NCSC chief: Ransomware is more of a threat to Britain than hostile nations' spies
Lindy Cameron gives private industry an unusual nod in speech full of interventionism
Forget foreign spies. The head of Britain's National Cyber Security Center (NCSC) has warned it is ransomware that's the key threat for most people.
"What I find most worrying isn't the activity of state actors," NCSC chief exec Lindy Cameron told a national security audience, joining the chorus of organisations calling out ransomware criminals as the number one cybersecurity threat of the moment.
The speech marks the first time that GCHQ, the spy agency and parent body of the National Cyber Security Centre, has acknowledged a cyber threat as being of more concern to the UK than traditional state spying.
"Four nation states – China, Russia, North Korea, and Iran – have been a constant presence in recent years. And as I've said before, we face a determined, aggressive Russia, seeking traditional political advantage by new, high-tech means," said Cameron.
The NCSC's chief exec was giving defence think tank the Royal United Services Institute's (RUSI) Annual Security Lecture, which took place in between the G7 leaders' summit in Cornwall. The summit itself saw Russia named and shamed for harbouring ransomware criminals ahead of the first meeting between US president Joe Biden and Russian leader Vladimir Putin this week. Biden is expected to raise the problem of ransomware gangs with his opposite number.
Speaking to RUSI's audience of military officers, espionage officials and political policy wonks, Cameron described the structure of the current ransomware ecosystem – the omnipresent as-a-service model – and noted: "They may identify embarrassing or business-sensitive material that they can threaten to leak or sell to others. And they might even research your cyber insurance policy to see if you're covered to pay ransoms."
There might be some forensic evidence the police can pursue occasionally, but less so over time. There might be a flaw in the malware or its deployment that we can make the most of. Even more rarely, we might just be able to get a decryption key. But these groups know what they're doing. And that hardly ever happens.
The US FBI's recent success in recovering a cryptocurrency ransom paid by the Colonial Pipeline Company from ransomware crew Darkside is a very rare one.
Prevention is better than cure
Cameron's speech highlighted what the British government is doing to tackle not only ransomware but national cybersecurity weaknesses as a whole – starting to break from protecting only itself to taking an interest in the security of taxpaying businesses and private citizens alike.
"In some respects, our response to ransomware is straightforward: we need to continue to build the UK's cyber resilience so that attacks cannot reach their targets in the first place," said Cameron, highlighting her organisation's guidance on how not to get pwned by internet crooks. This is targeted at SMEs and bigger companies alike, including large sections in simple words for executives and non-technical managers to digest.
"It's about preparing, planning, exercising all the way up to board level, working on the assumption that a cybercriminal will be as interested in your weaknesses as a burglar in your open window," she added.
- G7 nations call out Russia for harbouring ransomware crims ahead of Biden-Putin powwow
- Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom
- Risk and reward: Nefilim ransomware gang mainly targets fewer, richer companies and that strategy is paying off, warns Trend Micro
- Uncle Sam recovers 63.7 of 75 Bitcoins Colonial Pipeline paid to ransomware crew
But on top of the cybersecurity hygiene practices, with which Register readers will be well familiar, there's what Cameron described in her speech as the "whole-of-nation approach" to tackling the ransomware menace. She also mentioned "the cyber insurance industry, which has a role to play in bearing down on the payment of ransoms and cryptocurrency entities who facilitate suspicious transactions."
Britain's interventionist approach to cybersecurity includes a new law giving politicians the power to block mergers and acquisitions of British companies by halting "potentially hostile foreign direct investment." The last few months have seen the Conservative government boasting of market interventions that would have Adam Smith spinning in his grave.
Yet perhaps conscious of the huge role played by private industry in securing British businesses, Cameron gave it an unusual public nod, saying: "The government can't do this alone. We will continue to take a whole-of-society approach to improving the cyber resilience of the UK. Industry, academia, and civil society all have a role to play."
Wide-ranging as it was, the week's focus on international cybersecurity and ransomware so far means Cameron's closing call for more "partnerships with partners around the world" might bear fruit – if Russia, China, and others are prepared to play ball. ®