The newly formed UK National Cyber Security Centre (NCSC) has vowed to ensure that cyber security plans are tested and proved using government departments.
NCSC technical director Ian Levy said in a recent blog post:
“Our strategy is to use government as a guinea pig for all the measures we want to see done at national scale.
“We’ll be eating our own dog food to prove the efficacy – or otherwise – of the measures we’re asking for, and to prove they scale sensibly before asking anyone else to implement anything.”
The National Cyber Security Strategy, which was published at the beginning of this month, revealed the government’s plan to maintain the country’s security against cyber threats.
It said that to ensure its plans are successful, it will provide the means required to defend itself against cyber threats.
It added that the country is vulnerable when it comes to cyber crime, which is why the NCSC needs to do all that it can to arm the UK with anything it needs to be able to respond accordingly in the event of an attack.
The Active Cyber Defence (ACD) programme is a major element of the initial target, which is designed to combat, with a degree of automation, a large percentage of cyber attacks on the UK.
Levy added:
“It is not a panacea, but should help us mitigate the impact of a significant proportion of the attacks we see.
“It won’t affect the really targeted attacks – at least initially – but we’re hoping that we can reduce the noise enough to make the defenders’ jobs easier when tackling those very targeted attacks.”
The programme is widely designed to repair infrastructure protocols, improve email security, rid malicious domains, encourage new ideas to recognise and authenticate over the web, find and block malicious activity, and help national infrastructure and government to upgrade security practices.
To fix the infrastructure protocols, there needs to be a change in how they implement the border gateway protocol (BGP) employed in resolving IP routing between carriers, as well as SS7, the global telecoms signalling protocol.
The SS7 hardening work is designed to increase the difficulty of traffic rerouting, but additionally, could make text message phishing more problematic for hackers.
To improve the security of email, they will assign responsibility to recipients by helping them to identify malicious emails. Internet standards will be used to aid in tackling such spoofing as Dmarc, DKIM, and SPF.
The NCSC clearly has a strategy in place, as one would hope. This should be the case with every organisation in the UK, however, and not just at government level. SMEs need to take stock of what they are doing to ensure that their company is protected from cyber threats, as a single breach can turn a business on its head. By creating cyber security jobs and tracking down the right talent, company owners could well be protecting their business from disaster, not to mention maintaining trust from their customer base.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.