At the latest NWCSC event GCHQ presented an overview of the current cyber threat environment and outlined GCHQ’s and the UK Governments strategy to put the UK in a position of work leader in the fight against cyber-attack.
Here are my notes from the seminar:
The general strategy is defined by the 4 P’s – Pursue, Protect, Prevent & Prepare.
Strategy 1 – Pursue
Pursuing cyber criminals and driving up cost of cyber criminals doing business
Presently 50 cyber criminals reside at the elite end – most not in the UK, some are.
Cybercrime is run as a business, disregarding hacktivists who are generally at the lower end.
Support services provide:
- Coders – write malware with support services, ticketing systems
- Crypters – obfuscate the malware
- Spammers traffic resellers – distribute the malware
- Hosting – secure from law enforcement
- Bot servers – manage botnets, large scale data mining
- Cashing out experts – muling & money drops
Most criminal forums exist on open internet, invitation only or vouch in, where surety payments are made and proof of criminality is required. Not all are on the dark web.
Identifying locations, administrators on the dark web is hugely complex.
Significant issue is complicated further in that these organisations are operating from hard to reach locations, which means that the global threat is not currently matched by the global response.
Tackling infrastructure have recently taken down some massive cyber-attacks.
- Shylock
- Dridex – now morphing into new forms as criminals learn the techniques being used against them, they introduce further obfuscation.
Objective is to tackle the criminal market place, identify pinch points & increase the risks of doing business. Which strategies will cause most disruption?
New Centre to this end has just opened in Warrington and are looking for new recruits in the North West as well as partnering with regional industry and academia.
Strategy 2 – Protect
Protecting our national infrastructure through hardening defences
Primary protect
Streetwise & Keep Safe on Line
TSG Guidance on passwords
Cyber Essentials
Focus on reducing and not stopping. Accepting that we cannot create an impenetrable seal around our networks as there are too many gaps.
Objective is to improving defences but if attacks do get through, detecting them quickly and neutralising them before they can do any real damage.
Cert UK – incident handling management plan
- Managing risks at board level
- Having boundary firewalls
- Internet gateways
- Network perimeter defences
- Malware detection
- Patch management
- Wan listing
- Executable control
- Secure configuration
- User access control
All make it harder to get in and the casual criminal will go somewhere else.
1200 cyber essentials in last 12 months but standards are not as high as they ought to be and take up not as high as it needs to be.
People are part of the problem but essential to the solution. Cyber education ought to be an ongoing activity for every business. Education around suspicious emails and sensible behaviour online will lower risks, but someone will click on that link which is why we need a remediation plan in place.
Secondary Protect
Hostile IP addresses and malicious domain names where information sharing will be a vital part of network defence. See – Cert uk secure online platform.
Protect is also about working with hosting companies to take down malicious activity.
Single National Cyber Centre is being created under GCHQ. Unified advise to government and industry and make it easier to share information of the threat and a platform for handling incidents as they arise.
Tertiary Protect
Encouraging and working with the tech industry to design out some of the current cyber vulnerabilities, desigming next generation passwords or technology that will do away with passwords all together.
Strategy 3 – Prevent
Deter people from pursuing a criminal path in the first place
Covered by Titan as part of the police response to tackling cyber-crime.
Strategy 4 – Prepare
Increasing capacity and skills across the community of government, law enforcement and industry to cope with the cyber challenge.
Not enough cyber skills and talent in the industry, which is forecast to get worse over the next 20 years.
13 centres of excellence and 10 University masters courses
Taken together these are the strategy for lowering the threat, which at present is growing and only through partnership with government, industry and internationally will we succeed in the long term.
