#VB2019: NCSC Reflects on Three Years of Countering and Attribution

Written by

As it prepares to mark its third anniversary of opening, the National Cyber Security Centre (NCSC) has said that defending the UK is a team effort and encouraged more businesses to work with it.

Speaking at the Virus Bulletin 2019 conference in London, director of operations at the NCSC Paul Chichester, reflected on the work done to create the NCSC, and how UK businesses needed to work alongside it.

Chichester explained that the momentum for a response center had begun when, in the 2000s, the attackers targeting the UK were looked at closer, and today “there are 20 nation state threats that we track” and while it does not track all threats and compete with commercial companies, it can “understand additional insights.” 

He said that with 20 years of capability and insight to understand threats to the UK, the government funding in 2010 led to the development of the NCSC, which solved the problem of the “obvious flaws in the approach that the UK took,” in particular that there was no single point or place to go to report issues. 

Admitting that the work of the NCSC will not stop the UK being an interest for attackers, Chichester pointed out that it is able to counter threats. “Our work in the past has been on observing threats, and our view is that it is not about counting but countering the threat,” he added. 

He also said that as the NCSC is responsible for attribution, the UK government understands the context of threats and can assess threat as it pertains to the UK. “Also, we don’t respond with a red button, but by helping people, reporting to the victim and doing victim notification,” he continued, that the NCSC does “a huge amount of work in the UK and works with organizations to help them recover. Attribution is an art, not a science,” he said.

He concluded his talk by saying that the NCSC wants to collaborate more, and work with people in the industry “and for us it is a team sport and please talk to us - we care about the things you care about.”

Later speaking to Infosecurity, Chichester said that the efforts undertaken by the NCSC include doing formal attribution, and protecting the anonymity of the organizations it protects. As part of this, it feeds tactical intelligence via its CISP and partner channels, and he said that companies are often not judged by the compromise, “but how they deal with it.”

Asked if businesses are coming to the NCSC to collaborate, Chichester said they are “massively” and this is fundamental for the business. “We want people to come to us to get insight into threats at a macro level, and we want to work with organizations to help us understand what they are seeing and doing [regarding] incident response.”

What’s hot on Infosecurity Magazine?