There is a need to understand adversaries, be able to track and defend against their actions, and be able to tell and share learned intelligence.
Opening the SANS Institute’s Cyber Threat 2018 conference in London, National Cyber Security Centre director of operations Paul Chichester said that he wants cybersecurity to an enabler rather than a hindrance for the UK economy, especially as it had seen more “disruptive and destructive” styles of attacks.
“A lot of what keeps us awake are things that are going to harm critical infrastructure,” he said. “A lot has happened over time, and we have looked at it from a UK point of view, such as the Ukrainian power outage and be sure that they can be defended against in the UK. A key part of what we do is take the knowledge of those threats and make sure we turn them into useful and practical guidance.”
Looking at the current threat landscape, Chichester said that a focus for the NCSC is not on what it knows, but on what it tells and shares, which is a key difference from what was being done before the formation of the Center. This included its first report on Turla in January: Chichester said that this is the kind of thing that the NCSC needs to do more, and within a couple of weeks of publishing the report the adversary changed their tactics, so it put another report out.
He added: “The plan is to really scale this out. As we see an adversary changing we will share our knowledge.”
On attribution, he said that this was being done when it was in the national interest to do so. “While attribution will always be a ministerial and political decision, the work that we do in the NCSC will enable that, and analysis and assessment goes into that,” he said.
He said that the NCSC enabled government to centrally manage cybersecurity since its opening a year ago, and “provides a step change in the way we manage cybersecurity” as different government departments did parts of cyber, and as a key tier one threat it wanted to bring all of that intelligence together.
“It was complicated for business and industry [to know] who to go to, and we knew that when we had a major cyber event we needed a single place to bring that together and to coordinate our answer,” he said. “We didn’t want to have to worry about who was going to be responsible for playing that scenario out.”
Concluding with comments on community and diversity, Chichester said that participating in a SANS event was a “key moment for us [NCSC] and it is about us working with the community and creating a community in the UK that works on this topic and that we can share into, and for this is really groundbreaking”.