UK's National Cyber Security Centre gives itself big ol' pat on the back in annual review

Nixing 139k phishing sites is pretty good going to be fair

Despite companies "hanging up" when GCHQ rings them to say they've been hacked (true story), "the UK has avoided a category 1 [infosec incident]", according to National Cyber Security Centre chief Ciaran Martin.

NCSC's annual review, the second of its kind and which was issued today, contained few surprises, consisting mostly of GCHQ's public-facing arm patting itself on the back and highlighting its response to last year's WannaCry malware outbreak in the UK's National Health Service, which took down a large chunk of its infrastructure in early 2017, among other orgs across the world.

Perhaps unsurprisingly, the review failed to mention WannaCry hero and friend to the NCSC Marcus Hutchins, the UK security researcher known as MalwareTech who found the killswitch and played a critical role in halting the spread of the ransomware worm by registering a web domain specified in the reverse-engineered binary.

GCHQ reportedly allowed Hutchins* to be arrested by its US friends during a trip to Las Vegas.

The organisation, which continues to focus on protecting the public sector from infosec threats, still works with the Five Eyes spy alliance (the UK, USA, Canada, Australia and New Zealand) and is still defending critical national infrastructure, including the UK's privatised air traffic control networks.

So far this year NCSC said it has handled 557 incidents, had 139,000 phishing sites deleted and written more than 130 pamphlets and advice blogs on what to do when security badness happens to your organisation.

It also described what happens when its "handlers" pick up signs that a company has been victim of an attack. A staffer said: "That's not always easy – we get a lot of people hanging up! They might think it's just someone on the inside or don't realise the seriousness, so sometimes we need to have persuasive skills as well as technical knowledge."

Dixons Carphone, however, agreed to be quoted in the report as saying "the NCSC has been supportive and provided valuable advice" following the theft of 10 million customer records earlier this year, so while it is easy to sneer, the NCSC is beginning to earn its keep within the private sector.

Building on those links with the wider economy, the NCSC has also come up with an initiative named Industry 100, in which private-sector infosec folk get seconded to the NCSC itself "on a part-time basis" to learn more about security, though "participating organisations are expected to continue to pay salaries" for employees going off on one of the short-term placements.

Attribution plays a key part in NCSC/GCHQ's work, on the basis that "it helps us to better understand who is targeting us, investigate them and share our findings", according to the review. By attributing WannaCry to North Korean state-backed hackers, the agency was able to discount the idea that a for-profit group of criminals was trying to make a fast buck out of ransomware – and instead concluded that hacking tools originally developed by the American National Security Agency were now being used by hostile states as weapons.

As for the future, among the usual boilerplate of apprenticeships, sponsored student placements and kitemark-style certification schemes, the NCSC is heavily involved in Queen's University Belfast's Research Institute in Secure Hardware and Embedded Systems, which we are told will "announce its first funded projects in December 2018". Middlesex University is also said to be working on "a cryptosystem that is immune to quantum computer attacks".

The full 27-page review can be read online or downloaded from the NCSC website. The agency has hidden a little codebreaking challenge in there as well, which can be accessed by scrolling down a bit and clicking "crack the code" after the screen-blanking cookie warning. ®

* Hutchins faces multiple charges related to the 2014 development of the Kronos banking trojan. He has always maintained his innocence.

Similar topics

Other stories you might like

  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading
  • Cloud security unicorn cuts 20% of staff after raising $1.3b
    Time to play blame bingo: Markets? Profits? Too much growth? Russia? Space aliens?

    Cloud security company Lacework has laid off 20 percent of its employees, just months after two record-breaking funding rounds pushed its valuation to $8.3 billion.

    A spokesperson wouldn't confirm the total number of employees affected, though told The Register that the "widely speculated number on Twitter is a significant overestimate."

    The company, as of March, counted more than 1,000 employees, which would push the jobs lost above 200. And the widely reported number on Twitter is about 300 employees. The biz, based in Silicon Valley, was founded in 2015.

    Continue reading
  • Talos names eight deadly sins in widely used industrial software
    Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

    A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.

    The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things (IIoT) efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as well as custom applications and APIs, databases and edge systems.

    Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES are among the users of the OAS platform.

    Continue reading

Biting the hand that feeds IT © 1998–2022