Contact The Editor
Articles By This Author
The annual report from the National Cyber Security Centre, which was established in 2016, focuses on threats to the United Kingdom. But it will be of interest to U.S. officials as well because it shows an evolution and escalation in malicious activity, particularly by national adversaries.
Iran, China, Russia and North Korea were all singled out in the NCSC's report as the top hostile nations to British security. Those countries generally top U.S. officials' list of bad actors, as well.
And as in the United States, foreign governments are targeting the political system in the U.K. To combat foreign interference, the British have taken an arguably more assertive approach than their American counterparts. The NCSC meets with U.K. political parties every three months and gives regular advice to members of Parliament, the report said.
"During the local elections (March 2019) and European elections (May 2019), the NCSC provided guidance, informed by comprehensive cyber threat assessment, on risks and advice on protecting systems and people to political parties," the report explained. The center monitors known adversaries that are targeting parties and individual politicians, and then shares details and "tailored advice."
That kind of "active defense," with the government constantly sharing threat indicators with companies and other targeted organizations, is at the heart of the British cybersecurity strategy, which the report describes as "deliberately interventionist and comprehensive," backed by nearly 2 billion pounds in funding.
While admittedly spare in details about the center's claimed operational successes ("sometimes transparency has its limits," the center's CEO Ciaran Martin wrote in the introduction), the report argues that active defense has made a measurable difference.
For example, the British worked with airlines targeted by a group known as Chafer, which has been linked to Iran and "has a history of targeting global organisations for bulk personal data sets." The center helped airlines identify potential risks on their networks and "offered mitigation advice," the report says.
Martin touted the center's success increasing the number of threat indicators it shares tenfold, to more than 1,000 per month, and the speed of sharing those indicators "from days to seconds."
The NCSC handled 658 individual incidents over the past year and provided support to nearly 900 victim organizations, the report said.
Officials argue that their more active posture, which includes directly contacting Web hosts when the government spots malicious activity, has led to a dramatic reduction in the number of phishing and other malicious websites. The report says that 98 percent of phishing URLs - more than 177,000 - discovered by a "takedown service" were successfully removed. The majority were taken down within 24 hours.
As of August, the United Kingdom accounts for 2.1 percent of "visible global phishing attacks," down from 5.3 percent in June 2016, the NCSC said.
The center has also gone after consumer fraud where it intersects with critical infrastructure. In one incident, criminals tried to send more than 200,000 emails claiming to be from a U.K. airport, using a nonexistent government email address, offering recipients a monetary refund. The center detected the suspicious domain name and the email providers never delivered the messages, the report said.
In the case where fraudsters posed as a legitimate emergency-services company, the British blocked 150,000 emails sent from a nonexistent Internet domain.
The British are looking to expand their active defense strategy. The report cites plans for an automated system that acts on information from the public to remove malicious sites; a new "Internet Weather Centre" that would draw on multiple data sources to improve awareness of the overall threat picture; and a new Web-based tool that would let public-sector and critical national infrastructure providers scan their own networks and devices for vulnerabilities, the report said.
Sign up for the daily JWR update. It's free. Just click here.