other factors aren’t reusable or replicable and can’t be pilfered on the internet.
“It is important that we see more of this type of network-level security. By combining innovative technologies with good old common sense, businesses can work alongside the government to make our digital world a safer place.”
Stuart Clarke, chief technology officer of cyber security, Nuix:
“The NCSC represents a strong commitment to our national cybersecurity strategy. The government plan to invest £1.9bn in cybersecurity over the next five years and inevitably, part of that will be spent on talent and training. The broader question that needs to be answered is around how we can engage younger generations and generate interest among them to get involved in all things cybersecurity. Apprenticeships would be the first step the industry could take to attract fresh talent to the world of cyber. But we also need to harness the myriad skills we have at our disposal, cybersecurity rookies and veterans alike, to facilitate the development of rich intelligence repositories, make data more accessible, and support collaboration to empower practitioners of all skill levels.”
Matt Walmsley, EMEA director, Vectra Networks:
“Part of the UK’s renewed and refinanced cyber security effort involves taking the fight to the attackers. Amid growing perceived threats to the nation’s critical IT infrastructure, a good offensive needs to be paired with a rapid defensive position. The onus is now on the industry to respond to central government strategy and ensure they have the training, processes and technologies in place to enable them to reduce the risks and impact of cyber-attacks. As critical national infrastructure seems to be finally receiving the cyber defensive attention it needs, the private sector needs to play its part as well, otherwise the overall effort will amount to little if a full scale cyber-attack befalls key services – public or otherwise. Cybersecurity is a strategic organizational issue, not just the concern of government, nor just organizations’ IT and technologists.”
David Millar, support director, Axians UK:
“Today’s opening of the National Cyber Security Centre (NCSC) by the Queen demonstrates a new era as we continue our journey in the digital age. Security has never been so important, and whilst it’s great to see that the government is increasing its abilities to guard against attacks, businesses must also take responsibility for their customer’s security, not only to gain trust from consumers, but stakeholders alike. Unsurprisingly, it was found recently that CEOs identify cyber security, data privacy breaches and IT disruptions as the top three technology threats to stakeholder trust.
“Building and maintaining a positive, high profile brand reputation is vital for all successful businesses, with a recent study finding that 82 per cent of consumers have stopped doing business with a brand following a bad experience. Reputation can very easily be destroyed by a hacker on a mission, and is why reliable and secure technology is essential for today’s organizations. And with an increasing amount of devices becoming connected, demands for transformative technology, along with users’ insistence that their data is secure, is also increasing. Smart cities and the like are only going to add more demand and devices, which also means more potential for security holes – the problem is not going to go away.“In an age of digital transformation, where customer expectations are higher than ever before, and competition is tight, it’s crucial that businesses deliver a consistent, high quality customer experience, and if something does go wrong, the ability to reassure customers they have the expertise to quickly address the issue. Organizations can do this by maintaining a high level of network security, and where the skills are lacking within this area, using a company which can design, implement and monitor the network on their behalf. By doing so, companies can grow, whilst retaining customer and stakeholder trust.”