More than 1,000 cyber incidents were reported to the National Cyber Security Centre in its first year, including some affecting the NHS and Parliament
More than 1,000 cyber security incidents were reported to GCHQ’s National Cyber Security Centre (NCSC) in its first year of operation, with more than half representing a significant threat, the centre said in a review published on Tuesday.
The NCSC was formed to better protect the UK’s infrastructure against internet-borne threats, which it said have escalated noticeably over the past year, with attacks taking NHS trusts offline and causing disruption to companies.
Hundreds of ‘significant’ threats
But none of the threats over the past year were classed as category one, involving disruption of government or targeting critical infrastructure such as energy, the NCSC said.
In all 1,131 attacks were reported, with 509 considered significant and more than 30 requiring a cross-government response.
NCSC chief executive Ciaran Martin said the 2017 Annual Review indicated progress in working with government, industry and citizens to build a lasting national asset, but acknowledged more remained to be done.
“We are proud of what we have achieved in our first 12 months, but there is so much more to do in the years ahead to counter this threat to our values, prosperity and way of life,” Martin stated.
He said the cyber threat was “large, growing and diverse”.
He said the NCSC’s work to date includes producing more than 200,000 protective items for military communications, supporting the Cabinet Office in improving security for government organisations and supporting the Home Office in securing the next-generation emergency services network currently being developed.
Private sector protection
NCSC initiatives have helped private sector organisations better protect themselves and have seen the average lifetime for phishing sites hosted in the UK drop from 27 hours to less than an hour.
The NCSC’s information-sharing platform with industry, the Cyber Security Information Sharing Partnership (CSISP) grew 43 percent over the year, while 1,000 young people took advantage of the NCSC’s CyberFirst courses.
GCHQ director Jeremy Fleming said the UK’s approach to national security is adapting to the online world as it becomes an ever more important part of people’s lives and the country’s infrastructure.
“The threats to the UK are evolving rapidly as technology advances. Our response has been to transform to stay ahead of them,” he stated.
The centre has been in operation since October of last year, but its new London headquarters were opened by the Queen and the Duke of Edinburgh in February 2017.
Government ‘slow off the mark’
The government has been criticised of being slow off the mark to consolidate the way it protects the UK online, with the Public Accounts Committee (PAC) saying in February that in spite of NCSC’s creation cyber protection agencies remained an “alphabet soup”.
The government has formed at least 12 teams and organisations to handle cyber-security, but they have overlapping mandates and activities related to protecting information, the PAC said.
It urged the government to “develop a detailed plan for the NCSC by the end of this financial year, setting out who it will support, what assistance it will provide and how it will communicate with organisations needing its assistance”.
Last month a computer security researcher said it took him two months to report a pair of serious flaws in HMRC’s website to the government and confirm they had been fixed. He criticised HMRC and the National Cyber Security Centre (NCSC) for providing no way for experts to ensure issues are attended to.
Do you know all about security in 2017? Try our quiz!