In my last post, I talked about what makes the UK National Cyber Security Centre (NCSC) unique – and a valuable model of national cybersecurity for others to follow. I highlighted a recent report from the NCSC that explores their success with Active Cyber Defence (ACD): where they hunt down and face off against threats to make the cyber landscape safer for all. That report has too many interesting insights to contain in just one post – so I promised to write another. Here’s what I didn’t cover before that I think readers will want to be aware of.
Offense is the Best Defense
One of the signature services of the NCSC goes on the offensive to remove “bad stuff” hosted on the internet: extortion mail servers, fake eCommerce stores, phishing URLs, web shells, and quite a bit more. Kind of like internet cops, they patrol around for any criminal activities trying to ensnare the public and shut them down (hopefully) before anyone gets harmed.
Of course, cleansing the internet is an impossible and overwhelming undertaking for any team, but the impact of the NCSC is impressive nonetheless.
In total, it took down 2.7 million campaigns spread across 3.1 million bogus URLs in 2021. And while that may not sound like much on the grand scale of the internet, these takedowns are still significant. Consider, for example, phishing scams that used the UK government as a lure. These scams are very effective and potentially devastating. But thanks to the NCSC, there are 11,000 fewer active campaigns, and the median availability of attacks dropped by 30%. I call that progress.
The NCSC claims that in the 5 years it has been running the ACD program, the UK share of global phishing attacks has been cut in half, and the lifecycle of commodity attacks has shrunk significantly. Those results make a compelling argument in favor of offensive cybersecurity tactics, for one, and carrying out those tactics at the federal level, for another. As the NSCS says itself, “Our continued hope is that other nations, National CERTs, and other organizations employ similar services to amplify the effect of this work.”
Security Comes From Community
Something else that strikes me as unique about what the NCSC does is its emphasis on community involvement and proactive reporting. Users can provide suspicious emails or URLs for the NCSC to check out. Those tips, in turn, inform the comprehensive threat intelligence that the NCSC provides to organizations across the UK.
I think that’s a powerful model for others to follow: where threat intelligence comes from the bottom up (or perhaps the front-lines backward), and then guidance, support, and services are delivered from the top down. The security apparatus works similarly in other aspects of society – we report suspicious activities to the police or call out unusual activities in the airport – but it has yet to really expand into the realm of cybersecurity. Most would agree that needs to change, and the NCSC shows us why and how.
Whether at the federal level, the individual level, or anywhere in-between, cybersecurity benefits from community and suffers from isolation. The more that people report red flags and share intelligence, the faster we neutralize attacks. And the more that we approach cybersecurity as a shared priority and cooperative endeavor, the more we build an insurmountable advantage against hackers. I know this might sound sentimental. But I firmly believe that cybersecurity only works collectively. The NCSC seems to agree.
Granted, other federal cybersecurity agencies, including those in the US, have mechanisms for reporting possible threats and distributing threat intelligence. The UK isn’t alone in that regard. But through some combination of accessibility and outreach, the NCSC has gotten people onboard with cybersecurity in ways that should make other governments envious. As they say in their own report, active cyber defense is a “team sport.”
I couldn’t agree more.
#cybersecurity #UK #NCSC #CISA #InfoSec
