In November 2016, just after the NCSC formally came into existence, and as the National Cyber Security Strategy was launched, I blogged about our ideas for our Active Cyber Defence programme. I described it as an automated set of interventions intended to tackle a range of commodity attacks.
Some people said it sounded great. Some people said I was talking rubbish (many were not quite so polite!).
Well, we said from the start that the NCSC was going to be transparent and open, and we intend to keep that promise. So today, we’re publishing a paper that describes the first year of the ACD programme - both the successes and the things that aren’t exactly as we’d want. It’s a big paper and there’s a lot in it. We’ve tried to draw out the high-level benefits in the Executive Summary, but the rest of it is worth a read if you’ve got a technical or scientific bent (or have trouble sleeping).
This is only a start and there’s lots more to do. But the paper demonstrates that we’ve already achieved some cool stuff. I think we can summarise by saying that people in the UK are objectively safer in cyberspace because of the ACD programme.
We’ve got some great plans for the next year, but in the meantime if you want to find out how much malware was sent in the name of government, how many vulnerabilities we found in government websites or how much of the global phishing menace lives in the UK, have a read of the paper.
We think the publication of this paper is a world first. Some people will agree with us and some won’t. That’s fine; an informed, rational debate will make UK cyber security better.
Comments, as always, are welcome.
Technical Director, National Cyber Security Centre