Rules that help UK defend against cyber attacks need to catch up with reality says global cyber security expert

In its evidence to the Joint Committee on the National Security Strategy, global cyber security and risk mitigation provider NCC Group has outlined the need for a reformed legislative framework that governs cyber activities. This reform will ensure everything necessary can be done to improve the resilience of the UK’s critical national infrastructure against increasingly frequent cyber attacks.

Ollie Whitehouse, Global Chief Technical Officer at NCC Group, commented:

“As the Committee has rightly pointed out, the impact of last year’s WannaCry ransomware attack has irrevocably brought home to the UK public the reality of the cyber threat. We do live in increasingly volatile times. Nation states are investing in offensive cyber, while accepted rules of engagement are breaking down. Political systems and governance processes are becoming attractive targets for attackers. The proliferation of the internet of things will not slow down, and we are far from embedding security considerations into new technologies as much as we should. We need to ensure that the rules determining the UK’s ability to defend its systems in cyberspace remain fit for purpose.”

NCC Group’s recommendations to the Joint Committee focus on increasing the UK infrastructure’s resilience to cyber attacks, notably by encouraging organisations across all sectors to understand their real-world susceptibility to cyber threats. This will involve greater adoption of full spectrum attack simulations which rely heavily on the collection of real-world intelligence about cyber threat actors’ likely motives, targets and methods.

Whitehouse explained:

“Good cyber threat intelligence will be crucial in preparing, testing and defending the UK’s essential infrastructure in cyberspace. If we want to stay ahead of our adversaries, we need to be able to collect and share intelligence across public and private sectors, nationally and internationally. We need an up-to-date legislative framework that reflects the current realities and does not stop any legitimate activity that helps us to collectively strengthen the country’s cyber defences.”

Following the re-establishment of the Joint Committee on the National Security Strategy, NCC Group called for the continuation of the Committee’s inquiry into the cyber security of UK critical national infrastructure. Announced late last year, the inquiry is a further indication of increasing parliamentary scrutiny of the UK’s cyber defences and highlights the importance of all interested parties working together in the national interest.

ENDS

Published date:  16 January 2018

comments powered by Disqus