There were 188 high-level cyber attacks in the UK between October 2017 and January2018, as dangerous and sophisticated attacks against both the government and businesses become more common. This figure comes from the National Cyber Security Centre (NCSC), the recently opened arm of intelligence agency GCHQ.
Part of a £1.9 billion five-year strategy by the UK government, the NCSC started work in October and is headed by Ciaran Martin, the former director-general cyber of GCHQ.
“We have had significant losses of personal data, significant intrusions by hostile state actors, significant reconnaissance against critical national infrastructure – and our job is to make sure we deal with it,” Martin told the BBC.
With attacks against political parties occurring across Europe, there is plenty of pressure on governments to react. Italy and the Czech Republic have both recently confirmed breaches of their foreign ministries, and there are concerns that political parties in France, Germany, the Netherlands and Bulgaria have also been targeted. This all comes after the continued and much-publicised accusation by US intelligence agencies that Russia interfered in the 2016 presidential election – a breach that was spotted by GCHQ.
“We want to make the UK the hardest target,” Martin said.
Ties to government and business
The government and the private sector will have a lot invested in the NCSC, as the UK’s digital sector is estimated to be worth over £118 billion a year. As such, the NCSC will have links to both its parent body, GCHQ, and to private businesses.
Martin announced that informal contact had been made with the GCHQ, with the two organisations set to share the intelligence agency’s skills and capabilities.
The NCSC is also expected to work informally with private businesses. Speaking at the centre’s opening, Chancellor Philip Hammond said that businesses will be invited to “second up to 100 employees to come and work in the NCSC – allowing us to draw on the best and brightest in industry – to test and challenge the government’s thinking”.
Hammond said that he hopes those people return to the private sector and draw on their experience, warning that government alone cannot protect businesses and the general public. “It has to be a team effort. It is only in this way that we can stay one step ahead of the scale and pace of the threat that we face.”
Cyber Incident Respose with Cyber Security Helpdesk
To protect against cyber attacks, all businesses should have an effective information security system management (ISMS) in place. ISO 27001 is the international standard that describes best practice for an ISMS. It covers people, processes and technology, recognising that information security is not about technology alone.