The UK government’s National Cyber Security Centre (NCSC) dealt with over 1100 reported incidents in its first year, more than half of which were classed as “significant”, according to a new report.
The organization’s Annual Review 2017 revealed that the center, spun out of GCHQ last year, tackled 590 serious incident reports, over 30 of which required a “cross-government response process” coordinated by the NCSC.
The report highlighted the WannaCry ransomware blitz in May and coordinated attacks on parliamentary accounts in June as typical of the incidents the NCSC is called on to help address.
It also trumpeted the organization’s outreach to industry: via a Cyber Security Information Sharing Partnership (CiSP) which has seen its community grow by 43% over the year; the NCSC website, which has become a valuable resource in its own right and the Active Cyber Defence program.
The latter is designed to improve cybersecurity across the public sector. In the past year there have been moves to: implement anti-phishing standard DMARC across government, block users from following malicious links, roll-out a Web Check vulnerability scanning service and introduce a phishing/malware reporting service with Netcraft.
The NCSC claimed the above initiatives have helped to prevent nearly 80,000 phishing attacks and block over 20,000 malicious domains in August alone.
The center also claimed to have helped secure the UK’s armed forces via its UK Key Production Authority, a world-leading resource on cryptography.
The NCSC is now a key part of the UK’s response to ever-evolving cyber-threats, according to GCHQ boss, Jeremy Fleming.
“It is a critical component not only of GCHQ, where it benefits from the data and expertise it has access to as part of the intelligence community, but of how the government as a whole works to keep the UK safe,” he said in a statement.
“The NCSC has brought together unparalleled skills, capabilities and partnerships and in its first year has made enormous strides in increasing and improving our cyber capabilities. It is in the front line in protecting the UK against a growing number of cyber-attacks.”
However, some commentators argued that there’s still some way to go, especially on intelligence sharing.
“In our recent survey with Ponemon Institute, we found just 35% of UK organizations share intelligence with government associations. More needs to be done to promote the sharing of intelligence, as it improves visibility for better data analysis and delivers stronger defenses optimized against observed and perceived threats,” said Jamie Stone, VP EMEA at Anomali.
“Pushing out cyber-attack details quickly could mean the difference between someone else getting breached and being able to stop it quickly. As well as faster answers to incident response challenges thanks to the additional resources, adding skills and expertise to the event.”