Annual Review 2018 Making the UK the Safest Place to Live and Work Online
Total Page:16
File Type:pdf, Size:1020Kb
Annual Review 2018 Making the UK the safest place to live and work online 2018 Welcome The National Cyber Security Centre (NCSC) was created in 2016 as part of the Government’s five-year National Cyber Security Strategy. Since then, our goal has been to make the UK the safest place to live and work online. This review tells the story of our second year, with interviews, testimonials, images and data that take you behind the scenes at the NCSC. It provides a snapshot of our work over the period 1 September 2017 to 31 August 2018. We hope it helps you understand what we do, and along the way see some of the milestones we have reached in our second year. We have also produced a digital report where you can see this year’s events come to life at: ncsc.gov.uk/annual-review-2018 NCSC ANNUAL REVIEW 2018 3 4 NCSC ANNUAL REVIEW 2018 NCSC ANNUAL REVIEW 2018 5 Contents Ministerial 08 Timeline Foreword 10 CEO Overview We have every reason to be proud and expertise to be our single centre term, strategic challenges, whether of the UK’s position at the forefront of excellence. This Annual Review that is affecting behaviour change, of the global digital revolution. recognises the transformational developing the right skills set among Our collective ability to embrace impact of the National Cyber Security UK professionals, or deepening our cyberspace is already driving our Centre over the last year. As well collaborative partnerships in the UK country’s prosperity and enhancing our as providing greater insight into the and internationally. Because whatever national security. We have one of the nature of the threats we face, the the future holds, we will need to 12 highest levels of internet access and National Cyber Security Centre’s continue to work together to protect usage in the developed world, and our successes include a pioneering Active our economic and individual freedoms. Countering the Threat digital industries are growing faster Cyber Defence programme, delivered than any other part of the economy. with industry to block attacks on At the same time, the threat from a scale of millions per month, and criminals, hacktivists and nation states the development of a world-leading continues to increase and evolve. It is incident management response Rt Hon David Lidington CBE MP easier and cheaper than ever before capability, made possible through key Minister for the Cabinet Office and the for those who want to do us harm partnerships with law enforcement and Chancellor of the Duchy of Lancaster 20 to access the tools, exploits and the wider cyber security community. It services they need to launch attacks. has also reached out internationally Behind the Scenes of an Incident That is why cyber security remains a to strengthen global cyber defences top priority for this government and and our collective ability to deter and for me personally, as the Minister disrupt malicious actors, and continues responsible for improving the security to inspire the next generation of cyber and resilience of the UK, including security experts and entrepreneurs. protecting our critical national infrastructure. There are many more achievements 26 to celebrate in this Annual Review. We launched our National Cyber Everyone at the National Cyber Building the UK’s Defences Security Strategy in 2016 to set Security Centre, and its numerous the direction and ambition for our partners in the public, private and investment and efforts. Because as the voluntary sectors, should take great digital revolution touches every part pride in this work. How we set up of our society, we wanted to ensure the National Cyber Security Centre that our response was comprehensive. reflects the single, clear message that To defend our people, to deter our underpins our strategy, that while we 38 adversaries and to develop the can lead the way, we cannot solve capabilities we need to ensure the UK these problems alone. We need not Cyber Capability for the Future remains the safest place to live and just a whole of government but a work online. Our strategy is supported whole of society approach to tackle by significant investment – £1.9bn – cyber security. to drive the transformation we need to respond at the scale and pace The future remains stubbornly difficult required. to predict. But we do know that the next 12 months will continue to 46 We have made good progress since we challenge and surprise us. We have launched the strategy. At the heart of built solid foundations to ensure that 100 Years of the Cyber Mission our response was the formation of the we can remain resilient in an ever National Cyber Security Centre, which changing world. Key to our success brings together our best intelligence will be how we take on longer- 6 NCSC ANNUAL REVIEW 2018 NCSC ANNUAL REVIEW 2018 7 2017 3 Oct 1ST ANNIVERSARY OF THE NCSC CELEBRATED 11 Oct SMALL BUSINESS GUIDE PUBLISHED TimelineThis covers the period 1 September 2017 to 31 August 2018 SECURING ELECTIONS FOR EU MEMBER STATES SUMMIT HELD 23 Oct AT NCSC HEADQUARTERS 2018 5 Feb ACTIVE CYBER DEFENCE: ONE YEAR ON REPORT PUBLISHED CHARITY SECTOR THREAT ASSESSMENT AND SMALL CHARITY 1 Mar GUIDE PUBLISHED 19 Mar CYBERFIRST GIRLS COMPETITION FINAL TOOK PLACE IN MANCHESTER 10-12 CYBERUK 2018 HOSTED IN MANCHESTER Apr 10 Apr CYBER THREAT TO UK BUSINESS JOINT REPORT WITH NATIONAL CRIME AGENCY PUBLISHED 16 Apr U.S-UK TECHNICAL ALERT ISSUED ON RUSSIAN MALICIOUS ACTIVITY PRIME MINISTERS OF THE UK, CANADA, NEW ZEALAND AND 18 Apr AUSTRALIA MET AT THE NCSC AS PART OF THE COMMONWEALTH SUMMIT 3 May GUIDANCE FOR LOCAL AUTHORITIES AHEAD OF LOCAL ELECTIONS PUBLISHED 9 May NETWORKS AND INFORMATION SYSTEMS DIRECTIVE CAME INTO EFFECT 25 May GENERAL DATA PROTECTION REGULATION CAME INTO FORCE THE NCSC’S CEO AND THE MINISTER FOR THE CABINET OFFICE GAVE EVIDENCE ON THE CYBER SECURITY OF THE UK’S CRITICAL NATIONAL 25 June INFRASTRUCTURE TO THE JOINT COMMITTEE ON THE NATIONAL SECURITY STRATEGY 27 June NINE START-UPS GRADUATED FROM THE NCSC CYBER ACCELERATOR • Handled 557 incidents • Added 2,361 new members onto our Cyber Security Information Sharing Partnership • Removed 138,398 unique phishing sites • Engaged with 1,968 students on our CyberFirst courses Jul-Aug HELD CYBERFIRST SUMMER COURSES FOR YOUNG PEOPLE ACROSS THE UK • Produced 214 threat assessments • Challenged 4,500 girls in the 2018 CyberFirst Girls • Produced 145,000 physical items for 170 customer Competition departments through the UK Key Production Authority 19 Jul CYBER THREAT TO LEGAL SECTOR REPORT PUBLISHED • Delivered cyber security awareness sessions to more than • Produced 134 pieces of guidance and 95 blogs 1,000 charities • Had 1.9 million visitors to our website • Welcomed visiting delegations from 54 countries 22 Aug THREE NEW ACADEMIC CENTRES OF EXCELLENCE IN CYBER SECURITY RESEARCH ANNOUNCED • Awarded more than 8,900 Cyber Essentials certificates • Hosted more than 80 stakeholder events 8 NCSC ANNUAL REVIEW 2018 NCSC ANNUAL REVIEW 2018 9 This practical guidance really matters, organisation can reasonably assess Ireland this summer; we have a because victims of cyber crime tend to to be the risks it faces. Defences also permanent member of staff based in be less concerned with the identity of need to be good enough to contain Scotland, and Glasgow will host our the attacker than the impact on their attacks that do get through, as some flagship CYBERUK event in 2019; Cardiff lives and wellbeing, and what they can inevitably will. University’s success in becoming one of do to contain the damage. our most recent Academic Centres of Therefore, understanding how cyber Excellence means all four parts of the Indeed, whilst nation state activity attacks work is vital to get ahead of UK now host one of these centres. And is the most acute threat, low- the problem. That’s why we’ve started like the rest of GCHQ, we maintain sophistication but high-volume cyber publishing guidance to boards on presence in London, Cheltenham, Bude CEO crime is the most chronic one, dealt the types of questions they can ask and Scarborough, and we will look to with at scale by our first-rate partners their cyber security teams about how expand our presence in Manchester in in law enforcement, led by the they are managing risk. More will the coming years. National Crime Agency (NCA). follow, with the aim of helping leaders understand enough technical detail This expansion of our national Whilst these incidents individually to make the right decisions. These are footprint will help us further make a are of less strategic significance, the sorts of practical steps companies mark on UK cyber security at every cumulatively they amount to a can take to make the marginal level. There is a real opportunity here strategic threat to our prosperity by improvements that will deter some – there are already signs that other undermining our confidence in the attacks, make some others less likely countries’ admiration for what the digital economy. to succeed, and lessen the impact UK is doing in cyber security could Overview of attacks that get through. This was secure a competitive advantage for the That is why our world-leading active launched with support from the CBI country in our digital future. As GCHQ cyber defence (ACD) initiative – using – an example of government and begins its second century of service automation to reduce some of the industry partnership at its best. to the UK, it is an exciting time for its most common weaknesses in cyber newest part, the NCSC. security defences – is one of our most Through our work on incidents important pieces of work.