National Cyber Security Centre
NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response
The NCSC's fourth Annual Review reveals its ongoing work against cyber attacks, support for the UK during the coronavirus pandemic.
- The National Cyber Security Centre – a part of GCHQ – Fourth Annual Review reveals organisation defended the UK from 723 cyber incidents in the last year
- Extent of organisation’s coronavirus pandemic response revealed in report, which also highlights increasing threat from ransomware
- NCSC’s new Chief Executive Lindy Cameron welcomes support from government, business and citizens and encourages continued collaboration
THE National Cyber Security Centre defended the UK from an average of 60 attacks per month during a year which saw its resources proactively focused on the coronavirus response, the organisation’s latest Annual Review revealed today.
The NCSC, which is a part of GCHQ, handled 723 incidents between 1 September 2019 and 31 August 2020, with around 200 related to coronavirus. In the previous three years since launching, they supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019).
The growth this year reflects ongoing NCSC efforts to proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves.
In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.
With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and the City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.
The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.
A new remote working scenario was added to the NCSC’s ‘Exercise in a Box’ programme. The initiative, which allows people to test their cyber defences against realistic scenarios was used by people in 125 countries this year.
Lindy Cameron, Chief Executive of the NCSC, yesterday said:
“This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus.
“From handling hundreds of incidents to protecting our democratic institutions and keeping people safe while working remotely, our expertise has delivered across multiple frontiers.
“This has all been achieved with the fantastic support of government, businesses and citizens and I would urge them to continue contributing to our collective cyber security.”
Jeremy Fleming, Director of GCHQ, yesterday said:
“The world changed in 2020 and so did the balance of threats we are seeing.
“As this Review shows, the expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic.
“The years ahead are likely to be just as challenging, but I am confident that in the NCSC we have developed the capabilities, relationships and approaches to keep the UK at the forefront of global cyber security.”
The Rt Hon Penny Mordaunt MP, the Paymaster General, yesterday said:
“The COVID-19 pandemic continues to affect how we live and work. In a year of complex challenges, the NCSC has continued to react to swiftly-evolving cyber threats.
“This Review shows how the NCSC has taken decisive action against malicious actors in the UK and abroad who saw our digital lifelines as vectors for espionage, fraud and ransom attacks.
“It is vital that cyber security remains a priority for government, industry and the public in building UK resilience to a spectrum of risks.”
Summary of the NCSC’s Annual Review
Some of the key figures in the NCSC’s response to the challenges of the pandemic were:
- Rolling out Active Cyber Defence (ACD) services to 235 front-line health bodies, including NHS Trusts
- Launching the pioneering Suspicious Email Reporting Service with City of London Police, with 2.3 million emails reported by the public leading to the removal of 22,000 malicious URLs
- Scanning more than 1 million NHS IP addresses to check for weaknesses and sharing 51,000 Indicators of Compromise with the NHS.
Another important aspect of the NCSC’s response to the pandemic was its support for the NHS COVID-19 app, which included providing advice on cyber security best practice and publishing a series of blogs to ensure transparency around the development.
The growing threat from ransomware is starkly revealed in the review, which discloses that the NCSC handled more than three times as many ransomware incidents compared to last year.
Alongside this rise, there has also been a marked shift in the way criminals carry out these attacks. Traditionally, victims are denied access to their own data until a ransom is paid, however attackers are increasingly threatening to leak sensitive information publicly until payment is received.
The NCSC has recently updated its guidance to reflect this changing nature, and emphasises its commitment to ensuring the organisations and businesses in the UK understand how they can make themselves as secure as possible, as well as support law enforcement to bring criminals responsible to justice.
The NCSC has played a bigger role than ever in defending the UK’s political process, assisting with the cyber security of a UK general election for the second time in its history.
When the pandemic led to the creation of a Virtual Parliament, the NCSC provided advice to ensure the new system had the right balance of security controls to mitigate the threat posed by hackers and cyber criminals.
The NCSC also worked closely with the Register to Vote team at the Cabinet Office to review the site’s ability to withstand peaks in traffic ahead of the 2019 election. Thanks to work to ensure resilience, the service remained stable when it received 366,000 applications on 25 November 2019 – almost seven times the daily average (25,000).
Working with international partners
Over the past year, the NCSC shared vital threat intelligence to enable businesses, citizens, and international partners to better defend themselves against malicious activity from hostile states.
An example of this is when the UK and its international allies attributed cyber attacks against organisations conducting coronavirus vaccine research to Russia in July, which was complimented with mitigation advice such as enabling two-factor authentication and setting up a security monitoring capability.
With many businesses and individuals moving to home working after the outbreak of coronavirus, the NCSC published 30 pieces of guidance and 60 blogs to help people and organisations large and small stay secure online.
The organisation also created a new scenario as part of its pioneering Exercise in a Box initiative to help people working remotely test their cyber defences. Exercise in a Box, which offers a series of scenarios to help organisations regularly test their cyber defences, was used by people in 125 countries in the last year.
And in April the NCSC launched the Cyber Aware campaign, helping the public and micro businesses to understand the best ways to stay secure online and feel empowered to take necessary protective actions.
The NCSC played a key role in securing the UK’s telecoms networks. Alongside publishing detailed technical guidance and risk assessments for operators, the organisation also issued a summary of advice given to ministers to inform their verdict on high risk vendors (HRVs).
This included the organisation’s role in the UK Government’s decision to remove Huawei from the UK’s 5G network by the end of 2027, which came after a thorough NCSC review on the impact of US sanctions imposed on the company in May.
Encouraging greater diversity
Through CyberFirst, the NCSC continued to see progress in its work to ensure greater diversity in the next generation of cyber security specialists.
The newly-expanded 2020 CyberFirst Girls Competition saw almost 12,000 girls take part, while there was a 60% rise in girls for this year’s summer courses, which were all delivered remotely.
The NCSC partnered with KPMG to produce the Decrypting Diversity report earlier this year, which sets out a series of commitments to help address issues around diversity and inclusion in the cyber security sector.
Latest News from
National Cyber Security Centre
Top of the class: Schools awarded by experts for high quality cyber teaching20/09/2021 12:20:00
Sixteen schools and colleges achieve recognition from the NCSC for excellence in cyber security education.
UK and US cyber security leaders meet to discuss shared threats and opportunities13/09/2021 11:15:00
National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency meet in London.
Record number of teenagers sign up to develop cyber skills over summer26/08/2021 16:20:00
Participation at all-time high for CyberFirst summer courses, led by the National Cyber Security Centre (NCSC).
Email innovation simplifies takedown of cyber scams12/08/2021 14:15:00
Scam emails can be sent directly to SERS via a new button organisations can add to their Microsoft Office 365 accounts.
Tech startups join UK cyber experts to address security challenges11/08/2021 09:15:00
The first companies to work with the NCSC for Startups initiative have been selected.
Public can now report scam websites direct to the NCSC10/08/2021 11:15:00
A new reporting tool has been made available for the general public who come across scam websites.
NCSC lifts lid on three random words password logic09/08/2021 11:15:00
Cyber security experts recently (Friday) revealed in depth for the first time the logic behind their advice to use three random words when creating passwords.
UK and allies publish advice to fix global cyber vulnerabilities28/07/2021 15:25:00
A joint advisory from international allies has offered advice for the most publicly known software vulnerabilities.