UK plans to revamp national cyber defense tools are already in motion

Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part

The UK's National Cyber Security Centre (NCSC) says it's in the planning stages of bringing a new suite of services to its existing Active Cyber Defence (ACD) program.

What ACD 2.0, as it's being referred to at present, comprises is very much up in the air. The country's cyber cops did not share specifics of their ideas during a media briefing today, but instead revealed the two guiding principles that will shape ACD 2.0:

  • Only delivering services where there is a genuine gap in the market – only bringing unique capabilities with no overlaps elsewhere in the market

  • The services will be handed off to another part of government or industry partner within three years

It said that after launching ACD in 2016, where it provided services that the private sector wasn't providing at the time, the market has since matured and defense solutions have become more robust, meaning it's time for a little refresh of ACD's offerings to ensure they're still useful.

The plan to divest these services isn't a novel one. Existing services under ACD 1.0 such as Logging Made Easy and Protective DNS (PDNS) are already run by external partners – CISA and Cloudflare respectively – but some, such as Early Warning, can only ever be run by the NCSC due to their very nature.

Finances aren't the driver behind the decision to divest either. The NCSC sees itself as an organization that can recognize opportunities to add value to the market, deliver original work, and then pass off successful projects so it has the resources to do it all again, rather than being a national managed service provider, of sorts.

Given that it doesn't have a firm handle on what capabilities it actually wants to develop yet, the NCSC said it's looking for partners across government, industry, and academia to weigh in on what's needed.

Ollie Whitehouse, CTO at the NCSC, said in a blog published today that the NCSC already has ideas about what experiments it wants to run, but the organization also wants to hear ideas from the wider industry too.

These experiments are already under way, such as six-month projects looking at what's available already on the market in terms of attack surface management solutions. The NCSC is aware that many organizations don't understand their attack surface, so a possible new solution in ACD 2.0 will help solve this at a national level. 

The experiments here, carried out with support from industry partners, will tackle how this service is communicated, delivered, and other factors.

"Our hypothesis remains that helping organisations know and reduce their attack surface and related vulnerability is one of the most efficient ways to drive up external resilience," Whitehouse blogged.

"If you have an attack surface management product, or ideas for other experiments we should run in future, and would like to work with the NCSC, please get in touch."

The NCSC announced ACD in 2016, with many of the services encompassed in the suite of offerings coming to market the following year.

The idea behind it was to "protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber attacks the majority of the time," and since its launch, it has been considered a huge success.

It does this by targeting what it calls high-volume commodity attacks, which in plain speak means the low-sophistication attacks that exploit basic vulnerabilities using readily available tools. The more sophisticated stuff is handled in other ways, it says.

It's understood that the new capabilities and services coming to ACD 2.0 will continue to focus on these commodity attacks, but if there are opportunities to explore how these could also impose costs on the more sophisticated threat actors then they will be seized upon.

There are currently 12 services operating under the ACD initiative. If you're in the UK and work in the public sector, there's a good chance you've encountered one or two of these already, since most are only available to organizations of this type.

Its Early Warning service, however, might be the best known, since it's available to any UK organization with a static IP address or domain name. It's entirely free and provides registrants with alerts whenever their external network information shows signs of an attack.

Early Warning can alert organizations to early-stage ransomware attacks, for example, with the ultimate goal of disrupting cybercrime before it can cause any significant damage.

According to the NCSC's most recent annual review, Early Warning issued alerts for around 323,000 unique IP addresses found to have some sort of vulnerability and 10,200 unique IP addresses about a malware infection.

Mail Check – the service helping eligible organizations assess their email security compliance to prevent domains from being spoofed – has more than 2,700 sign-ups and protects more than 24,000 domains.

The capabilities of some services are also combined to make new ones, as is the case with Share and Defend, which shares intelligence with industry partners, such as ISPs, so protections can be applied to customers without their intervention.

Share and Defend pulls data from PDNS and Takedown – the NCSC's services for blocking malicious URLs and forcing hosting providers to take down malicious sites respectively – to gain a broader understanding of when and where to block user traffic. ®

More about

TIP US OFF

Send us news


Other stories you might like