When it comes to cyber security, resilience is key
PUBLISHED: 16:39 18 June 2018
Ciaran Martin is CEO of the National Cyber Security Centre, attached to GCHQ in Cheltenham. He explains the cyber threats facing the UK and how corporate resilience is at the forefront of the fight against them
Working together is the only way to secure the UK’s digital future and guard against devastating cyber attacks.
Ciaran Martin, CEO of the National Cyber Security Centre, part of GCHQ, said the importance of cyber security had never been felt so acutely.
From Russian campaigns of intrusion into the internet infrastructure of Britain ad the US to the Sergei Scripal poisonings in Salisbury earlier in the year, cyber is now a “normal party of the arsenal of our adversaries”, he added.
He, he said, we have a choice about how to respond to the aggression.
“It is easy to fall into the trap of seeing the problem as too complicated, too technical and too secret for organisations and individuals to do anything about,” Mr Martin said.
“We are working not just with the US but across our global network of allies to provide organisations and the public with the tools and information they need to push back with us.”
A joint British and American report has been published, 21 detailed pages of technical indicators telling companies and public bodies how to identify and remove the hostile Russian presence.
“This is more about future risk than harm already done: an extensive Russian presence in our Internet infrastructure is not an acceptable national security risk for us as a nation to allow,” Ciaran said.
“If organisations here act on this advice and report incidents, they will both protect themselves and help enhance our national intelligence picture of those who would do us harm, thereby making the UK digital homeland significantly safer.”
He cautioned there was more to do than simply countering Russia, and explained it was an urgent national priority to address two issues: protecting critical infrastructure, services and ourselves at all levels from cyber attacks and the growing problem of rampant global cyber crime.
A £15m package was agreed at the Commonwealth Summit to increase cyber security capabilities, but there is more to do.
New measures introduced to parliament recently will help strengthen the cyber security of the UK’s critical infrastructure.
“Turning off the lights and the power supply by cyber attack is harder than Hollywood films sometimes make out,” Ciaran added.
“But we’ve seen enough malicious cyber attacks across the world, including against UK health services by a North Korean group last year, to know how services can be disrupted.
“Absolute protection is neither possible nor desirable; it’s about having more resilience in the systems we care about the most, those where loss of service would have the most impact on our way of life.
“We have said that it is a matter of when, not if, the UK faces a serious cyber attack. So we presented detailed plans to government departments about the priority areas where the NCSC will work with them, industry and law enforcement to improve the cyber resilience of the most important systems.
“Just as importantly, we must recognise that attackers, whether criminals or working for a hostile foreign government, exploit basic weaknesses.
“So we are strengthening the UK’s cyber defences in other ways, at all levels.”
One is by automation - 165 public sector organisations form part of a scheme that blocks access to sites known to be related to cyber attack.
In April, those organisations made 1.6 billion ‘lookups’ for internet sites, a quarter of a million of which the NCSC blocked because they were malicious.
But he warned against succumbing to despair when thinking about cyber attacks.
“There is cause for realistic optimism,” he said.
“The threats are there but whether they’re from Russia, criminals or anyone else, we are putting in place national-level defences as good as anywhere in the world, but we cannot do it alone.
“This week has shown that we have the partnerships at home and abroad to secure our digital future and we need a national-level effort from all parts of our community to make those defences as effective as they can be.”