Ciaran Martin, CEO of the NCSC: doesn't want to 'fixate' on fighting cyber with cyber
The NCSC has dealt with more than 10 attacks per week since it opened two years ago, the majority of which have been from nation states, according to the second annual review of the National Cyber Security Centre (NCSC) released today.
Since becoming fully operational in 2016, it reveals it has deal with 1,167 cyber incidents.
Speaking on Radio 4’s Today Programme this morning, NCSC CEO Ciaran Martin said the agency had been able to detect and call out Russian aggression and publish technical details to allow organisations to deal with the attacks.
He said that the NCSC and the government signals intelligence agency GCHQ – the parent organisation of the NCSC – have been tracking some hostile Russian cyber groups for 10 to 20 years.
Some of these groups can be linked to the Russian government, he said, as evidenced by the recent joint announcement by UK, US and Dutch intelligence agencies. The joint statement named Russia as being responsible for attacks against the World Anti Doping Agency (WADA), electoral bodies in countries around the world and the Organisation for the Prohibition of Chemical Weapons OPCW in Switzerland.
And in April, UK and US authorities published evidence of sustained attacks against companies.
No one has been physically harmed by a cyber-attack yet, said Martin, but it was almost inevitable that it would happen. Hostile actors are constantly seeking to exploit vulnerabilities in the networks of critical assets with a view to being able to exploit them in the future, he said.
The NCSC works with GCHQ, foreign intelligence agencies and private sector cyber-security specialists to identify these ‘pre-positioned’ vulnerabilities and warn the affected organisations so that they can remove them.
Asked if the UK has pre-positioned vulnerabilities in hostile nations and was prepared to use them in response to an attack by Russia or North Korea, he said, "I don’t get fixated on fighting cyber with cyber."
He said deterrence was about using all the tools available including diplomatic and economic levers, noting how the US had used economic sanctions as a response to Russian election hacking.
The NCSC is working to open up the secretive world of cyber-intelligence. Martin said that the NCSC was a global leader in pushing out previously classified information to help organisations defend themselves.
This annual review is providing the public with "unprecedented detail" about NCSC tactics and providing a glimpse of the behind-the-scenes work of the Incident Management team who help support UK victims of cyber-attacks.
For the first time, the NCSC is giving a glimpse into the work against the ongoing cyber threat in a podcast, "Behind the scenes of an incident".
In addition to guarding against nation-state attacks, the NCSC plays an active role in defending the country against high-volume ‘commodity attacks’ that affect everyday life through its Active Cyber Defence (ACD) initiative.
Since its launch, ACD has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3 percent to 2.4 percent, the NCSC said. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK. It used to take a day to remove them, now they are removed within an hour.
The NCSC was created as part of the UK Government’s £1.9 billion five-year National Cyber Security Strategy (NCSS). Opened by the Queen in February 2017, it provides a single, central body for cyber-security at a national level and is the UK’s technical authority on cyber. It manages national cyber-security incidents, carries out real-time threat analysis and provides tailored sectoral advice.
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: "Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.
"NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half."
In a press statement, Martin said: "As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age."
Director GCHQ, Jeremy Fleming said: "In just two years, the NCSC has become a world leading organisation. I’d like to thank everyone at the NCSC for the outstanding work they do every day."