NATIONAL CYBER SECURITY STRATEGY 2016-2021

UK The new National Cyber Security Centre will provide a hub of world-class, user-friendly expertise for businesses and individuals, as well as rapid response to major incidents.

Government has a clear leadership role, but we will also foster a wider commercial ecosystem, recognising where industry can innovate faster than us. This includes a drive to get the best young minds into cyber security.

The cyber threat impacts the whole of our society, so we want to make very clear
that everyone has a part to play in our national response. It’s why this strategy is an unprecedented exercise in transparency. We can no longer afford to have this discussion behind closed doors.

Ultimately, this is a threat that cannot be completely eliminated. Digital technology works because it is open, and that openness brings with it risk. What we
can do is reduce the threat to a level that ensures we remain at the vanguard of the digital revolution. This strategy sets out how. – The Rt Hon Philip Hammond MP, Chancellor of the Exchequer

Excerpts…….

The future of the UK’s security and prosperity rests on digital foundations.
The challenge of our generation is to build a flourishing digital society that is both resilient to cyber threats, and equipped with the knowledge and capabilities required to maximise opportunities and manage risks…………..

THREATS

Cyber criminals

3.2. This strategy deals with cyber crime in the context of two interrelated forms of criminal activity:

  • cyber-dependent crimes – crimes that can be committed only through the use of -Information and Communications
  • Technology (ICT) devices, where the devices are both the tool for committing the crime, and the target of the crime (e.g. developing and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity); and
  • cyber-enabled crimes – traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT (such as cyber-enabled fraud and data theft).

3.3. Much of the most serious cyber crime – mainly fraud, theft and extortion – against the UK continues to be perpetrated predominantly by financially motivated Russian-language organised criminal groups (OCGs) in Eastern Europe, with many of the criminal marketplace services being hosted in these countries. However, the threat also emanates from other countries and regions, and from inside the UK itself, with emerging threats from South Asia and West Africa of increasing concern.

3.4. Even when key individuals responsible for the most damaging cyber criminal activities against the UK are identified, it is often difficult for the UK and international law enforcement agencies to prosecute them when they are located in jurisdictions with limited, or no, extradition arrangements.

3.5. These OCGs are principally responsible for developing and deploying the increasingly advanced malware that infects the computers and networks of UK citizens, our industry and government. The impact is dispersed throughout the UK, but the cumulative effect is significant. These attacks are becoming increasingly aggressive and confrontational, as illustrated by the increasing use of ransomware, and threats of distributed denial of service (DDoS) for extortion.

3.6. Whilst OCGs may pose a significant threat to our collective prosperity and security, equally of concern is the continuing threat from acts of less sophisticated but widespread cyber crimes carried out against individuals or smaller organisations.

 

“Internet banking fraud, which covers fraudulent payments taken from a customer’s bank account using the internet banking channel, rose by 64% to £133.5m in 2015. The number of cases increased at a lower rate of 23%, which Financial Fraud Action UK said is evidence of the growing trend for criminals to target business and high- net-worth customers.”

3.4. Even when key individuals responsible for the most damaging cyber criminal activities against the UK are identified, it is often difficult for the UK and international law enforcement agencies to prosecute them when they are located in jurisdictions with limited, or no, extradition arrangements.

3.5. These OCGs are principally responsible for developing and deploying the increasingly advanced malware that infects the computers and networks of
UK citizens, our industry and government. The impact is dispersed throughout
the UK, but the cumulative effect is significant. These attacks are becoming increasingly aggressive and confrontational, as illustrated by the increasing use of ransomware, and threats of distributed denial of service (DDoS) for extortion.

3.6. Whilst OCGs may pose a significant threat to our collective prosperity and security, equally of concern is the continuing threat from acts of less sophisticated but widespread cyber crimes carried out against individuals or smaller organisations.

States and state-sponsored threats

3.7. We regularly see attempts by states and state-sponsored groups to penetrate UK networks for political, diplomatic, technological, commercial and strategic advantage, with a principal focus on the government, defence, finance, energy and telecommunications sectors.

3.8. The capacity and impact of these state cyber programmes varies.
The most advanced nations continue to improve their capabilities at pace, integrating encryption and anonymisation services into their tools in order to remain covert. While they have the technical capability to deploy sophisticated attacks, they can often achieve their aims using basic tools and techniques against vulnerable targets because the defences of their victims are poor.

3.9. Only a handful of states have the technical capabilities to pose a serious threat to the UK’s overall security and prosperity. But many other states are developing sophisticated cyber programmes that could pose a threat to UK interests in the near future. Many states seeking to develop cyber espionage capability can purchase computer network exploitation tools ‘off the shelf’ and repurpose these to conduct espionage.

3.10. Beyond the espionage threat, a small number of hostile foreign threat actors have developed and deployed offensive cyber capabilities, including destructive ones. These capabilities threaten the security of the UK’s critical national infrastructure and industrial control systems. Some states may use these capabilities in contravention of international law in the belief that they can do so with relative impunity, encouraging others to follow suit. Whilst destructive attacks around the world remain rare, they are rising in number and impact.

Terrorists

3.11. Terrorist groups continue to aspire to conduct damaging cyber activity against the UK and its interests. The current technical capability of terrorists is judged to be low. Nonetheless the impact of even low-capability activity against the UK to date has been disproportionately high: simple defacements and doxing activity (where hacked personal details are ‘leaked’ online) enable terrorist groups and their supporters to attract media attention and intimidate their victims………………………………………..

3.13. Hacktivist groups are decentralised and issue-orientated. They form and select their targets in response to perceived grievances, introducing a vigilante quality to many of their acts. While the majority of hacktivist cyber activity is disruptive in nature (website defacement or DDoS), more able hacktivists have been able to inflict greater and lasting damage on their victims.

Section 3 STRATEGIC CONTEXT

 

INSIDERS

Insider threats remain a cyber risk to organisations in the UK. Malicious insiders, who are trusted employees of an organisation and have access to critical systems and data, pose
the greatest threat. They can cause financial and reputational damage through the theft of sensitive data and intellectual property. They can also pose a destructive cyber threat if they use their privileged knowledge, or access, to facilitate, or launch, an attack to disrupt or degrade critical services on the network of their organisations, or wipe data from the network Of equal concern are those insiders or employees who accidentally cause cybernharm through inadvertent clicking on a phishing email, plugging
an infected USB into a computer or ignoring security procedures and downloading unsafe content from the Internet. Whilst they have no intention of deliberately harming the organisation, their privileged access to systems and data mean their actions can cause just as much damage as a malicious insider. These individuals are often the victims of social engineering – they can unwittingly provide access to the networks of their organisation or carry out instructions in good faith that benefit the fraudster.

 

national-cyber-security-strategy-2016-2021-government-of-the-united-kingdom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s