National Cyber Security Centre
First threat assessment for universities produced by the NCSC
The NCSC has published a threat assessment aimed at supporting universities.
- Assessment raises awareness of threats from state-sponsored espionage and from cyber criminals – as well as security measures universities can take in response
- Universities encouraged to adopt security-conscious policies and access controls
- Latest document is part of the NCSC’s ongoing work with academia to help ensure UK universities protect world-leading status in research and innovation
The threats facing the UK’s world-leading universities and the steps they can take to protect themselves were outlined yesterday in a report from the National Cyber Security Centre (NCSC), a part of GCHQ.
The NCSC’s threat assessment aims to raise awareness of state-sponsored espionage targeting high-value research, as well as the risk of financial losses at the hands of cyber criminals.
While the NCSC has been working with the academic sector on an ongoing basis to improve security practices, this is the first threat assessment it has produced specifically for universities.
The assessment notes that while cyber criminals using methods such as phishing attacks and malware pose the most immediate, disruptive threat, the longer-term threat comes from nation states intent on stealing research for strategic gain.
To mitigate the risks, universities are encouraged to adopt security-conscious policies and access controls, as well as to ensure potentially sensitive or high-value research is separated rather than stored in one area.
Measures to support universities have been outlined in Trusted Research, from the Centre for the Protection of National Infrastructure (CPNI) and the NCSC, which offers accessible and actionable cyber security advice for university leaders, staff and researchers.
Sarah Lyons, Deputy Director for Economy and Society at the National Cyber Security Centre, yesterday said:
“The UK’s universities are rightly celebrated for their thriving role in international research and innovation collaborations.
“The NCSC’s assessment helps universities better understand the cyber threats they may face as part of the global and open nature of research and what they can do about it using a Trusted Research approach.
“NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyberspace.”
The assessment found that the open and outward-looking nature of the universities sector, while allowing collaboration across international borders, also eases the task of a cyber attacker.
Among the examples highlighted in the assessment was an attack from last year attributed to Iranian actors in which they were able to steal the credentials of their victims after directing them to fake university websites.
The attack took place across 14 countries, including the UK, and many of the fake pages were linked to university library systems, indicating the actors’ appetite for this type of material.
The assessment also highlights the financial damage which can be caused by cyber attacks on UK universities, citing previous figures from UK Finance which estimated that UK university losses from cyber crime for the first half of 2018 were £145m.
Latest News from
National Cyber Security Centre
New-look CyberFirst Girls Competition goes regional17/10/2019 09:15:00
The introduction of regional semi-finals give girls the opportunity to test their cyber skills against those of local rivals for the first time.
Surge in female applicants for cyber security courses08/10/2019 15:51:00
The NCSC has revealed new figures highlighting an increase in the amount of girls applying for cyber security courses.
Advisory: Exim mail server vulnerabilities07/10/2019 12:10:00
Hundreds of UK organisations at risk of compromise due to Exim mail server vulnerabilities
UK and Singapore sign IoT security pledge04/10/2019 11:15:00
Ciaran Martin explains why he is so pleased to have signed an agreement to strengthen the partnership between the UK and Singapore on the security of internet-connected devices.
Vulnerabilities exploited in VPN products used worldwide03/10/2019 16:15:00
APTs are exploiting vulnerabilities in several VPN products used worldwide.
Declassified: cyber security recruitment fair takes to the road16/09/2019 08:20:00
CyberFirst bursary students shown the varied career opportunities within the cyber security community.
NCSC advice to organisations to mitigate against DoS attacks09/09/2019 16:15:00
A suspected Denial of Service (DoS) attack resulted in Wikipedia experiencing intermittent outages in the early hours of Saturday September 7.
NCSC CEO receives international award for cyber security leadership09/09/2019 12:15:00
Ciaran Martin has received an award for leadership at a major summit in the United States.