WIREDGOV

The NCSC’s Director of Operations outlined how co-operation between nation states improves global cyber security during a NATO keynote speech yesterday (17 October).

Paul Chichester, the NCSC's Director of Operations, has reiterated the UK’s support to NATO operations and encouraged the Alliance to embrace their role as lead responders to global attacks from state and non-state actors who could do real world harm to our democracies and critical infrastructure.  The speech, at NATO’s annual cyber security summit 17th October), came just two weeks after the NCSC’s first anniversary and mentioned some of the successes and challenges the organisation has faced so far.

Good morning everyone.

First, can I say what an honour it is to be giving a keynote on behalf of the United Kingdom here at the NIAS 2017 conference.

To begin I wanted to take this opportunity to personally thank a good friend at NATO, Sorin Ducaru. As the Assistant Secretary General for Emerging Security Challenges Sorin has been at the forefront of leading and shaping NATO's approach to cyber space and cyber security.

In 2014 NATO made the important step of recognising cyber defence as a part of its core task of collective defence and recognised that the impact of cyber-attacks could be as harmful to our societies as a conventional attack.

At Warsaw in 2016 NATO went further, announcing the cyber defence pledge and recognising cyberspace as a domain in the same way as land, sea and air.

Both events were key milestones in NATO’s developing approach to cyber space.

As well as guiding NATO through these changes, Sorin has been a good friend of the UK so “thank you” Sorin and good luck in the future as your time here at NATO draws to a close.

So on to the main topic.

****

This keynote is billed as taking about national approaches and the importance of partnerships so let me share with you the experiences of the UK, particularly over the last couple of years.

Like NATO, cyber security is something we take extremely seriously. In 2010, hostile attacks against the UK in cyber space were made a tier 1 risk alongside a major terrorist incident, a major accident or natural hazard or an international military crisis.

Between 2010 and 2015 the UK invested £860m on cyber security but even though we had been successful in understanding the threats against the UK during those five years we also recognised that a more transformative approach was required if we were to meet the emerging challenges. The number of adversaries was growing, they were continuing to develop their capabilities and the pace of technological change was growing at a relentless pace. We needed a “gear shift” moment to keep up.

Our response was a further investment of £1.9bn and the publication in 2016 of a new National Cyber Security Strategy.

The aim of this strategy is to make the United Kingdom the safest and most secure place to live and do business on line and central to this strategy was the creation of the National Cyber Security Centre, a single one stop shop for operational cyber security in the UK.

We are charged with reducing the risk to the UK, leading the UK’s response to major cyber incidents, understanding the cyber environment and developing key partnerships both in the UK and globally.

Partnerships are key to all aspects of our mission but in terms on manging incidents, it really is a team sport. In our first year, the NCSC dealt with over 600 significant incidents, all needing a cross government and industry response. However, WannaCry is by far the most memorable from that first twelve months!

The moment the story broke on the Friday afternoon we initiated our standard response procedures and coordinated the national response across government and industry. The race was also on to use all our capabilities to piece together the exact nature of the attack and where it originated. Our task was made even harder as in the first few hours there were conflicting reports coming in about how the attack had started and how it was spreading.

Throughout the weekend we were constantly updating our technical analysis and assessment, working closely with our NHS colleagues as they worked tirelessly to ensure disruption to public services was kept to an absolute minimum and developing broader guidance for everyone in the UK to ensure they did everything possible to protect themselves.

Overall It was a fantastic team effort across government and the private sector with over 60 people alone in GCHQ and the NCSC working flat out over the entire weekend to ensure the restoration of public services on the Monday morning.

There’s no doubt in my mind that had the NCSC not been created just several months before, the subsequent lessons identified exercise from WannaCry would have said we needed one!

But partnerships are not just there for a crisis so let me delve into a bit more detail of how vital partnerships are to the whole of the NCSC, every day of the year.

****

Firstly, I should mention our partnership with our parent organisation, GCHQ, and the other security and intelligence agencies in the UK, MI5 and MI6. As a community we have a wide range of skills and knowledge that come together to allow the NCSC to deliver its mission.

Access to intelligence is particularly key, allowing us to understand not just the technical capabilities of our adversaries but their political intent and motivations. The decision to put the UK's National Cyber Security Centre in GCHQ was in part, based on this unique insight.

Next, I must highlight the importance of our partnership with law enforcement. As the NCSC we do not have powers of arrest and therefore support our law enforcement colleagues in the National Crime Agency and more widely across the UK, to identify and disrupt cyber criminals both at home but also overseas.

The NCSC’s partnerships with other government departments is also vital. Be that our enduring partnership with Defence, or more recent ones with lead departments for CNI sectors such as the Treasury for the financial services sector or the Department for Business, Energy and Industrial Strategy when it comes to defending civil nuclear and energy assets.

Now of course, partnerships with other government departments is hardly ground-breaking but our partnerships with industry are. Whilst I don’t want to start talking about relative importance, it’s true to say the NCSC couldn’t perform its mission without its partners in the private sector.

In fact, that’s how we treat them – as mission partners rather than perhaps more traditionally as suppliers of products and services or even victims.

In February this year the NCSC launched our Industry 100 initiative. Its aim is to bring approximately 100 private sector individuals into our London Headquarters to work on shared problems and develop joint solutions. We are seeking experts in analysis and assessment to help us better understand the threat but we’re also encouraging experts with sector knowledge to join us to develop guidance tailored for their sector. This is particularly important as our remit is so wide and diverse.

To date we’ve developed many threat related reports with our industry partners including one focused on the threat posed by a group known as APT10 to the global managed service provider sector and more recently on the resurgence of the Dridex cyber crime malware.

****

I’ve already touched on incidents so let me return to that topic this is another area where a close partnership with industry is vital. Once detected, a breach can take weeks and sometimes months to investigate fully and remediate. To help organisations deal with this challenge we have the Cyber Incident Response Scheme (CIR). This sets a high bar for companies to demonstrate they have the necessary skills and approach to support organisations following a breach but our involvement doesn’t end there.

With their customers blessing we can work closely with the CIR company, providing our own expert knowledge and insights of the threat they are investigating. In this way the affected organisation can be confident they’re getting the best possible response.

These are just two examples of how the NCSC is building mission partnerships with industry and there are numerous others. Cyber defence is a global team sport and our industry partnerships are key.

Finally, I want to touch on the partnerships the NCSC has with academia. As the national technical authority for cyber security in the UK we’re charged with not just understanding current technology challenges but also future ones.

We currently have 14 Academic Centres of Excellence in Cyber Security Research and in emerging topics like industrial control systems where the UK doesn’t already have a research pedigree we are sponsoring Research Institutes to build the national expertise to the levels required.

Of course, NATO has already recognised that partnerships with industry and academia play an important role and I’d encourage colleagues to make the most of the NATO Industry Cyber Partnership launched here at NIAS in 2014 and to think innovatively about how the Alliance can optimise the benefits from such engagement.

Now given I’m at an international conference I can hardly forget the importance of our international partnerships.

The UK has always seen itself as a global contributor on cyber security and no more so than now as we prepare to leave the European Union.

But leaving the EU doesn’t mean walking away from the already excellent partnerships we have on security and cyber security. In fact, we are committed to deepening those partnerships both bilaterally and with the EU itself. Standing together in the face of the global threats that would do us harm is essential.

Looking even more widely, in our first year as the NCSC we have worked with over 50 countries across five continents, spoken at conferences in all five and deepened our commitment to NATO by signing the Memorandum of Understanding on Cyber Defence.

****

So what of the future?

These threats are global and our response must be equally a global one. I’d assert that NATO is uniquely placed to play a leading role in that international response.

Across NATO we have amazing capabilities and talents. We see the threats through many complimentary lens and between us we have the necessary elements to build a comprehensive response.

However, these components are just that, individual elements sitting in individual member states. Our challenge is to work together, in partnership to secure those things we hold most dear.

And as I have the stage let me say that the UK wants to play its part to the full. We certainly don’t have all the answers, or arguably even know all the questions, but we want to share what we know and have discovered on our journey so far.

We want to play a greater role in sharing our insights of the threats, both at a technical level where sharing details of attacks as we see them is critical rather than days or weeks later but we also want to share our more strategic assessment of what these attacks mean in the wider global context.

But it’s not just about understanding the threats. We also need to respond and the UK stands ready to support its allies. As we have in the physical realm with our deployment of troops to Estonia as part of Enhanced Forward Presence, we offer all the UK’s capabilities to defend the new domain of cyber space. That’s why our Secretary of State for Defence, Sir Michael Fallon, announced in June this year that the UK is ready to become one of the first NATO members to publicly offer the full range of its cyber capabilities to NATO operations as and when required.

So, let me close with a challenge. The story I’ve told is not the end of our journey but rather the start of one. It is very much my personal view, but I believe NATO can and in fact must play a central role in defending our democracies and critical infrastructure from state and non-state actors who would do us harm. Let’s tackle this challenge together, in partnership.

Thank you.