Mark SayManaging EditorWednesday 4 October 2017

NCSC responded to 590 significant incidents in a year

National Cyber Security Centre claims several achievements in its first annual review

The National Cyber Security Centre (NCSC) responded to more than 590 significant incidents in its first year, cut the time that phishing sites can stay online and prompted a 43% increase in organisations’ membership of the Cyber Security Information Sharing Partnership (CiSP) in its first year in operation.

The organisation has listed the achievements in its first annual review, emphasising that cyber threats are continuing to grow and evolve. It makes the point that it cannot protect the country from every attack, but says it is ready to respond to the most serious incidents and provide advice on reducing the harm.

Its figure of 590 significant incidents came from a total of 1,131 reports and included more than 30 that needed a cross-government response which it coordinated. This included the cyber attack on Parliament on 25 June, which the NCSC and Parliamentary Digital Service determined was targeted due to weak passwords.

“We are learning more from every incident and our first year has taught us there are benefits to working even more closely with law enforcement agencies,” the review says.

DMARC effect

The reduction in phishing – the sending of fake emails – is attributed largely to the take-up of the NCSC’s DMARC protocol (Domain based Message Authentication, Reporting and Conformance), which helps to identity whether communications come from the said organisation. The review says it has already blocked at least 120,000 emails from a spoof @gov.uk address, and reduced the time a phishing site remains online from 27 hours to just one.

An increase in visits to the CiSP platform took the total to more 4,000 per month, although it reached a high of 15,000 in the first weekend after the outbreak of the WannaCry ransomware virus. This was accompanied by the growth in individual and organisational membership of the partnership, which the review says is becoming a valuable resource during large scale cyber incidents.

Other achievements claimed in the review include:

  • 100,000 visitors in a single month to the NCSC website.
  • Sending out 2,000 tweets on cyber security over the year.
  • The production of 200,000 physical items for 190 customer departments through the UK Key Production Authority, which has helped to protect the UK Armed Forces’ communications.
  • Hosting more than 1,000 young people on CyberFirst courses.
  • Creating the Industry 100 initiative to work with or embed 100 professionals within the NCSC.
  • Working with more than 50 countries across five continents on cyber issues.

Ciaran Martin (pictured), chief executive officer of the NCSC, said: “The UK faces threats from across the globe on a daily basis and while we have brought together unprecedented expertise to defend the UK, it’s not a question of ‘if’ cyber attacks will happen, it’s a matter of when.

Ciaran Martin“The NCSC’s first duty is to manage and mitigate against attacks. Our anniversary report shows the progress we have made working with government, industry and individuals to create a truly lasting national asset.

“We are proud of what we have achieved in our first 12 months, but there is so much more to do in the years ahead to counter this threat to our values, prosperity and way of life."

NCSC was created from previously separate parts of government and intelligence agencies MI5 and GCHQ to create a single lead authority on UK cyber security. It began operations and moved into its London headquarters last year.

Image from NCSC, Open Government Licence v3.0