Government announces GCHQ s National Cyber Security Centre to provide businesses with security guidanceThe British government is setting up a National Cyber Security Centre NCSC to act as a one-stop-shop for businesses seeking advice and support when dealing with cyber security issues.The centre will be managed by GCHQ, and was revealed today by the Minister for Cabinet Office Matt Hancock MP in a speech to a cyber security conference in London.He pointed out that the vast majority of the UK s Critical National Infrastructure is operated by the private sector.And to this end, the NCSC will help the business community.This level 3 qualification, equivalent to an AS Level, teaches the basics of cyber security in three months, and can be studied in schools, colleges or through the Challenge itself, he said.We re already one of the top 5 exporters in the world, and the global market is growing by 20 percent a year, said Hancock.
The blueprint PDF outlines that the NCSC will act as a hub for sharing best practices in security between public and private sectors, and will tackle cyber incident response.In the prospectus, Cabinet Office minister Matt Hancock explained: "The Centre will be the bridge between industry and government, simplifying the current complex structures, providing a unified source of advice and support, including on managing incidents."The Centre will bring together the capabilities already developed by CESG – the Information Security arm of GCHQ – the Centre for the Protection of National Infrastructure, CERT-UK and the Centre for Cyber Assessment, allowing us to build on the best of what we already have, whilst significantly simplifying the current arrangements," Martin said in a canned statement contained within the prospectus.This translates in practical terms to a doubling of the investment the UK Government will make in cyber security, to £1.9 billion over the next five years.Gordon Morrison, director of government relations at Intel Security, said the centre would help in fighting the growing problem of cybercrime."Assuming the role of the lead cybersecurity technical authority in the UK, we look forward to working with the NCSC as it embarks on its important mission of responding to cyberattacks on the UK and promoting a diverse and collaborative approach to cybersecurity to improve the country's overall cyber health: between the private and public sector, and both in the UK and internationally," he added.
Speaking in Washington, Ciaran Martin was giving his first public comments as the chief executive of the NCSC.The centre, which launches next month, will absorb existing roles such as protecting government and critical infrastructure.The NCSC will take a lead on protecting government networks and those of national level importance, but Mr Martin also outlined ways in which it would be more ambitious in improving the UK's overall cybersecurity.One-eighth of the UK's gross domestic product GDP comes from the digital economy, the highest in the G20 group of industrialised economies, and Mr Martin said retaining public confidence in online transactions and ensuring economic growth was a priority in the same way as protecting national security.Mr Martin described this as "active cyber-defence", distinguishing it from the US use of the term, which relates to pursuing hackers into their networks.Two to three years ago, there had been an expectation in government that a market of supply and demand would help deal with the low- to medium-end cyber-threats, leaving government to concentre on high-end threats.
Officials with GCHQ are said to be mulling a plan that would extend the UK government's network security tools to private-sector ISPs.GCHQ director general for cyber security Ciaran Martin has been in Washington, DC, pitching the plan to arm the ISPs with firewall updates aimed at blocking off known bad actors.The project, said to be part of the new National Cyber Security Centre NCSC headed up by Martin, is aimed at protecting businesses from attacks by sealing off those addresses previously associated with attacks.This will allow the public to be protected from malware or state-sponsored attacks that have already been spotted by GCHQ.Though characterised in press reports as another "Great Firewall," the project appears to be almost entirely focused on catching cyber attacks, rather than gathering intelligence or censoring content.The plan is said to be in its early phases, with no actual announcement or rollout imminent.
Government plans to show more cyber-security initiative, says head of new National Cyber Security Centre, as NAO describes cabinet IT disarrayThe head of the UK s new National Cyber Security Centre NCSC has said the government is planning to take a more active role in defending the country against online attacks, as the National Audit Office NAO published a damning report indicating the disarray of current government information security efforts.Evil parliament c pisaphotography, Shutterstock 2014 If we re to maintain confidence in the digital economy, we ve got to tackle this end of the problem, Martin told the Billington Cyber Security Summit on Tuesday.He said twice as many national-security-level cyber-incidents were detected in 2015 compared with the year before, adding up to about 200 per month, while the NAO noted that the 17 largest government departments recorded 8,995 data breaches in 2014-15.While the NCSC s formation should bring together much of government s cyber expertise the NAO warned that in its view wider reforms will be necessary and currently reporting personal data breaches is chaotic with different departments mechanisms making it impossible to collect coherent data.
GCHQ wants to use DNS filtering to help combat cybercrimeWe have noticed you are using an ad blockerTo continue providing news and award winning journalism, we rely on advertising revenue.The Government Communications Headquarters GCHQ , the UK's secretive signals intelligence agency, is developing 'automated defence' tools – already dubbed the 'Great British Firewall' - to help combat a spike in cyberattacks over the past year.The main base for the operation is likely to be the agency's upcoming National Cyber Security Centre NCSC , set to launch later this year, which will bring together experts from MI5, Cert, local law enforcement and private industry to help fight the threat of hacking."We're exploring a flagship project on scaling up DNS domain name system filtering," he continued.
GCHQ has plans to create a firewall that could protect government agencies and British internet users against malicious cyber attacks.Ciaran Martin, the intelligence agency s director general of cyber security, outlined his plans for the firewall at a cybersecurity conference in Washington DC.Martin was speaking as the head of the National Cyber Security Centre – a newly-created arm of GCHQ that has been tasked with creating the first cyber force dedicated to combating online threats to the UK.According to Martin, GCHQ is exploring a flagship project aimed at protecting government websites and national security agencies from hacks and other cyber attacks.He went on to say that the as-yet-unbuilt firewall could also be used by private internet service providers such as BT, Sky and Virgin.What better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?
Cyber chief calls for 'offensive' weaponsThe head of the UK s new National Cyber Security Centre NCSC has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK s overall security.The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days after the publication of a damning report by the National Audit Office into the UK government s current approach to digital security.Martin called for the "development of lawful and carefully governed offensive cyber capabilities to combat and deter the most aggressive threats".Active cyber defence means hacking back against attackers to disrupt assaults, in US parlance at least.During his speech at the Billington Cyber Security Summit in Washington DC, NCSC's Martin also floated the idea of sharing government network security tools such as DNS filters with private-sector ISPs, as previously reported.
The nation s first centre dedicated to combating cyber criminals opens next week, as the threat of online attacks continues to rise.Intelligence bosses at the National Cyber Security Centre NCSC will target terrorists, hackers and online gangs from their base in central London.The new organisation was created to both respond to attacks and reduce the risk of future threats, while also providing leadership in cyber security.Our role is helping to make the UK the safest place to live and do business online said CEO of the centre Ciaran Martin.So we re going to tackle the major threats from hostile states and criminal gangs.But we re also going to work tirelessly to automatically protect people from those smaller scale and deeply damaging attacks that cause so much disruption and frustration.
The UK is going to be fighting the war against cyber attacks from a new HQ in London.The Evening Standard has revealed that the new National Cyber Security Centre NCSC will be based near Victoria Station, and the centre will be tasked with protecting the UK from cyber attacks all over the world.It was reported that specialist teams from the City, Whitehall, intelligence and security services, energy, telecoms and other parts of the national infrastructure and businesses will be joining the NCSC in the fight against cyber terrorists and criminals.In total, the NCSC will have 700 staff and more than half will be based at the new HQ.The creation of the new agency was announced by then-chancellor George Osborne, in November last year.He also pledged to increase the country s cyber security budget, because of the threats from abroad, while also adding new staff to the UK s intelligence agencies.
The National Cyber Security Centre will focus on boosting the UK s cyber defense rather than offensive capabilitiesThe UK s National Cyber Security Centre NCSC has opened and will act as the front-line base for providing government organisations and UK-based businesses with advice on how to defend against cyber threats.Based in London s Victoria, the centre is being headed-up by ex-director general of cyber at GCHQ, Ciaran Martin.The centre s primary focus is on cyber defense rather than offensive capabilities, which tend to be the domain of GCHQ.It will look to tack issues such as online security, curtailing intellectual property theft and raising awareness across public and private sector organisations on how to mitigate cyber threats.Fotolia: Technology Security freshidea 39053413
WIRED Security is a new one-day event from WIRED, curated to explore, explain and predict new trends, threats, and defences in cyber security.To find out more and to book tickets, click here.The Doughnut – GCHQ's vast, Cheltenham-based nerve centre – is a building straight from the pages of a spy novel.Visitors are seldom allowed inside the building which, Edward Snowdon's NSA leaks, is the centre of government mass surveillance in the UK.There's even going to be a Shake Shack on the ground floor.Announced by then-chancellor George Osborne in November 2015, the NSCS is the first government agency devoted solely to cyber security.
National Cyber Security Centre chief Dr Ian Levy wants an empirical, transparent approach to cybersecurity policy – not hysteriaThe head of the government s new National Cyber Security Centre NCSC says the country will be unable to harness the power of new technologies like the Internet of Things IoT and Artificial Intelligence AI until cybersecurity fearmongering is replaced by a statistical and rational approach.Dr Ian Levy said the public perception of a hoodie-clad hacker see below was damaging and that a lack of actionable data meant it was impossible for businesses and public sector organisations to undertake effective risk assessment of new innovations.Without this, people will be too scared to use connected cars, or upload information to cloud services because they re terrified hackers might gain access, Levy argued. Cybersecurity runs on fear, he said at Microsoft Future Decoded.In no other part of public policy do you allow fear to rule public perception.
LONDON Reuters - Retailer Tesco Plc's banking arm said on Tuesday that 2.5 million pounds $3 million had been stolen from 9,000 customers over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank.The bank, whose operating income has accounted for as much as a quarter of Tesco's total in some years, added that no customer data had been compromised.The National Cyber Security Centre NCSC , a new government body, said on Tuesday that it was working with criminal investigators and Tesco to understand the nature of an attack described as "unprecedented" by the financial regulator.The NCSC and Britain's National Crime Agency said they could not remember another confirmed case where thieves had stolen large sums of money via a mass hacking of accounts at a Western bank.A spokeswoman for Tesco declined to comment beyond its previous statement on Monday.Cyber experts said that smaller banks, like Tesco's, are more vulnerable to attack than global financial institutions, which have bigger cyber security budgets.
Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach.Earlier this month Tesco Bank was obliged to admit that an estimated £2.5m had been looted from 9,000 accounts.Initially it was feared that money had been taken from 20,000 accounts, but this figure was revised downwards days after the breach was disclosed.Tesco Bank temporarily froze online account operations and contactless payments for its current account holders in the immediate aftermath of the breach, one of the worst to ever affect a British retail bank.It said by way of reassurance it was unaware of any threat to the wider UK banking sector.Some of these reported small fraudulent transactions of around £20 before larger transactions of £500 or more were attempted.
Links to supermarket's systems may have exposed vulnerabilityA former techie at the UK's Tesco Bank reckons the recent high-profile breach may be down to security shortcomings at the bank's parent supermarket.Earlier this month Tesco Bank admitted that an estimated £2.5m had been stolen from 9,000 customer accounts in the biggest cyber-heist of its kind to affect a UK bank.NCSC issued a statement saying it was "unaware" of any threat to the wider UK banking sector.Security architecture is sound, and vulnerabilities are patched in a timely manner.A full breach is very unlikely, and there are much bigger and better targets if a gang has access to relevant zero-days.
GCHQ has gone on a £422,073 $522,779 hiring spree in a bid to defend the UK's universities, charities and small businesses, figures compiled by IBTimes UK on Friday 6 January show.The National Cyber Security Centre NCSC is looking to recruit desk officers, team leaders, a deputy team head and strategy and impact lead.The roles are part of NCSC's new economy and society team, which is responsible for cybersecurity across the private, voluntary and public sectors.These "have not previously benefited from this kind of government help", according to NCSC.The recruitment drive comes after senior Conservative MP Andrew Tyrie, who chairs the Treasury Select Committee, called on the head of the NCSC to make cyber defence of financial services industry a top priority."It is essential that the intelligence community gives the regulators the technical and practical support they need to do their job," Tyrie wrote in December.
Government surveillance agency GCHQ is running a tech skills competition for teenage girls as part of an initiative designed to encourage more women to join the fight to protect the UK from cyberattacks and hackers.Reflecting a gender balance issue in the technology sector as a whole, women make up just ten percent of the global cybersecurity workforce.Orchestrated by GCHQ's National Cyber Security Centre, the competition looks to knock down barriers to entry into the profession by inviting girls between the ages of 13 and 15 to enter in teams of four.They will have their cybersecurity skills tested against other schoolgirls from across the UK in a series of online challenges.The best ten teams will be invited to a national final set to take place in London at the end of March.There they'll compete against each other to investigate what's described as 'suspicious cyber activity' and attempt to solve who is behind a crime.
A number of cybersecurity firms are pushing back against recent comments made by a director at UK intelligence agency GCHQ, who accused them of using an exaggerated fear of hacking, especially state-sponsored threats, to flog products.Dr Ian Levy, speaking at the US-based 'Enigma' conference on 3 February, said: "We are allowing massively incentivised companies to define the public perception of the hacking problem."He criticised an overuse of the term advanced persistent threat APT , which typically includes hackers backed by a government or state.As reported by The Register, he said: "You end up with a narrative that basically says 'you lot are too stupid to understand this and only I can possibly help you' so buy my magic amulet and you'll be fine.'Referencing the hack of UK telecom TalkTalk in 2015, Dr Levy maintained that the majority of successful cyberattacks and hacks are not that sophisticated, still using rudimentary – but reliable - tactics such as SQL injections or email phishing to infect computers."The perception that witchcraft or secret methods of intrusion are in play is nonsense," said Philip Lieberman, chief executive of Lieberman Software.
Britain has faced 188 high-level cyberattacks in the last three months, with attempts by Russian and Chinese state-sponsored hackers currently under investigation, says a leading security chief.Ciaran Martin, who is the chief executive of the new National Cyber Security Centre opening in February 2017, said "many" of the attacks "threatened national security".Hackers are said to be "getting into the system to extract information on UK government policy on anything from energy to diplomacy to information on a particular sector", said Martin in a Sunday Times report.A surge in attacks from Russia has also been noted by the security boss."Over the last two years there has been a step change in Russian aggression in cyberspace," he said."Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations, and that's all very well evidenced by our international partners and widely accepted."