Russia-based criminals are still the UK's number 1 cyber-foe, NSO Group's wares a 'red flag' says NCSC chief

Chatham House speech targets non-state baddies as well as grey zone and nation states


A new national cyber strategy will be launched by year-end, the National Cyber Security Centre's chief exec has promised – while calling out spyware vendor NSO Group as a "red flag" for the UK infosec community.

Lindy Cameron told the Chatham House international affairs think tank that NSO Group was "something we raised a red flag about before, that the commercial market for sophisticated cyber exploitation products is an issue."

The malware vendor, which claims its flagship Pegasus iPhone-hacking software is only supplied to nation states, was in the UK public eye only last week after it emerged Pegasus was used by the Sheikh of Dubai to spy on his ex-wife's lawyers and entourage during a UK court battle.

"Those with lower capabilities are now able to simply purchase techniques and tradecraft," said Cameron, referring to the presentation of nation-state-grade hacking capabilities by "cyber-exploitation" vendors to paying customers.

She continued: "And obviously, those unregulated products can easily be put to use by people who don't have a history of responsible use of these techniques. So we need to avoid a marketplace for vulnerabilities and exploits developing that makes us all less safe."

New infosec strategy – and defence co-operation

The wide-ranging speech saw Cameron setting out her vision and priorities for the NCSC, having formally taken up the CEO post a year ago. There's no doubt that her unashamedly interventionist approach to regulating British businesses (including the cybersecurity sector) will continue:

Central to keeping the UK at the forefront of cyber security will be a new National Cyber strategy due to be launched before the end of the year, and with that a refreshed NCSC mandate to scale the impact that my organization delivers to build the UK's cyber security.

The new strategy follows on the heels of similar UK policy documents delivered in the last couple of years, including the Defence Industrial Strategy – which included a number of infosec-focused pledges.

Plenty of clues have emerged from government suggesting that relatively heavy regulation is coming to the UK's information security sector. Whitehall launched a supply chain review in summer, targeting managed service providers (MSPs) and their security practices – a review directly inspired by the SolarWinds attack, as well as lower-profile incidents.

"In the future," vowed Cameron, the NCSC "will take a principles based approach to security functionality, and put much more emphasis and proportionality on the engineering practices of the developer. Rather than just running through a checklist of criteria that need to be met."

This has already been seen in the Technical Annex to the Telecoms Security Bill, which sets 70 criteria that telcos and their suppliers must meet in order to continue in the UK market.

The new national cyber strategy may also include greater integration with the new National Cyber Force hacking unit, bearing in mind ministerial pledges from 2019 that committed Britain to hacking back at countries whose attack crews tampered with UK systems. While some commentators (most notably ex-NCSC CEO Ciaran Martin) have drawn a sharp line between cybersecurity and offensive cyber attacks, it seems that line isn't as deep as they would hope.

Russia number 1, China number 2

Cameron repeated earlier UK government findings stating that "cybercriminals based in Russia and neighbouring countries are responsible for most of the devastating ransomware attacks against UK targets," also alluding to other things Russia has done that targets Britain and its allies.

"How China evolves in the next decade will probably be the biggest single driver of our future cyber security," she said. "And we must be clear-eyed about this and in particular, protect ourselves against Chinese practices that have an adverse effect on our own prosperity and security."

She also spoke about standards-setting bodies and how those could be infiltrated by those who would seek to use the West's rules against itself by baking in values and standards that conflict with traditional liberal democratic norms.

Echoing a previous speech, Cameron added today: "But it's really important to remember that the vast majority of hostile cyber activity that most people in organizations in the UK will experience will come from criminals, not from nation states, and therefore absolutely central to the UK."

Regulation, intervention, counter-criminalism. Whether you like it or not, that's the way British infosec's going for the next few years. ®


Other stories you might like

  • Google sours on legacy G Suite freeloaders, demands fee or flee

    Free incarnation of online app package, which became Workplace, is going away

    Google has served eviction notices to its legacy G Suite squatters: the free service will no longer be available in four months and existing users can either pay for a Google Workspace subscription or export their data and take their not particularly valuable businesses elsewhere.

    "If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services," the company said in a recently revised support document. "The G Suite legacy free edition will no longer be available starting May 1, 2022."

    Continue reading
  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining this science, maybe not

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading

Biting the hand that feeds IT © 1998–2022