CESG: How UK defends against cyberattacks

CESG: How UK defends against cyberattacks

Summary: With hacking rated on a par with terrorism, GCHQ offshoot CESG's job has become more critical, and a source linked to the intelligence agency tells ZDNet UK about evolving threats and Wikileaks

SHARE:
1

In October, the government stepped up its national security risk rating for cyberattacks to tier one, up from tier four. That puts hacking attempts and other digital intrusions on a par with terrorism and military attacks.

One organisation charged with protecting the UK from such attacks is CESG, the information assurance arm of intelligence agency GCHQ. Headquartered in Cheltenham, it is dedicated to advising government bodies about securing their communications and information systems, and looks after parts of the critical national infrastructure.

In particular, CESG keeps abreast of attempts by hackers who may represent nation states or organised criminal rings. The government has estimated that its networks have to cope with 20,000 malicious emails each month, and patchy human monitoring of those systems opens them up to breaches, the organisation has said.

To find out more, ZDNet UK recently talked to a source with links to CESG about the evolving nature of information security threats and the effects of whistle-blower site Wikileaks on a government that has massively cut public spending.

Q: How is the threat landscape changing?
A: Cyberspace provides a significant risk. It's easy to gain access, and the equipment is not costly. You don't need large aerials, just a laptop and an ADSL line.

Have the government and public sector kept up with the pace of change?
We've made great strides to improve the protection of information. There's always room for improvement, but if you look at the past two or three years... awareness about the cost and value of information has improved. People [in government] appreciate the threat from a number of sources, including organised crime and foreign governments, hence the investment in the cybersecurity programme.

Skills [are needed] in terms of network monitoring, being able to quickly realise there is a real attack. There is technology available, but it takes human skills.

Are there enough people in the public sector who have the necessary skills do be able to deal with the range of cyber-threats?
It's very important to spot when incidents have happened and to have plans in place and the skills to implement them. From my perspective, we don't have all the skills in place across the public and private sectors to do that.

What skills are lacking?
Skills [are needed] in terms of network monitoring, being able to quickly realise there is a real attack. There is technology available, but it takes human skills. Then there is the aftermath, which takes forensics skills.

How do GCHQ and the Cyber Security Operations Centre (CSOC) at Cheltenham monitor current threats?
It comes down to situation awareness. Cyberspace is a big place, and attacks don't always happen simultaneously. You may get an early warning when a new attack or vulnerability appears somewhere else in cyberspace. Sometimes you get an early warning and intelligence, and sometimes you don't. That is the nature of the threat we deal with.

The CSOC has attack as well as defensive capabilities. Is most of the emphasis placed on defending networks? How does the government decide to respond to an incident?
Every case is different. You have to look and ask: "What is the better way?" It's not a broad brush — you have to find the right balance between defending and responding to incidents when they occur.

There are many different types of attack, but the vast majority are unfocused and spam-based. I'm guessing most attacks just bounce off government systems, and you don't need to worry about them.

You've got to differentiate between a targeted attack and a general attack. If a virus is not targeted, you have to worry about it, but as part of a group [of general attacks]. For targeted attacks, you have to be more worried.

How does the government deal with targeted attacks on its systems?
It depends on how much resource attackers have put into it. The resources organised crime can bring to bear may be completely different from a nation state.

The nature of the threat will determine how big you build your wall. If the threat is from someone who can put in a lot of effort, you also have to put in a lot of effort. For a lot of threats, as a minimum, you have to make sure your antivirus and patching is up to date. As the threat grows, you have to consider insider and blended attacks.

Read this

Cybercrime policing to get £63m boost

The government money will be used by experts from the Serious Organised Crime Agency and the Metropolitan Police Central e-Crime Unit to combat e-crime

Read more+

Should software that the government and public sector use be more secure?
Bugs in software are one of the main sources of vulnerability; it would be nice to think that one day all software will be bug free.

Microsoft software, such as Internet Explorer, is used widely across government. Would it be better from a security standpoint to move to using other products, or maybe open source?
At the end of the day, government uses the products available. Microsoft has a good reputation and security stance. It has led the way in good software development techniques — not all vendors use the same levels of rigour.

Has the rise of whistle-blower site Wikileaks affected government views on insider security, especially as many employees are being affected by government cuts? Have government cuts affected security provision?
Wikileaks is constantly bringing to mind departments' need to think of [data loss]. We have seen no indications that people are skimping on security.

It's good to understand the need to manage risk to services and continue to do that in an austere climate.

In December, the government disclosed a review of departmental security prompted by Wikileaks. Has that review caused the government to change data security practices?
The Wikileaks review has certainly highlighted the subject. There has always been a risk of accidental loss, and you have to adapt to the threat. Wikileaks has highlighted the potential — people may look at Wikileaks and think, maybe I can do the same.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Government UK, Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • OMFG; I love this article I mean I really love this article.

    How is the threat landscape changing?
    A: Cyberspace provides a significant risk. It's easy to gain access, and the equipment is not costly. You don't need large aerials, just a laptop and an ADSL line.

    >> Wrong, you DO need specific pieces of kit, a large YAGI antenna is nothing if its not connected to a HUB capable of distributing data, be that WiFi or FM & AM Band transceiver.

    Have the government and public sector kept up with the pace of change?
    We've made great strides to improve the protection of information. There's always room for improvement.

    >> You're not kidding, so thats why every government office is employing a Microsoft Standard.

    Are there enough people in the public sector who have the necessary skills do be able to deal with the range of cyber-threats?
    It's very important to spot when incidents have happened and to have plans in place and the skills to implement them. From my perspective, we don't have all the skills in place across the public and private sectors to do that.

    AMEN... 2 tht..

    What skills are lacking?
    Skills [are needed] in terms of network monitoring, being able to quickly realise there is a real attack. There is technology available, but it takes human skills. Then there is the aftermath, which takes forensics skill.

    Oh now behave, your busy in one hand telling everyone to use encryption to keep their data safe on the other telling people its an offense to do so, so which is it.. lets not have double standards.

    How do GCHQ and the Cyber Security Operations Centre (CSOC) at Cheltenham monitor current threats?
    It comes down to situation awareness. Cyberspace is a big place, and attacks don't always happen simultaneously. You may get an early warning when a new attack or vulnerability appears somewhere else in cyberspace. Sometimes you get an early warning and intelligence, and sometimes you don't. That is the nature of the threat we deal with.

    What threat oh the cold war ethos of everyone is a threat we must extinguish the enemy, both foreign and domestic.

    The CSOC has attack as well as defensive capabilities. Is most of the emphasis placed on defending networks? How does the government decide to respond to an incident?
    Every case is different. You have to look and ask: "What is the better way?" It's not a broad brush — you have to find the right balance between defending and responding to incidents when they occur.

    There are many different types of attack, but the vast majority are unfocused and spam-based. I'm guessing most attacks just bounce off government systems, and you don't need to worry about them.

    And for the ones that don't bounce!? don't ever expect to hear about it in the news thats why they have the official secrets act.

    How does the government deal with targeted attacks on its systems?
    It depends on how much resource attackers have put into it. The resources organised crime can bring to bear may be completely different from a nation state.

    Rubbish absolute rubbish, if you don't grasp the technology then don't stand in Hells Kitchen!

    Should software that the government and public sector use be more secure?
    Bugs in software are one of the main sources of vulnerability; it would be nice to think that one day all software will be bug free.

    It would be if some of the major market players selling you their software solution where frank and honest about the vulnerabilities in the platform but they are closed source!

    Microsoft software, such as Internet Explorer, is used widely across government.

    I rest my case.. you should unplug your PC and return it at once to the store as you are too dumb to own a computer!

    The solution of local government if to utilize a product that clearly disclaims its liability or merchantability for fitness for any particular role as clearly specified in its end of user license agreement EULA. Whilst proclaiming their solution is to utilize a product that by its very nature is flawed, active X, JavaScript and windows scripting host enabled. So that leaves any one interested to carry on with transmitting in morse code across the lower and upper FM band with high tech ham radio equipment.
    icefire-28d7a