Annual Review: Making The UK The Safest Place To Live and Work Online

Annual Review 2019
Making the UK the safest place to live and work online

Annual Review 2019
Welcome
Since the National Cyber Security Centre (NCSC)
was created in 2016 as part of the government’s
five-year National Cyber Security Strategy, it
has worked to make the UK the safest place
to live and work online. This review of its third
year provides an update on some of the latest
developments and highlights, with interviews,
data and a chance to hear from some of the
people working on the NCSC’s mission. It provides
a snapshot of the organisation’s work over the
period 1 September 2018 to 31 August 2019, with
some key milestones along the way.
The NCSC has also produced a digital report

where you can see this year’s events come to
life at:
ncsc.gov.uk/annual-review-2019
National Cyber Security Centre 3

Annual Review 2019 Annual Review 2019
Ministerial foreword Contents
6 CEO foreword
The United Kingdom has one of the most security protection on the “Internet of Things” –
digitally-developed economies in the world, digital devices embedded in everyday objects
transforming the lives of citizens, driving manufactured around the world, ranging from
8 Timeline
innovation, and fuelling job opportunities and video doorbells and “nanny-cams” to fridges
national growth. We can be proud that in the and ovens, which enable them to send and
National Cyber Security Centre (NCSC) we have receive data. This is a concern for our government,
12 Cyber security for individuals and families

a world-leading body for digital protection which, as the Prime Minister made clear in September
since its launch in 2016, has made the UK safer 2019 during his speech to the United Nations
and its defences stronger. Ensuring the UK remains General Assembly, when he called for emerging
20 Targeting the biggest risks

the most secure place to live and do business technologies to be designed with the right
online, and upholding public trust in our digital safeguards already in place to protect people.
systems, are personal priorities for me and a key We can all be proud of the NCSC’s influence
46 Countering the adversary

part of this government’s vision for the UK. As the already in this area, working closely with partners
Cabinet Office Minister responsible for resilience across government and internationally.
and the National Cyber Security Strategy, I very
54 International cooperation
much welcome the achievements and progress Every chapter of the NCSC’s Annual Review is
laid out in this Annual Review. testament to the hard work and achievements
of its staff and leadership. The NCSC operates
60 Securing the digital homeland

Establishing the NCSC was a key pillar of the in a complex landscape in which the contours
National Cyber Security Strategy 2016-2021, are constantly changing and there is no room
which has transformed the UK’s fight against for complacency. Securing the internet is a
74 Cyber capability for the future

evolving online threats posed by criminals, 24/7 challenge, 365 days a year, and cannot be
hacktivists and hostile nation states. Backed by shouldered by any one organisation. While the
£1.9 billion in funding, and with a deliberately government, through the National Cyber Security
90 Celebrating 100 years of GCHQ's cyber mission

interventionist and comprehensive approach, Strategy and Centre, can lead the way, we are
the Strategy is acclaimed by other nations as also dependent on our partners in industry and
a model of its kind. Any digital economy must academia - and across society as a whole - for
be alert to new threats, and to changes in a joint approach to tackling cyber security. This
existing threats. The NCSC benefits from being is a long-term mission, and I congratulate the
part of GCHQ: it fuses the best of our national NCSC for helping to build a pipeline of specialist
security capabilities with cutting-edge technical talent for the future to achieve this. One of the
knowledge to thwart the menace of global cyber many ways it supports this mission is through
crime. In October 2018, for example, its work its CyberFirst programme, which develops the
ensured that the UK and our allies were able to careers and expertise of our younger digital
expose attacks launched by Russian military natives and brings new generations into the
intelligence on political institutions, and business, UK’s fight for a more resilient digital future.
media and sporting interests.
It is impossible to predict what the future will look
The NCSC works on behalf of many millions of like. But we know that we have the organisation
citizens and organisations. This Annual Review and the tools we need to look ahead and remain
reveals important technical interventions on resilient. Through the Strategy, and the tireless
behalf of individuals and families, as well as work of the NCSC, we are scaling up the systems,
for businesses, national and local government, structures and capabilities necessary to respond
and critical national infrastructure. One such quickly to threats – not only now, but to the end
example of this is the ground-breaking work it of the Strategy and beyond.
has done to reduce credit card fraud, preventing
hundreds of thousands of cases in the past year.
On the international stage, too, the NCSC is

extremely active. It shares the UK’s specialist
knowledge across borders to help strengthen
global cyber defences and shape global
attitudes to deterring and tackling cyber crime Rt Hon Oliver Dowden CBE MP,
wherever it may originate. Over the past year Paymaster General and Minister
this has included a drive to increase the for the Cabinet Office
4 National Cyber Security Centre National Cyber Security Centre 5

CEO foreword
It is a privilege to present the National Cyber Iran and North Korea continue to pose strategic The importance of partnerships in cyber
Security Centre’s third Annual Review. national security threats to the UK, but we can’t security, both at home and abroad, cannot
often talk about the operational successes and be over emphasised. We are learning that
It’s very hard to condense the world-leading work the full range of the NCSC, GCHQ and wider state securing the nation’s digital future is not
the NCSC does in 12 months into one document, capabilities that are deployed against them. just about protecting networks and devices –
but I hope this review gives you an insight into it’s about inspiring a safe and trusted product
what we are doing to understand, reduce and Whether it’s state attacks or global cyber crime, base, and a skilled and diverse workforce who
respond to cyber attacks. it’s the basics that matter. The most immediate can make the cyber landscape work for the
threats to UK citizens and businesses come from whole of the UK.
There certainly is a lot to be proud of – for large scale global cyber crime. Despite often
example, thanks to the innovation of our technical being low in sophistication, these attacks threaten At a time when confidence in the internet
experts, we have been able to increase the our social fabric, our way of life and our economic across the world is under strain, there is much
number of threat indicators we share by tenfold prosperity. That is why so much of the NCSC’s within this review to inspire pride and optimism.
to more than 1,000 per month, and the speed we efforts are geared towards raising our defences The NCSC is proud to have helped to deliver the
process them from days to seconds. against all threats in cyberspace. There are many Cabinet Office-led strategy to make the country
operational successes in this field – particularly the safest place to live and work online, and this
There is of course much work to do – as shown our pioneering Active Cyber Defence work. year the UK was rated first in the Global Cyber
by the 658 incidents we supported this year. Security Index published by the International
For the first time ever, in this review, these Looking ahead, there is also the risk that Telecommunication Union (ITU).
incidents are broken down into the most affected advanced cyber attack techniques could find
sectors. We believe that being transparent helps their way into the hands of new actors, through None of our achievements would be possible
to target the interventions we need to help those proliferation of such tools on the open market. if it were not for the exceptional people I am
who are most vulnerable. Additionally, we must always be mindful of the risk delighted to call my colleagues at the NCSC.
of accidental impact from other attacks. Cyber The work they do inspires me on a daily basis,
However, sometimes transparency has its limits. security has moved away from the exclusive and it is an honour to lead them.
A significant proportion of our work has continued prevail of security and intelligence agencies
to take the form of defending against hostile towards one that needs the involvement of all Ciaran Martin
state actors. We can say that Russia, China, of government, and indeed all of society. CEO of the National Cyber Security Centre

Timeline
This covers the period 1 September 2018 to 31 August 2019
14 Oct 20 Dec 21 Mar

12 Sept Secure by Design UK and allies 13 Feb NCSC Board
NCSC CEO delivers ‘Code of Practice 23 Nov expose APT10 NCSC Directors Toolkit launched 28 Mar
speech at the for Consumer Advice to shop of cyber attacks meet with Ministers to encourage Fifth annual
Confederation of Internet of safely online on on intellectual at the National essential report from
British Industry’s Cyber Things Security’ Black Friday and property and 7 Jan Assembly for Wales cyber security the Huawei
Conference to help published with Cyber Monday sensitive Guidance on in Cardiff discussions Cyber Security
business leaders the Department published in commercial cyber security to discuss how between the Evaluation Centre
understand and manage of Digital, Culture, partnership data in Europe, for major events to boost Welsh Board and their Oversight Board
cyber security risks Media and Sport with retailers Asia and the US published cyber defences technical experts published
03 Oct 22 Nov 29 Nov 29 Jan 12 Mar 24-25 Mar

UK, Dutch and other NCSC CEO UK’s ‘Equities Process’ Academic Centres New NCSC web Royal Masonic
allies expose GRU meets with the published on how of Excellence in platform launched School for Girls
(Russian military First Minister of vulnerabilities are Cyber Security including bespoke crowned winners
intelligence) cyber Scotland, Members identified and handled Research visit NCSC guidance for six of the NCSC’s
attacks targeting of the Scottish headquarters to new audience CyberFirst Girls
political institutions, Parliament and the take part in strategic categories Competition at the
businesses, media Chief Constable discussions final which took
and sport of Police Scotland place in Edinburgh
in Edinburgh to
discuss ways
to boost cyber
security in Scotland

Year Three Highlight Statistics
Handled 658 incidents
Provided support to almost 900

victim organisations
Produced 154 threat assessments
Took down 177,335 phishing URLs, 62.4% of

25 June which were removed within 24 hours
De Montfort
and Northumbria 2.8 million visitors to the NCSC’s website
Universities
23 May 13 June recognised Aug Added more than 5,000 new members onto the
NATO Cyber ‘Top Tips as Academic 16 July Appointment Cyber Security Information Sharing Partnership
24-25 Apr Defence Pledge for Staff’ Centres of ‘Active Cyber of IASME
CYBERUK Conference e-learning Excellence in Defence – the Consortium Ltd Produced 108,411 physical items for 170 customers
2019 hosted held at NCSC package Cyber Security second year’ as new Cyber through the UK Key Production Authority
in Glasgow headquarters launched Research report published Essentials partner
Produced 34 pieces of guidance and 69 blogs
Awarded 14,234 Cyber Essentials certificates
Enabled 2,886 small businesses across the UK

25 Apr 11 June 18 June 10 July July / Aug to do simulated cyber exercising for themselves
Exercise in a Guidance for 150 women from Seven companies 22 CyberFirst
Box online tool small businesses across the UK’s graduate from summer courses Challenged 11,802 girls in the 2019 CyberFirst
launched to help to respond and intelligence, the NCSC Cyber for children and Girls Competition
organisations test recover from a government Accelerator for young adults
and practice their cyber incident and security innovative held throughout Engaged with 2,614 students on the NCSC’s
response to a published communities start-ups the country to CyberFirst courses
cyber attack attended the develop the UK’s
‘Women in Security next generation of Supported 250 extra teaching hours of computer
Network’ event cyber professionals science across 4 schools through Cyber Schools
held at NCSC Hub activities
headquarters
Delivered, along with sector and law enforcement
partners, cyber security awareness and training
sessions to more than 2,700 charities
20 countries visited by the NCSC
Welcomed visiting delegations from 56 countries
Hosted 197 events, with more than 9,000 attendees

Cyber security
for individuals
and families
The government’s vision is Reducing the burden
for the UK to be prosperous The general public is protected
and confident in the digital from the majority of online
world whilst remaining secure harm ever reaching them.
and resilient to cyber threats. The action they need to take
Central to the NCSC’s mission to secure their devices and
is ensuring people of all ages online services is minimal.
across the UK are more secure
when using internet-connected Making it easier
devices and online services. Citizens can act upon the cyber
security advice they receive,
The NCSC understands whatever device or online
people’s attitudes and service they use.
behaviours towards cyber
security and targets efforts Equipping the nation
based on its understanding People are given the confidence
of risk and vulnerability. and tools to protect themselves
The NCSC’s approach and those around them.
enables constant learning,
by joining up the threat Raising awareness
picture and intelligence with Enabling the general public to
continually evolving insight, better protect themselves and
based on deep experience share knowledge with others.
of managing incidents.
It will take a holistic approach

to deliver cyber security for
individuals and families through
the following interventions:

Understanding the threat Reducing the burden:

In the year ending March 2019, it is estimated malicious emails, social engineering Secure by Design
that there were just under one million (966,000) (the manipulation of people into performing an
incidents of computer misuse experienced by action or giving away confidential information), Many consumer products that are connected Alongside work encouraging, and eventually
adults aged 16 and over.1 water holing (a website infected with malware to the internet are found to lack basic security mandating, manufacturers to make (and keep)
or containing a link to malware) and by making features, putting consumers’ privacy and security their products secure, the NCSC and DCMS have
Whilst this represents a significant reduction on them download malicious software and apps. at risk. The NCSC has been working closely with published guidance to help people protect
the previous year, the large volume still shows the Department for Digital, Culture, Media and themselves. Grounded in its technical expertise,
that we cannot be complacent. Once the criminals have access, they can use Sport (DCMS) to support consumer ‘Internet of this includes advice on setting up devices,
malware and ransomware to access individuals’ Things’ (IoT) manufacturers of all sizes to ensure checking default settings, and managing updates.
Some typical ways in which criminals access accounts, steal data, and even stop people their devices have good cyber security practices
citizens’ online activity are through sending accessing their own files, accounts and devices. built in from the design stage.
“The progress we have made
As the UK’s lead technical authority, the NCSC
provided the technical grounding and insight on ‘Secure by Design’ has
Making cyber security relevant for the government’s Secure by Design Code of
Practice for consumer IoT security, published in
October 2018. The code presents a clear set of
been the product of a great
to people in their everyday lives 13 guidelines for manufacturers to embed into

their devices.
partnership between DCMS
and the NCSC. Both on the
The NCSC and DCMS engage with international
standards bodies that create industry-led development of standards
The NCSC's approach to The NCSC’s advice for individuals standards for IoT security. In February 2019, the
‘you-shaped’ security and families European Telecommunications Standards Institute that are based in the language
(ETSI) launched the first globally applicable
The NCSC is dedicated to finding ways of standard on the cyber security of internet- of our Code of Practice, or
making cyber security relevant to people in Protect your accounts... connected consumer devices, ETSI TS 103 645.
their everyday lives. This technical specification builds on the Code of through productive challenge
Use a unique and separate password for Practice, creating a community-driven standard
“We look at the interaction between people your email with a global scope. sessions on our future
and technology and try to make it easier for
people to be secure as they get on with all the Use three random words to create a strong The NCSC and DCMS do not think it is right to regulation proposals, we
things they need to do,” says the NCSC's Helen. and memorable password expect all consumers to be ‘cyber security experts’
and wish to remove the burden from them having work together as a united
“One of the most important things we’ve seen Store your passwords somewhere safe: to differentiate products that do or do not take
is the changing mindset between the idea save to your browser or use a password their responsibility to security seriously. That’s why front towards our ambition
of ‘let’s alter the behaviour of the person or manager the NCSC has also worked closely with DCMS’
assume they are going to make a mistake’ consultation on regulation, preparing to eradicate of protecting citizens and the
to ‘how can we support developers to make Add extra security to important online worst practice and embed transparency between
more secure and user-friendly products?’” accounts: turn on two-factor authentication the manufacturer and the consumer at the point wider economy from harm.”
of purchase.
Ceri, another NCSC expert, says “We are looking Peter Stephens, Head of Secure by Design,
to move security away from being mainly about Look after your devices... Department for Digital, Culture, Media and Sport
threat and vulnerability – the idea that there’s
always somebody trying to attack you – to a Set your phone and tablet to
more positive conversation that shows people automatically update
security should not be a barrier to things they “Everybody needs to know how to stay safe online, and our
want to do. Install the latest updates on your phone
and tablet when prompted new website is full of actionable advice to protect you and
“Instead of forcing security rules on people,
we are aiming to make it more approachable Turn on back up for data stored on your your loved ones.
through clearer language. To do this, we look phone and tablet
towards experts in communications, marketing
and advertising, to refresh the message, always
with the aim of ensuring the public feel that “While it is formed from the expertise of the UK’s top cyber security
security is a help, not a hindrance. There is a lot
of work that goes into ensuring that a simple brains, it’s vital that the advice can be understood by everyone.”
message reaches the right spot.”
1 Crime Survey for England and Wales 2019 Nicola Hudson, Director Policy and Communications, NCSC

% strongly
UK Cyber Survey 2019

agree
% strongly
disagree 4
15
The first UK Cyber Survey was conducted this The UK Cyber Survey found that people are 20
year to better understand what the general public concerned, confused and, to some extent,
and organisations think, feel and do – and don’t fatalistic that they will become victims of 37% agree that losing money or
agree
do – about cyber security across the country. cyber crime.
22 personal details over the internet
37%
is unavoidable these days.
The polling was independently carried out on The insights are informing the government’s
behalf of the NCSC and DCMS. approach, and the guidance offered by the
NCSC, to help organisations and the public 31
protect themselves against cyber threats. 8 % tend
to agree
% tend to
disagree
% neither/
% nothing
% a great nor
at all
deal
7 1 % very low
15
% not very % fairly low priority % very high
much priority priority
23 % medium
know great deal Two in three say they know a priority 4 41
/fair amount great deal/fair amount about how
68% to protect themselves online. 12
80% say cyber security is a high

high priority priority to them, half citing it a
80% 50
53 ‘very’ high priority.
% a fair
amount 30
% fairly high
priority
70% believe they will likely be a victim of at least one specific type of cyber crime over
the next two years, and most feel there would be a big personal impact.
% strongly
agree
likely to happen to you over the next two years
very/fairly big impact

% strongly 2
disagree 17
33
One in three rely to some extent
agree
34% 17 on friends and family for help on
cyber security.
7
23 % tend to
agree
% neither/
nor
% tend to
disagree
Having Personal Apps on your Having a Having money Losing access to Personal
Note
money stolen information such devices such as power cut in your stolen which is your accounts information The UK Cyber Survey 2019 was commissioned by the National Cyber Security Centre and Department for Digital, Culture,
which is then as photos being Uber, Deliveroo or home because not reimbursed such as your such as photos Media and Sport as part of the UK government’s National Cyber Security Programme.
reimbursed accessed in an Instagram being your energy backups or being stolen
unauthorised way accessed without company has cloud storage and access
your consent suffered a cyber denied until a Ipsos MORI surveyed 2,700+ respondents: general public aged 16+, businesses, charities and public sector representatives
attack ransom is paid from November 2018 to January 2019 via telephone.
16 17
Quietly fixing the technology Most_Hacked_Passwords

A significant priority for the NCSC is keeping Securing the UK’s mobile networks
individuals and families safe from cyber
threats. It does this by bringing its technical Mobile networks worldwide establish signalling
and operational expertise to bear, to identify connections between one another to support
and fix cyber security problems. a range of services, such as international calls
and roaming. As these connections could also
By working behind the scenes, the NCSC can be used to negatively impact services in the UK,
ensure that cyber security issues have as little the NCSC has worked with mobile operators to
impact on UK citizens as possible, in many perform live security testing of the UK’s signalling
cases resolving problems before they arise. interfaces. The NCSC has now tested 19 networks
After all, prevention is better than cure. of different types across the six major mobile
operators and has fed back the results of the
Haulster: Automated defence testing to those operators.
of credit cards
This has helped the operators, with the support
The NCSC’s pioneering Haulster operation has of the NCSC, to better understand the risk,
disrupted financial cyber crime by flagging share best practice and make improvements.
fraudulent intention against more than one Ultimately, this will help to ensure the UK’s mobile
million stolen credit cards. It is in the process services become more secure and robust.
of scaling this operation, and hope to reduce
considerably more attacks in the near future. Protecting our internet routing
Increasingly, criminal groups are using criminal The Border Gateway Protocol (BGP) is used
marketplaces in cyberspace to buy and sell to route the internet between Internet Service
personal information and credit card details. Providers (ISPs) around the world. When BGP
Haulster takes stolen credit cards collected by is misused, either accidentally or maliciously,
the NCSC and partners, then, working with UK it can disrupt the internet until the issue is
Finance, repatriates them to banks, often before resolved. For example, sending data via an
they are ever used for crime. Card providers are attacker’s network.
then able to block cards to protect both financial
institutions and the public. The quicker misuse is discovered, the lower the
impact, which is why the NCSC has worked with
In most cases, this has been done before a a major UK carrier to speed up the UK’s response
crime has taken place, meaning hundreds of to BGP misuse. The NCSC has built BGP Spotlight,
thousands of victims of high-end cyber crime a detection and analysis system for BGP, that will X A
were protected before they lost a penny. alert the UK’s carriers when BGP misuse occurs to
allow them to respond quickly, analyse the cause,
Online shopping and minimise disruption to the UK’s internet.
Criminals had been exploiting Magento, BGP Spotlight processes 25 million messages
an open source ecommerce shopping per hour from over 200 sources, converting these
platform commonly deployed on many websites. into 800,000 daily events across 240,000 unique
They had written malicious JavaScript code destinations, a number which is set to expand as
which copied all credit card transactions and UK ISPs are in the process of adding data to, and
silently sent the results to domains controlled receiving alerts from, the BGP Spotlight system. V
by them. The NCSC conducted a successful trial
to identify and mitigate vulnerable Magento carts
via take down to protect the public. The work
now continues. To date, the NCSC has taken
down 1,102 attacks running skimming code The NCSC has published analysis of the
(with 19% taken down within 24 hours of 100,000 most commonly re-occurring
discovery). Without the NCSC’s Active Cyber passwords accessed by third parties in
Defence intervention, it is likely these attacks global cyber breaches, having been sold
would have continued indefinitely. or shared by hackers.
The NCSC aims to reduce risk of further

breaches by building awareness of how
attackers use easy-to-guess passwords. List created in April 2019 after breached usernames and
passwords were published on ‘Have I Been Pwned’ website.

Targeting the
biggest risks:
what we do to protect people
The UK continues to be one of The NCSC’s breadth of work,

the most digitally advanced programmes and projects,
countries in the world, with our together with its close
lives being online more than partnerships with industry
ever before. As this digitisation and government, mean that
continues, it is vital that the it is able to help protect the
UK remains able to protect its institutions, infrastructure and
organisations, business and services that people so heavily
citizens against cyber crime. rely on day to day.

Active Cyber Takedown Service Web Check
Defence 98% of phishing URLs

Change over time of the number of users signed
up to Web Check, by month.
UK share of visible
discovered to be malicious were successfully
3,200
A cooperative approach: the UK’s taken down.
Active Cyber Defence programme
global phishing
attacks reduced to
The ultimate goal for Active Cyber Defence Number
of Web
(ACD) is for there to be fewer cyber attacks This totalled Check 2,387
users
2.1% (August 2019). 177,335 phishing URLs

in the world, causing less harm. It represents
a significant step-change in the country’s
approach to cyber security, because of its
voluntary, non-regulatory, non-statutory (23,311 attacks by group).
approach delivered in partnership with
central government, local government UK share of global phishing – change over time Sep
18
Nov
18
Jan
19
Mar
19
May
19
Jul
19
and business. from June 2016 to Aug 2019
As difficult as this sounds, the NCSC can 5.31% 62.4% The number of urgent findings resolved
provide evidence that it works. In sharing by users after being detected by Web Check
this knowledge, it hopes to inspire other of these were removed within 24 hours of being doubled to a level of approximately
500 per month

countries to adopt bold measures, 3.33% determined malicious.
in partnership with industry, to protect
their digital homelands.
2.07%
Jun Sep Dec Mar Jun Sep Dec Mar Jun Sep Dec Mar Jun
16 16 16 17 17 17 17 18 18 18 18 19 19
Active Cyber Defence includes some of the Mail Check Protective DNS
following pioneering programmes:
1 Web Check helps make websites a less

More than double
More government domains are now using DMARC,
In 2016, HMRC was

attractive target, by finding obvious security the email authentication, policy and reporting
issues and pointing them out to the website’s protocol, making phishing attacks which spoof
the 16th most phished

owner so that they can be fixed. these domains more difficult. the number of government organisations
are now protected by the PDNS, preventing
2 Protective DNS (PDNS) blocks public sector
brand globally. In Sept
Change over time of the number of gov.uk them from accessing websites hosting known
organisations from accessing known malicious domains using Mail Check/DMARC, by month. malicious content.
2019, as a result of ACD

domains or allowing malware on already
compromised networks from calling home.
services and HMRC 460+ organisations

1782
3 Takedown Service finds malicious sites and
countermeasures,
sends notifications to the host or owner to get Domains
with DMARC
them removed from the internet. are using the service and it blocks around
their ranking had

Number
of domains
20,000 unique domains at a rate of 6.5 million
4 Mail Check helps public sector organisations times per month.
dropped to 126th in
take control of their emails, making phishing
attacks which spoof those organisations 220
the world.
more difficult. Change over time of the number of active
organisations using PDNS, by month for the
Jul Nov Mar Jul Nov Mar Jul
17 17 18 18 18 19 19 period of this report.
460
Number of
organisations
216
Aug 18 Oct 18 Dec 18 Feb 19 Apr 19 Jun 19 Aug 19

Case studies “The NCSC is not the only What’s next

organisation with good
ideas, and the UK is not the
for Active
only country connected to Cyber Defence?
the internet. We welcome
Active Cyber Defence has protected thousands
partnerships with people of UK citizens and further reduced the threat of
UK brands being exploited by criminals.
and organisations who wish
to contribute to the Active While these successes are encouraging, the NCSC
Protecting schools Protecting the legal sector knows there is more to do and it has a number of
Cyber Defence service projects in the pipeline, including:
Active Cyber Defence tools highlighted a local For the first time, the NCSC used ACD tools ecosystem, analysis of the • An automated system which acts on
authority (LA) primary school network behaving to tackle advanced fee fraud impersonating information from the public to take down
as though infected with Ramnit – a worm which the UK legal sector. Both bogus law firms, data, contributing data or malicious sites.
affects Windows systems. The LA was notified, and impersonation of legitimate law firms,
and an investigation found that the antivirus are techniques used by fraudsters in an infrastructure to help it make • The NCSC 'Internet Weather Centre', which will
that was installed on the school’s systems was attempt to increase the credibility of their aim to draw on multiple data sources to enable
not working. As a result, the school had a wide attacks. Increasingly, scammers use real law better inferences. We believe full understanding of the UK’s digital landscape.
level of infection. Not only did the Active Cyber firms and other entities to try to make their
Defence tool block the malicious connections, attacks look more legitimate. that evidence-based cyber • The Infrastructure Check service: a web-based
containing any harm, it also identified the tool to help public sector and critical national
malware and notified the LA. The LA was able security policy – driven by infrastructure providers scan their internet
to install a working antivirus and the infection connected infrastructure for vulnerabilities.
was cleaned up within a day. evidence and data rather
• Breach Check: a web-based tool to help
than hyperbole and fear government and private sector organisations
check whether employee email addresses
– is the way forward.” have been compromised in a data breach.
Dr. Ian Levy, Technical Director, NCSC • The NCSC is also exploring additional ways
to use the data created as part of the normal
operation of the public sector protective
DNS service to help users better understand
ADVADGAA and protect the technologies in use on
their networks.
Protective DNS is actively engaging with

Protecting airports Protecting emergency services organisations from central government, local
authorities, emergency services, devolved
administrations, the NHS and Ministry of Defence
The NCSC has been tackling the abuse of public Two fire services merged to form a new super (MoD). For those sectors that are not eligible to
sector email domains in the UK. One such incident service with a new name and associated internet use PDNS, the NCSC is working with industry to
occurred when criminals tried to send in excess domain. One of the organisations subsequently broaden the benefits of the service. The NCSC
of 200,000 emails purporting to be from a UK deregistered their original domain. However in intends to share indicators of compromise
airport, using a non-existent gov.uk address in a just three months, Synthetic DMARC blocked more with DNS providers to use on their own services.
bid to defraud people. However, the emails never than 150,000 emails from this now non-existent This will mean organisations and individuals who
reached the intended recipients’ inboxes because domain. There is no way of knowing whether are not eligible for the PDNS still benefit from the
the Active Cyber Defence system automatically these were as a result of fraudulent purposes NCSC's knowledge and expertise. Through the
detected the suspicious domain name and the or misconfiguration, but shows the necessity NCSC and industry working together, a greater
recipients’ mail providers never delivered the to correctly curate domains throughout number of users can benefit from DNS filtering.
spoof messages. The email account used by their lifecycle.
the criminals to communicate with victims was
also taken down.

Raising cyber Mail Check monitors Working with local government
resilience 6,273 The NCSC assists local government both through

direct engagement at a local level, supporting
its networks of technical staff, and working with
representatives from member organisations
the English regions, to build understanding
of cyber threat and foster good practice to
manage risk. As a result, 85% of delegates
have said they would make changes to
across domains classed

as public sector.
including the Local Government Association
(LGA) and the Society of Local Authority Chief
Executives (SOLACE).
their cyber security practice.
Digital Government Lofts
government Commissioned by the Ministry of Housing,

Communities and Local Government (MHCLG),
The successful sharing of the NCSC’s expert
advice and guidance across UK government
and the and funded by the National Cyber Security

Programme, the NCSC is supporting the design
and delivery of the MHCLG ‘Think Cyber, Think
and the public sector through Digital Lofts
continues. This year’s locations and hosts
have included Warwickshire County Council,
public sector Resilience’, Cyber Pathfinder training scheme.

This provides a series of workshops for senior
leaders, policy makers and practitioners across
the Met Office in Exeter, as well as the Scottish
government in Edinburgh.
The NCSC works closely with public

sector bodies to protect the networks,
data and services which the UK
depends upon.
Working with central government
The NCSC provides assurance on key The number of public Web Check for Local Authorities
systems across central government
departments and agencies, assisting sector domains protected
them to develop their security strategies by DMARC [an Active
and secure their networks.
Cyber Defence tool]
Building on the success of the more than tripled
from 412
Transforming Government Security
Programme, the NCSC is working with Local Authorities % Using Web Check
the Cabinet Office’s Government
Security Group, providing advice and
guidance to shape policy development
on cyber security.
England 336 97%
at the end of December 2017
to 1,940
Wales 22 100%
Scotland 32 100%
in September 2019.
NI 11 90%
UK 401 97.75%

Cyber health check for the NHS Vulnerability Disclosure Detect and forewarn to protect
government departments
The NCSC is working with health authorities such progress and improvement to the If someone finds a vulnerability in a UK
across the UK to reduce the risk of another security posture and resilience of Health government website and cannot contact The NCSC’s Host-Based Capability tool
major cyber attack affecting the NHS. and Care in such a short period of time.” the system owner, they can report the collects and analyses technical metadata
vulnerability to the NCSC’s Vulnerability to help government departments
The WannaCry ransomware attack of All hospital trusts in England will be offered Reporting Service. This is part of its wider understand the threats they face. Following
2017 caused disruption in a third of all the free Secure Boundary solution which efforts to improve vulnerability handling a successful pilot year, the service has been
hospital trusts across England, leading to includes next generation firewalls and across the public sector. Following deployed to 35,000 government devices
cancelled operations and appointments the NCSC’s Protective Domain Name the service’s launch, the NCSC has across nine departments. The capability
for many patients. The incident brought System (PDNS) service. This will help NHS received reports covering a number is complementary to departments’ own
to light a number of weaknesses in organisations to defend against future of security issues including cross-site security measures. The data the NCSC
the cyber defences of the NHS. attacks, including ransomware, and enable scripting and subdomain takeover. collects is used to detect malicious activity,
them to keep providing care for patients. provide monthly threat reporting and
For this reason, the NCSC has been working In addition to the Reporting Service, assess exposure to serious cyber threats.
with NHS Digital, the national information Another benefit of the new system is that the NCSC also launched the Vulnerability
and technology partner for the health it will be possible to spot when a cyber Disclosure Pilot, working with a number
service in England, on the procurement attack is attempted on a particular hospital of UK government departments to
of a new perimeter security solution trust. NHS Digital will use this information kick start best practice in vulnerability
for the NHS. The NCSC lent its technical to better understand the threats facing disclosure across the public sector.
expertise, providing cyber experts to review the health sector and also to give
the bids against security standards. tailored advice to specific hospitals.
Dan Jeffery, Head of Innovation, Delivery The NCSC has also been working closely with
& Business Operations at NHS Digital, the health services in Scotland, Wales and
stated: “The NCSC has provided critical, Northern Ireland to ensure they can benefit
timely, and invaluable technical and from PDNS and other Active Cyber Defence
strategic advice, input, and guidance to services. It is also providing technical support
the Secure Boundary programme as well to bespoke devolved health platforms.
as the Cyber Programme in general.
“The enduring strength of the relationship

between the NCSC and NHS Digital’s
Data Security Centre is one of the
reasons we have been able to deliver
GDFGGFADAVVGVGADAADVAXFV XVDAADGAVGDGXAAAGGAGDA

Defending democracy
The foundations of liberal democracy are under European elections (May 2019), the NCSC provided
increasing threat from cyber attacks and the guidance, informed by comprehensive cyber “We depend on the work of “Digital technology continues
NCSC plays a key role in defending the UK’s threat assessment, on risks and advice on
political process. protecting systems and people to political parties. hundreds of thousands of to change the way that
The NCSC meets with UK political parties The NCSC monitors known adversaries who look volunteers, and so collect elections are run and fought;
(which take up at least two seats in the House to target parties or even politicians. If threats
of Commons) every three months and regularly are detected, the NCSC shares the details of the and hold a great deal of it also changes the way that
gives cyber security advice to parliamentarians. threat and tailored advice, allowing the individual
During the local elections (March 2019) and or organisation to put mitigations in place. data – and we work hard to voters are informed and
keep it safe. Knowing the NCSC influenced. Since its creation,
“The NCSC is very proactive “The role of Chief Information is also there to look after the the NCSC has provided valued
and efficient in quickly Officer, for one of the UK’s integrity of our information, support to the Commission
speaking to all the relevant major political parties, especially at election time, is and wider electoral sector,
staff here to alert us to an has its stressful moments. a tremendous reassurance. to mitigate the risks posed
issue. Beyond just dealing with Having the NCSC on hand The NCSC’s advice has been by these innovations. We
incidents at hand, we have also helps you sleep at night. invaluable in making our welcome their important role
received a number of very clear The online briefing material systems more secure.” in supporting the ongoing
and helpful recommendations is excellent and is frequently Tim Waters, Director of Data & Targeting, integrity of elections in the UK.”
The Labour Party
to further harden our systems quoted. When an incident Bob Posner, Chief Executive.,
The Electoral Commission
which we have subsequently happens, their support and
undertaken. It was great to advice quickly gets the
have the support at the time, incident under control
but also to have our contact and helps calm senior
follow up with us some weeks management.”
later to check whether any Paul D Bolton, Chief Information Officer,
Conservative Campaign Headquarters
further support was needed
or desired.”
Sian Waddington, Director of Operations,
Liberal Democrats

Serving every part of the UK “Our engagement with the NCSC has helped us to establish
our executive agency, Social Security Scotland, followed by
The NCSC continues to work across the whole platform for payment of devolved benefits to
of the UK. This includes support to devolved citizens, plus their platform for supplier payments. the launch of our public facing cloud based digital platform,
administrations in Wales, Scotland and Northern This year, the NCSC hosted the CyberFirst Girls
Ireland, raising cyber resilience across all sectors. Competition final in Edinburgh and CYBERUK 2019 which underpins the delivery of the first live devolved benefit
in Glasgow, with Scottish government taking the
The NCSC worked with Welsh government opportunity to showcase in parallel the work of payments Scotland. The NCSC has provided us with expert
to ensure its advice for citizens and families was the Scottish Cyber community with a number of
included in its Digital Inclusion Programme, to side events, including “Scotland Cyber Week”. advice and guidance through technical workshops and
help all citizens to get online safely. In support of
the TARIAN and North West Regional Organised The NCSC worked in partnership with Scottish engaging its partners to share experiences. This has given
Crime Units, the NCSC provided materials and government to deliver bespoke workshops
speakers for the Welsh Cyber Bus Tour, supporting for small businesses, charities, CEOs, and us valuable assurance in support of our strategic security
local business, community groups and the public launched the Exercise in a Box tool. It continued
to enhance their cyber resilience. The NCSC also its support of the cyber catalyst network, ensuring objectives and our own ‘Secure by Design’ principle.”
provided technical security advice to the Welsh effective peer to peer sharing of best practice
Revenue Authority, which collects and manages and NCSC guidance. John Campbell, Head of Digital Risk & Security Social Security Directorate,
devolved taxes in Wales. Scottish Government
The Scottish Qualifications Authority and
In Northern Ireland, the NCSC advised on Scottish Credit Qualification Framework have
IT controls, protecting the country’s ~1.75m also approved the NCSC’s CyberFirst awards
citizen electoral records. It continues to build for Defenders, Futures and Advanced courses,
partnerships across the economy and society in meaning that anyone completing these courses “We have made significant investments in improving our cyber
Northern Ireland, including delivering briefings to will now receive recognised learning credits.
charity leaders in partnership with the Northern defences and cyber hygiene. The NCSC has proven to be an expert
Ireland Council for Voluntary Action, helping to Take up of the NCSC’s Active Cyber Defence
ensure cyber is considered alongside business continues across all three devolved advisor in defining and refining our requirements, most especially
risks. The NCSC also partnered with Northern administrations, helping to protect local
Ireland Department for Education to improve government and other public online services. in our plans to implement a Security Information and Events
cyber resilience in schools across the country. In Scotland, the majority of public sector
organisations are using one or more of the Management Service and associated Security Operating Centre.
In Scotland, the NCSC has provided significant tools, and increased take-up in Wales and
bespoke technical advice on several new online Northern Ireland continues at pace. Their experience of forensics, analytics, alerts and appropriate
services. This includes the new Scottish online
approaches to monitoring has been invaluable.”
Chief Strategy Officer, Northern Ireland Civil Service
“The NCSC continues to provide valuable advice and

guidance for us to share with Welsh stakeholders which
greatly contributes to increasing cyber security capability
within Wales. We value the engagement and ongoing
support in several areas, including increasing take-up
of Active Cyber Defence tools in the Welsh public sector
and encouraging participation of Welsh students on
CyberFirst courses.”
Representative, Welsh government

ATM
Critical National
Infrastructure
Thwarting ATM attacks
On multiple occasions, the NCSC has alerted As a result, banks swiftly put defensive measures
Everyone in the country relies The NCSC’s work spans CNI in UK financial institutions to imminent threats from in place that protect them against financial loss
on the UK’s Critical National the public sector, as well as a ATM cash-out fraud at home and abroad. This is and reputational damage. Most recently, the
Infrastructure (CNI) day in, day focus on nine critical private where cyber criminals compromise banking and NCSC alerted 56 banks to a specific ATM cash-out
out. We all need the country’s sectors: communications, payment infrastructure, and obtain card details threat after receiving actionable information. As a
communications networks to transport, energy, civil nuclear, that can be used to withdraw large sums of cash result, the banks were able to block any attempt
keep in touch with friends and finance, water, chemicals, from ATMs. Once already in progress, these by the attackers to fraudulently withdraw money
family, transport networks to space and food. It provides attacks can be difficult to stop. from customer accounts.
travel to work and school, and direct support to hundreds
energy networks to power and of public and private sector The NCSC works with industry and government
heat our homes. Interruption organisations that own, partners around the world to share information
to any of these critical services manage and maintain CNI and disseminate alerts about threats and
could cause serious disruption assets in the UK. This includes anticipated malicious activity.
to our lives and potentially one-to-one technical advice,
damage the economy. sharing threat information,
facilitating cyber exercises
Strengthening the cyber and running information on
resilience of the UK’s most exchanges for organisations to
critical systems therefore share knowledge and expertise.
remains a top priority.

Defending online banking Keeping the lights on
There has recently been a rise in the attacks, determine how they were being carried A successful cyber attack against the energy Digital integration is only adding to the security
sophistication of SMS-interception attacks, out, and develop mitigations. This information sector could disrupt the fuel and power supplies challenge. The NCSC’s recent review of smart
with multiple financial institutions and sharing continues through the NCSC’s Cyber our country so heavily relies on. That’s why the metering infrastructure for BEIS, and the
Communications Service Providers (CSPs) Security Information Sharing Partnership NCSC’s work with energy firms has been diverse recommendations it produced, is one illustration
being affected. (CiSP) platform. and extensive. of how the NCSC works with government
departments to ensure the highest cyber security
The attackers intercepted SMS messages This year the NCSC worked with one of the UK’s standards across the sector.
sent as part of the two-factor authentication “At the heart of the NCSC's mission is protecting largest oil refineries to review and advise on an
(2FA) needed for online banking. Whilst 2FA is critical pieces of our infrastructure; keeping the upgrade to its systems, greatly increasing its
generally recommended by the NCSC, in this service they provide secure keeps the country resilience. The NCSC’s Cyber Adversary Simulation “We would like to thank the NCSC for the
case messages from multiple banks via multiple running. It's only through these partnerships team also conducted an exercise against a invitation and our subsequent involvement
mobile networks were targeted, allowing the with industry that we can understand the risk critical supplier of road fuels, which identified in the sector-wide cyber security test.
criminals to make fraudulent payments to their we face, protect current systems and secure vulnerabilities that the company has since The challenge and results from the scenario
accounts at the expense of the wider public. the infrastructure of tomorrow.” protected itself against. exercising has been invaluable in applying
The NCSC was in a unique position to bring improvements to our emergency planning
experts in the telecoms and finance industries Clare Gardiner, Director National Resilience In partnership with the Department for Business, and resilience processes, along with
together to share information regarding the & Strategy, NCSC Energy and Industrial Strategy (BEIS), the NCSC recognising the importance of cross industry
held a complex technical exercise with electricity support and alignment during such events.”
distribution network operators. It was the
culmination of a two-year project and involved John, Scottish and Southern Electricity Networks
more than 170 participants at 13 different UK
locations to test the sector’s response to a
national-level incident.

Threats to air passenger data Securing the future: Smart cities
The aviation sector has continued to be an It has also continued working with NATS, the main Across all sectors the drive to reduce costs, effectively. While it would take a lot of paint and
attractive target for cyber attackers. Airlines air navigation service provider in the UK, to review increase efficiency and provide new data- physical presence to manually deface all the
store vast amounts of personal identifiable the cyber security of their air traffic control and driven services is leading to increased digitisation traditional road signs in an area, it could be
information (PII), which criminals can sell or management system. and automation. Cities are no exception, with possible to change all the signs in a city without
use for spear phishing and identity theft. councils looking to technology to help with a ever setting foot in it, if smart signage projects
State actors may also be interested in airline suite of challenges including reducing congestion, are badly implemented.
PII for counter-intelligence purposes or “The challenge and results from the scenario improving public safety, and enhancing local
tracking dissidents. exercising have been invaluable in applying health care services. The NCSC is applying its experience in helping
improvements to our emergency planning national and local government ensure that
The NCSC’s work with the sector has included and resilience processes, along with There are two main themes to the security personal data is protected, and its understanding
assisting UK airlines targeted by a group known recognising the importance of cross industry challenges in smart cities. The first is ensuring of the security challenges in critical national
as Chafer. This group, which security companies support and alignment during such events.” that citizen privacy is maintained, and that infrastructure, to the new and emerging
have linked to Iran, has a history of targeting personal details required to operate the services challenges presented by smart cities.
global organisations for bulk personal data sets. NATS, the UK’s leading provider of air traffic are secured. The second is understanding the
The NCSC helped the airlines identify potential control service interdependencies between a smart city’s In one real-world example, a council is using
risks to their networks and offered mitigation services, and the impact of failure. For example, traffic flow data to adjust road signs in the city
advice, minimising the impact. computerised road signs may depend on to divert traffic, saving citizens an average of
power and a data connection in order to work 60 hours per year on their journey times.

“I think the creation of the NCSC, together with the Regulation

value that has been seen for well over a year now,
Considerable progress has been made in making The NCSC’s Cyber Assessment Framework
is proof that it was needed, together with it being use of the new regulatory provisions introduced (CAF) has been adopted by most of the CAs,
by the Network and Information Systems (NIS) with a significant number of OES across multiple
stocked with the best of the best. Whilst it will Regulations 2018. These are starting to drive real sectors completing self-assessments of their
improvements in CNI cyber security. Several new cyber security against these NCSC principles.
always be a when not an if, in terms of the next sector-focussed regulators, known as Competent This represents a ground-breaking step forward
Authorities (CAs), now have the sole authority in building a cross-sector picture of CNI cyber
attack/breach/ransom, I know we can all rest for all regulatory and enforcement decisions security, providing a valuable evidence-base
involving organisations designated as operators for future decision-making.
a little bit easier than previously, safe in the of essential services (OES). The NCSC is providing
extensive support to the CAs, including the
knowledge that we are all working together.” development of cyber security guidance and
standards, as well as cyber security training.
Bill Schindler, Head of Infrastructure Service & Strategy,
Severn Trent Water
“The NCSC has an important

Telecoms Supply Chain Review GDPR update
role to play in keeping UK
When the Department for Digital, Culture, operators were most vulnerable and then In May 2018, the General Data Protection
Media and Sport (DCMS) launched the consider how other sectors have successfully Regulation (GDPR) came into force organisations safe online,
Telecoms Supply Chain Review, the NCSC reduced similar risks. This put us in a alongside the Data Protection Act 2018,
was asked to examine the cyber security unique position to support the review.” placing a comprehensive set of new while our role reflects the
risks in the UK’s telecoms supply chain, obligations on public and private sector
to ensure that the review was supported The review’s major conclusion that the organisations to protect all the personal impact cyber incidents
by expert technical analysis. The analysis government will pursue a robust new data that they collect and process.
highlighted a range of cyber risks to the security framework for telecoms, will be have on the people whose
sector, leading to the recommendation that supported by the NCSC’s current risk- The NCSC has continued to build on
policy changes were needed to drive security mitigation model, which will be adapted its partnership with the Information personal data is lost, stolen
improvements in the telecoms sector. as necessary as telecoms networks evolve Commissioner’s Office (ICO). Through
towards 5G and full-fibre coverage. this partnership, respective roles and or compromised.”
Peter, the NCSC’s Technical Director responsibilities have been clarified
for Telecommunications, said: This new framework will be placed on a in order to better help victims of James Dipple-Johnstone, ICO Deputy
“In the first three months of the review, statutory footing once government legislates GDPR understand which authority or Commissioner – Operations
we talked to all the major operators to strengthen the enforcement powers of the organisation to deal with and when, as
to see how they manage their supply telecoms regulator, Ofcom, and to provide well as having access to better advice.
chain, what risks they faced and what new national security powers for government
their security arrangements were. to respond to supply chain risks in the future. A framework of collaboration was
announced by Ciaran Martin and ICO
“We found that the cyber threat has The NCSC continues to forge close Deputy Commissioner James Dipple-
changed significantly over the last 10 years relationships with the UK’s major telecoms Johnstone at CYBERUK 2019. Notably, it was
and the market drivers are not there to providers right up to board level. This includes also clarified that the NCSC will never pass
ensure companies are responding, meaning regularly hosting CEOs and CISOs at the sensitive information disclosed to it by a
we are faced with increasing national NCSC’s headquarters for discussions on how victim to a regulator without first seeking
risks in the sector. government and industry could work together the consent of the organisation concerned.
to improve cyber resilience in the sector.
“While we had just six months to produce our
analysis, we were fortunate to be building
on a significant knowledge base. Within the
NCSC there is a wealth of experience in threat
assessment, incidents, direct consultancy
with industry and security research, both
applied directly to the telecoms sector and
more broadly. Through this experience
and armed with the information provided
by industry, we could identify where our

National Foxhound/ROSA
The NCSC has supported

“The ability to
Cyber Surgeries
“The continued
security ROSA – a central government

IT system – as it transitions
to become a fully supported
challenge, request
or discuss any
The NCSC has expanded the use of its Cyber Surgeries. These
high impact events have allowed the NCSC to present and
provision of subject
matter expertise
service across government. discuss thinking around a number of technology challenges.
The NCSC collaborates closely ROSA provides fixed and mobile concerns from by the NCSC has
with government and industry SECRET collaborative tools The surgeries are attended by a wide range of Ministry
partners to develop secure and communications in 152 either a MoD or of Defence (MoD), and other government stakeholders, been key to both
systems for national security at countries across the globe, and are an effective way of ensuring that a wide range
home, and with the UK’s allies allowing users to create and NCSC perspective of stakeholders have the chance to listen to the NCSC’s the enhancement
across the world. By doing this, share data securely. technical experts, who can share their thinking.
the NCSC can help to ensure – quickly and of the functionality
that critical operations continue The NCSC itself uses ROSA to The surgeries also give the opportunity for discussion, challenge
globally. collaborate more effectively transparently and feedback, ensuring that the NCSC’s thought leadership available within
and securely with government is better able to meet the requirements of its stakeholders,
The NCSC aims to develop, customers and industry – has been in a world of ever-changing technological challenges. ROSA and also to its
operate and maintain world- partners.
class technical security refreshing.” ongoing maturity.
capabilities to counter the This year, NCSC experts
threat from the country’s most designed new systems that Matthew Trigg, Deputy Of particular note
capable adversaries, raising enable easy mobile working Head of Accreditation
the cyber resilience across at SECRET in a safe way. This Team, Ministry of Defence is the input on the
government and industry ground-breaking work is
8,981
partners. protecting our national security development of
whilst enabling users to work
It’s through these partnerships, in far better ways than any
user accounts
security monitoring
as well as its investment in previous solutions have allowed
developing the country’s in this space.
registered
and the cutting-
cyber skills, that the NCSC can
228
edge development
2,204
continue to help protect the UK ROSA is expanding across
from cyber threats. a number of government
departments, delivering of the secret mobile
Securing Britain’s secrets tangible benefits and ensuring terminals live locations with
government communications live users provision.”
Government missions are appropriately protected.
738
Stephen Thomas, Head of the
The NCSC works with the ROSA Governance, Oversight,
defence sector and UK Security and Training Standards
intelligence agencies to help laptops live Team, Cabinet Office
preserve the country’s national
security. The NCSC’s encryption
expertise enables it to protect
the UK’s national defences in a
range of ways.
325
The NCSC enables business
focused solutions, supporting
customers through the
development of their skills printers live
and threat understanding,
facilitating the availability of
technology so that security
enables rather than hinders,
operational in reached
152 162
mission delivery.
countries countries

Defence, Security and Resilience drive and investment towards electronic key Sovereign Enabling Framework with experience, legacy and resource, providing
distribution strengthening the timeliness and sustainability and support to the ambitious future
The NCSC continues to support the MoD to robustness for key delivery. The Sovereign Enabling Framework (SEF) direction for crypt key across government.
make the defence sector a more difficult target has proven successful in absorbing the High
for those that threaten our national security. • There are 170 UKKPA customers across Grade or High Assurance requirements of the Wassenaar Arrangement
government, industry and law enforcement. two main users, Joint Crypt Key Programme
Strategic Deterrent (JCKP) and Initiate. The NCSC’s cyber exports team represented the
• Alongside the US, the UK is one of only two UK government at the Wassenaar Experts Group,
The NCSC supports the Continuous at Sea suppliers of key material to NATO. Initiate is a cross-government collaborative negotiating two important changes to
Deterrent (CASD) through incident and threat programme investing in the early stage the information security controls.
reporting, providing advice on cyber security • Annually the NCSC processes approximately development of technologies that will provide
risk and policy, and identifying supply chain 2,879 orders for key material, equating to 108,411 the foundation for future secure solutions in The first was updating the crypt definitions to
vulnerabilities. The NCSC has been asked to physical items, such as CDs and data tokens. the UK. JCKP is the MoD-NCSC joint programme include post-quantum cryptography. These new
support the new Successor programme, which developing high end Crypt Key solutions for the controls ensure that future strong cryptographic
will deliver the replacement to the current • Production figures for ‘electronic’ key over the future. Amongst other things, it draws in Initiate- algorithms remain on the same standing as
Vanguard-class Trident submarine over the last 12 months – 860,190. funded technology. traditional cryptography within the licensing
next 30 years. framework.
Positive feedback is testament to the robust but
Joint Strike Fighter Working with industry flexible process allowing this important complex The second update is sizeable decontrol,
work to be completed at the pace required, meaning that many ‘industrial-Internet of
The NCSC has supported the F-35B as it enters The NCSC cannot do any of this alone. Its industry having now let 125 tasks. Things’ devices employing cryptography no
service and deploys on operational flights over partners provide a vital service to keep the longer require export licenses. Alongside existing
the skies of Syria and Iraq. Its support is part of country’s communications secure. The eight sovereign suppliers are a mix of exemptions for consumer IoT, this change in
the ongoing fight against Daesh, which sees the established large industry players and newer regulation will have significant positive impact
NCSC providing key material and working with UK start-up companies. This provides a good on UK exporters.
industry, to sustain the UK’s Freedom of Action to balance of innovative thinking and challenge,
deploy the F-35B whenever and wherever needed.
Joint Crypt Key
The Joint Crypt Key Programme (JCKP) is a major HMS Vengeance – the fourth and final
programme of work within the wider Crypt Key Vanguard-class submarine of the Royal Navy Telemetrics
Enterprise.
Telemetrics is the process of collecting
Working in collaboration with the MoD, JCKP is information about an object and
investing in products and services that use high sending the information somewhere
end cryptography to help the UK keep its secrets electronically. In this case, those objects
secret, share information effectively and ensure are vehicles and information can
information is available when and where required. include things such as location.
JCKP is ensuring that the NCSC IS able to sustain During cyber surgeries with the client,
today’s mission and develop the solutions experts discussed the threat environment
required for the future. (the risk faced by the client as a result of the
products that collect this information being
JCKP has helped the UK maintain its standing compromised), as well as how the telemetrics
as a world leader in cryptographic key services, product that had been purchased could
enabling the country to keep pace with the scale be improved for greater security, to
of operational demand and increasing threat provide the client with more assurance
from adversaries. that the risk of data loss is minimised.
UK Key Production Authority Impact
The UK Key Production Authority (UKKPA) is • Improved product for the

a critical part of the NCSC’s cryptographic Ministy of Defence.
defences. UKKPA generates, distributes and
accounts for cryptographic key material for • Improved understanding of risks
government, industry and allies overseas to in the telematics industry.
support secure encrypted communications.
In line with the UK’s key management strategy, • Reduced risk of the telematics
the UKKPA has further reduced the volume and product being compromised,
range of physical keys that need to be distributed and data lost.
to the NCSC’s customers, with an increased

Countering
the adversary
Countering cyber adversaries
The NCSC’s Operations directorate leads the government

response to counter and disrupt the UK’s adversaries, capabilities
and operations. While much of the team’s work is secret by
necessity, it is now publicising its strategy to keep the UK safe from
malicious actions of other nations and serious organised criminals.
The NCSC’s vision is to be:
Impact Threat Vulnerability

driven focused informed
To prioritise To disrupt the Knowledge of

efforts where the operation of which sectors
most harm to cyber adversaries in the UK
the UK is likely to and contribute to are most at
be caused and harm reduction risk enables
where the NCSC centres. the team to
can have the determine which
most impact in organisations
reducing it. need the most
pressing support.

Inside the NCSC’s The

Toptop five sectors
five sectors supported
requiring NCSC
Operations byIncident
NCSC Incidentsupport
Management Management
this
To help explain what the NCSC does, it has highlighted three components of the three year were:
main functions of its operating model:
Threat Operations
The focal point for building the Reduce harm by using the Increases the
nation’s technical knowledge NCSC’s unique intelligence and overall cost to
of the threat and directing the trusted partnerships to detect cyber adversaries
1st Government
strategic response to it. attacks directly and enable by developing and
others’ defence. deploying counter
cyber campaigns.
Incident Management (IM)
2nd Academia
The NCSC is the lead But the NCSC can’t do this The insights and
government organisation for alone, and the IM team works knowledge derived
managing cyber incidents closely with law enforcement, from incidents is
and has led on 658 incidents the UK intelligence community, used to inform wider
in the last year, providing wider government and the protective advice
support to almost 900 victim private sector. and guidance.
organisations, handling
3
almost 1,800 incidents since
commencing operations. rd Information
Assessments Technology ADDFDGFGDDAD
Editorially independent but The team informs both policy Assessments also allow
4th Managed Service

fully integrated into the NCSC’s and operational decision- the NCSC to better
Operations, the Assessments making at the heart of predict adversaries’
team delivers all source, expert
and independent assessment
government and also shares
appropriately classified
future behaviour and
reduce impact. Providers
of cyber threats. assessments to the wider UK
economy and citizens.
5th Transport and

Health (joint fifth)
In the providing The NCSC has
last year support handled almost
1,800
the NCSC to almost
900
has led on
658
incidents
victim
organisations
incidents since
commencing
operations

Calling out Hostile State Actors Launching the NCSC’s

Cyber Defence Ecosystem “While we have responded to
The NCSC works collaboratively with a strong Working with law enforcement
network of partners in the UK and internationally. Information sharing is hardly a new concept and 658 incidents this year, we also
Through this work with partners, the NCSC “The NCSC is an invaluable partner as part has been touted as a panacea for many years
knows more about its main nation state threats, of the National Crime Agency (NCA)-led in the cyber security realm. The NCSC’s ambition want to help pass on knowledge
including Russia, China, Iran and North Korea, Team Cyber UK law enforcement response is to deliver an ecosystem that transforms cyber
than it ever has before. to the scale and increasing complexity threat knowledge sharing, brings disparate to help organisations defend
of cyber crime in the UK. initiatives together by giving them a clear
Working with the Foreign Commonwealth purpose (to reduce harm), and enhances them themselves.
Office (FCO) on the public attributions of states “Their expertise and joint working in a coherent and coordinated way. Ultimately,
(such as the Russian GRU being responsible for regularly helps the NCA to build the the Cyber Defence Ecosystem (CDE) ensures the
activity known in public as APT28), has been an best possible intelligence picture of right knowledge gets to the right people at the
overt action that shows other nation states that serious and organised crime threats. right time, in the right format. “Working on hundreds of
there will be consequences of their actions.
“It has been extremely useful to have a one- The CDE aims to foster a national (and hopefully incidents has helped us to
Underpinning a public attribution by government stop shop that can coordinate information international) ecosystem of collaborative threat
of this kind requires months of investigative work sharing in real time for live incidents - analysis and automated threat sharing using pull together advice to help
and sharing of information with partners, to helping Team Cyber UK to better understand open industry standards. The initiative
build the investigative picture and a coalition ongoing attacks, identify the next steps to complements the ACD programme, which organisations more effectively
of partners who will move in lockstep with mitigate the impact, develop attribution and since 2016 has shown how simple measures
UK government. deliver positive outcomes for the victims.” can greatly reduce commodity cyber attacks. detect, respond to and resolve
Knowledge Driven Operations Jim Stokley, Deputy Director and Head of The purpose of the CDE is not to simply share their own incidents.
the NCA’s National Cyber Crime Unit information – it is to improve protection in service
The NCSC strives to be an active organisation. providers, enterprises and those who defend
That spirit has ensured the NCSC is recognised networks for their communities through driving
as a world leader – and the approach will concrete action based on shared knowledge. “Having a well-planned and
not temper now the organisation is growing
in maturity. The CDE is built on framework created by several well-practised response plan
years' work that now enables the NCSC to share
Central to the Operations team’s work over understanding of threats and alert potential will help minimise the damage
the upcoming years will be a commitment to victims at rapid speed in an automated way.
investigations into those who want to do harm to caused by a cyber attack.”
the UK. This means knowledge driven operations This new ecosystem seeks to deliver four key
on the country’s adversaries, their capabilities outcomes: Paul Chichester, NCSC Director of Operations
and their operations.
1 Create a structured and automated
ecosystem across the UK (and in time globally).
2 Share ‘our part of the puzzle’ to better defend

the UK, partners and allies.
3 Build and enhance threat awareness to enable

better detection and defence.
4 Rapidly alert enterprise victims of malicious

activity.

As well as getting the intelligence, the NCSC wants The NCSC’s London headquarters
The IOC information faster, the

technology has freed up the
NCSC’s skilled analysts to
to share that intelligence as
quickly as possible, to defend
itself and its allies against
Machine concentrate on matters that

maximise their expertise.
that threat before it causes
damage. While being created
as part of an intelligence
What does the agency has immeasurable
The NCSC is committed IOC Machine declassify? benefits to the NCSC, it also
to sharing as much of its presents some problems – and
knowledge in real time as An ‘Indicator of Compromise’ in particular, lengthy processes
possible. This has manifested can mean anything from to declassify materials.
itself in the creation of the understanding how an
Indicator of Compromise adversary works (their tools, Previously, each indicator
(IOC) Machine, which techniques and practices), all would need to be checked by
has transformed the way the way through to specific an official to ensure it met a
top sensitive material is information relating to an strict set of policies before being
‘declassified’ into the public attacker, such as signatures put into a queue for delivery.
domain – greatly increasing the of malware, or IP addresses The process was so lengthy
UK’s resilience to cyber threats. frequently used by an adversary. that by the time information
got out it could be irrelevant.
Since it went live this year, When it spots an adversary
the technology has enabled attacking the UK through
a tenfold increase of vital
indicators the NCSC shares
with external internet service
providers and industry partners.
This now means that in an
average month more than
Making the most of
1,000 vital indicators are being
shared at the click of a button. the NCSC’s London
What has been changed?
The processes to determine

headquarters
whether information can be
shared was previously done Situated in the heart of meetings, workshops and
through a labour-intensive, Victoria, London, the NCSC’s events all year round.
manual process between ‘Nova South’ headquarters It brings people together
various NCSC teams. offer a dynamic environment across economic sectors,
to deliver the organisation’s the cyber security
The IOC Machine, which sits mission. It fosters a culture community and wider
in GCHQ’s headquarters in of innovation and ways of society to exchange ideas,
Cheltenham, performs those working fit to address 21st share threat information and
thousands of checks in a matter century security challenges. fix the things that matter.
of seconds. What would have
previously distracted skilled Its central location, within The NCSC has welcomed
analysts for a number of walking distance to Whitehall, a huge variety of guests,
hours is now done within ensures the NSCS’s expertise including prime ministers,
moments. on key matters of national ministers, senior officials
security can be called upon and parliamentarians from
The ultimate power still rests at short notice. across the world, through to
with a human, as an analyst will industry leaders and the next
consider the findings of the IOC The facilities offer an open generation of cyber talent
Machine to determine whether and flexible workspace, with schools visits.
the information around the complemented by the full
compromise can be released. range of security capabilities In the past year, the NCSC
But the machine has rapidly enabling seamless working has hosted 197 events,
expedited the process behind across classifications. with more than 9,000
declassifying material that can attendees visiting its London
be shared from the NCSC’s top The NCSC maximises its headquarters.
secret computers to people London home to facilitate
outside of the organisation.

4
International
cooperation
Cyber attacks do not respect NCSC representatives

international boundaries, have visited more than 20
and many of the threats and countries for bilateral and
vulnerabilities we face are multilateral engagements,
shared around the globe. as well as participating
as spokespeople in 30
Each state has sovereignty to international events.
defend itself as it sees fit, but it’s
vital that as a country, we work The sentiments of
closely with our allies to make partnership, friendship
the internet as safe as possible. and common values of
freedom, democracy
Since its creation, the NCSC and prosperity have
has worked with countries on been common themes
every continent to help share throughout the NCSC’s
information and improve international engagements,
cyber defence. which included visiting
many other European
In the past year, the NCSC countries, the USA,
has welcomed international Australia, Canada and
delegations from 56 countries. Japan among others.

International security cooperation
A range of international cyber dialogues relationships around cyber security and policy
were attended by leaders from across UK with its key partners. The NCSC’s contributions
government including the Cabinet Office, include threat assessments, technical advice
the Foreign and Commonwealth Office, DCMS and insights from incident management practice
and the Department for International Trade. to help coordinate operational approaches and
These conversations help develop the UK’s enhance cyber security standards.
“The strength of the UK’s cyber “The NCSC’s world-class

security export offer is built capabilities and analysis have
on our history of expertise, underpinned UK government
innovation, quality, and attributions of malign cyber
trustworthiness. The NCSC’s attacks. On the international
support of the Department of front, the relationships it has
International Trade and UK built and the cyber capacity
industry underlines all of these building programmes it has
factors and is a vital part of our supported continue to play
ability to increase the country’s a vital role in delivering for
prosperity and improve Global Britain.”
national security.” Alexander Evans, Director Cyber, Jens Stoltenberg, NATO Secretary General at the Cyber Defence conference
Foreign and Commonwealth Office
The Rt Hon Elizabeth Truss MP,
Secretary of State for International Trade Cyber Defence cooperation with NATO
“Hosting this NATO
The NCSC works closely with NATO to support
its deterrence and defence objectives. As part conference in London, at
of the Cyber Defence conference, NATO allies
“As the next phase of the UK’s relationship with the rest of reinforced a pledge to ensure strong and the NCSC, is a testimony
resilient cyber defences.
Europe takes shape, we want to take our partnerships further to the strong commitment
The UK’s Foreign and Defence secretaries
and to develop new ones. I am proud of the increasing frequency hosted NATO’s Secretary General, the North and leadership of the UK
Atlantic Council Ambassadors and 120 cyber
with which I see my European counterparts and the deepening experts from 29 countries for conference in the cyber domain. The
sessions at the NCSC’s headquarters and
friendships we have nurtured, the boundaries we are removing Lancaster House in London. NCSC is a model for national
and the ground we are breaking. The protection of our shared The NCSC strongly supports the full coordination, bringing together
implementation of the Cyber Defence Pledge
values of freedom, democracy and prosperity, all underpinned agreed in Warsaw in 2016, to ensure that the the best expertise to tackle a
Alliance is cyber aware, cyber trained, cyber
by the rule of law, is what we strive for.” secure and cyber enabled. growing threat.”
Ciaran Martin, NCSC CEO speaking at the One Conference in the Netherlands Jens Stoltenberg, NATO Secretary General

Five Eyes: Intelligence alliance NCSC CEO receives international

at CYBERUK 2019 “What an excellent week at award for cyber security leadership
Experts from the ‘Five Eyes’ intelligence agency CYBERUK 2019! Scott Jones, The International Cyber Security Leadership
alliance advocated for global cyber attack Award was presented to Ciaran Martin at
resilience when sharing a stage together for Head of the Cyber Centre, the Billington Cyber Security Summit in
the first time on UK soil. Washington DC.
was chuffed to represent
The Five Eyes intelligence alliance comprises The annual summit, held at the Washington
the UK, USA, Canada, Australia and New Zealand. Canada in Glasgow, especially Convention Centre, brings together a range
Through the alliance, participating countries of international experts in cyber security.
work closely together to keep their citizens safe during Wednesday’s Five Eyes
from cyber threats. Before receiving the award, Ciaran Martin
panel. It’s always a pleasure delivered a speech in which he reflected on
The public session took place at the NCSC’s the journey taken by the NCSC since he last
annual conference, CYBERUK 2019, which saw to share the stage with our spoke at the summit in 2016, shortly before
2,500 cyber security experts come together the NCSC formally came into existence.
for a two-day event in Glasgow’s Scottish counterparts.”
Exhibition Centre.
Canadian Centre for Cyber Security
The panel considered the shared threats and via Twitter
global vulnerabilities that exist in cyber systems.
During the event, delegates had the opportunity
to share their experiences of countering these
threats and the different approaches used.
Five Eyes intelligence alliance panel chaired by the Yasmin Brooks, Director of Cyber, DCMS

5
Securing
the digital
homeland:
How we help people do
things for themselves
Smartphones, computers The NCSC is leading the

and the internet are now way in supporting people
such a fundamental part of and organisations to make
modern life, it’s difficult to sensible, informed, evidence-
imagine how we’d function based decisions about the
without them. That’s why protective measures they
cyber security is so important. can take, supporting them to
manage their cyber security
From online banking and risk and make their online
shopping, to email and behaviour secure.
social media, it’s vital to take
steps that can prevent cyber In tandem with this, the NCSC
criminals getting hold of our is doing more to take the
personal accounts, data, burden of cyber security away
and devices. from individuals by, for example,
working closely with device
Confidence in the security of manufacturers and online
our digital lives is more and platform providers to build
more important. If citizens security into their products and
don’t think that their digital services at the design stage,
environment is safe, the helping to protect people from
country’s prosperity and social the outset.
cohesion is in trouble.

Supporting
citizens
Cyber security is of growing importance, but Case study:
many people do not understand the potential WhatsApp
impact that threats can have, or how to manage Building the NCSC’s web presence Cyber Aware
them when they do. That’s why the NCSC supports WhatsApp announced that it had found and
the UK’s individuals and families to deal with the The NCSC has delivered a new and improved The NCSC is working alongside the Cabinet fixed a security flaw in its messaging service
common cyber problems they may encounter in website that appeals to a wider audience by: Office, DCMS and the Home Office to deliver that allowed hackers to compromise a device.
their everyday lives, helping them to stay secure. Cyber Aware – the national behaviour In response, the NCSC published guidance
• Responding to user feedback. change campaign for cyber security. advising users to update their WhatsApp app in
The NCSC online order to protect themselves against potential
• Focusing on giving users an The campaign establishes a single trusted attack. The guidance attracted a 54% increase
As well as advice on keeping secure at home improved journey through the site voice to provide timely, accessible and in page views in its first week.
and work by protecting people’s devices and with more intuitive navigation. consistent advice to individuals and smaller
data, guidance is now easily accessible on organisations, empowering them to take
topics such as how to shop online securely, • Helping users to understand action to protect themselves online.
how to use social media safely, and how to the importance of cyber security,
choose the right antivirus product. and how they can protect The Cyber Aware campaign is part of a Case study:
themselves at work and at home. wider set of initiatives across the NCSC Black Friday and Cyber Monday
The NCSC also offers advice on dealing with and other government departments to
cyber crime, and how to report a problem when • Making the platform as secure better support individuals and families. Shoppers were encouraged to learn and
something goes wrong online. The NCSC’s website as necessary so as not to compromise This includes working with manufacturers share simple cyber security steps to reduce the
includes tips for staying secure online, such as on usability and functionality. to make software and systems secure likelihood of falling victim to Black Friday and
simple steps that can be taken in less than five by design, as well as some of the NCSC’s Cyber Monday scams. The NCSC published seven
minutes which significantly reduce the chance The re-design included creating new Active Cyber Defence services. tips everybody should know before, during and
of falling victim to cyber crime. It also guides sections on the website, designed around after making an online purchase, teaming up
users on what to do if their computer has the specific needs of those using it. The campaign connects with other with experts from Microsoft and the British Retail
been attacked by a virus or an account has government departments, the policing Consortium to challenge people to learn the tips
been hacked. The NCSC has conducted extensive community and trusted third party supporters and pass them on with a ‘cyber chat’.
user research to develop: to help target the advice. The NCSC also works
Additionally, there is more detailed advice on closely with a number of priority industry and • Social media posts promoting the NCSC
how to keep secure while enjoying online gaming, • Quick-start guides tailored to each voluntary sector partners to align messages podcasts were shared 900+ times and liked
or ensuring the security of the increasing range audience, so they can understand the and ensure all advice can be actioned. 2,100+ times.
of ‘smart’ technology available for the home. information that’s relevant for them.
• The NCSC’s Twitter following increased to over
The NCSC Enquiries Service • Multi-page articles to make it easier 50,000 as a result of social media activity.
to work through complex topics.
The NCSC’s public enquiries service dealt with • Digital assets were amplified by Santander,
11,000 queries over the past year, representing • Shorter articles with more graphics Lloyd’s, Barclays Bank, Tesco, Get Safe Online,
more than 200 enquiries every week. so content can be quickly scanned. and Action Fraud.
The NCSC enquiries team can be contacted • An alert banner on the homepage
via enquiries@ncsc.gov.uk or by calling with important advice and guidance
0300 020 0964. during cyber security incidents.
• A ‘mobile-first’ approach to make

it just as easy (if not easier) to read
content on smartphones and tablets.
www.ncsc.gov.uk

Supporting “We are increasingly seeing “The NCSC’s guidance for

organisations the Cyber Essentials scheme businesses to protect
Exercise in a Box
Exercise in a Box is an online tool which allows

being used successfully as themselves has received organisations to find out how resilient they
The vast majority of organisations in the UK rely are to a cyber attack, and to evaluate their
on digital technology to function. Good cyber a scaffold for the smallest of positive engagement, and we readiness to respond. The tool was originally
security helps them take full advantage of the designed for SMEs, local government and
opportunities that technology brings. organisations to implement anticipate it can reach and emergency services, but high demand has
seen many larger organisations using the
The NCSC has worked with DCMS to identify priority basic cyber security controls. positively influence a wide tool to determine their own resilience.
sectors to tailor support. It has developed effective
partnerships across 14 economic sectors as well as The assessment questions portion of our business and Ciaran Martin, NCSC CEO, says: “Large or
in education, charities and voluntary organisations. small, private or public sector, getting your
Since the NCSC launched, it has built trusted are a structured way for small commercial customer base.” organisation to practice what happens in
relationships, produced actionable guidance and a cyber attack helps you to spot the gaps
innovative self-help tools to raise cyber security companies to become more Robert Mitchell, Content Manager, Commercial in your fitness regime and shows where
resilience across the sectors it serves. & Private Banking Digital Services, NatWest you might need to change up a gear.”
educated and question their
Steve, one of the NCSC’s experts who helped
Small and IT providers on security

controls, helping to protect “At ASOS we decided to
design the concept, says that exercising is
one of the best ways for a business to find
out how they would react to an incident.
medium-sized their business.” incorporate the ‘Exercise in “There are plenty of commercial products
that offer exercises for companies, but they
organisations Dr Emma Philpott MBE, CEO,

The IASME Consortium Ltd
a Box’ content into our data
security incident rehearsals.
can be very expensive. We designed this
to be a free tool because we wanted SMEs
to get used to the concept of exercising.
Managing cyber security can feel daunting Cyber Essentials We found that the structure “Any company can do these exercises
if you run a small business or are responsible on their own and know they are doing
for IT systems in charities, clubs and schools. Helping organisations to protect themselves of the desktop exercises and it in a safe environment. It’s much
The NCSC aims to help people feel confident from the most common internet-based cyber better to practice beforehand rather
in protecting their organisations. threats, Cyber Essentials is available to all UK simulation really helped to than waiting for the real event.
organisations, of any size and from any sector,
Small Business Guide that want to demonstrate their commitment bring the rehearsals to life as “You don’t have to be technically-minded to
to cyber security. use this product. It’s all done in a language
The NCSC Small Business Guide provides five well as encourage discussion that can be readily understood, with lots
quick and easy steps that can significantly As part of DCMS and the NCSC’s ongoing of supporting material and resources.
reduce the chances of businesses becoming commitment to the scheme, improvements and feedback.”
victims of cyber crime. The guide, and continue to be made. As well as ensuring that “We’ve been really impressed with how
accompanying action list, has been distributed there is consistency in the way the scheme George Mudie, Chief Information popular these exercises have been, not
around the country, reaching hundreds of is operated, the NCSC wants to ensure that Security Officer, ASOS only in the UK, but around the world. We
thousands of small and medium-sized enterprises Certification Bodies and Assessors are all are now looking to evolve the concept for
(SMEs). New guidance was launched this year working to the same standard and have a bigger businesses and the public sector.”
to help small businesses prepare their response clear and consistent minimum level of cyber
and plan their recovery from a cyber incident as security competence. The NCSC has awarded www.ncsc.gov.uk/information/
quickly as possible. a five-year contract to the IASME Consortium exercise-in-a-box
Ltd to be its new Cyber Essentials partner
from April 2020.
Currently, there is no automatic expiry

date on certificates. For companies that are
using Cyber Essentials to provide confidence
in the security of their supply chain, this is
not helpful. To support this and improve the
process, from 2020, certificates will be issued
with a 12-month expiry date.

Schools and colleges
How to set up your own basic Charities Top Tips for Staff In partnership with the education sector,
security logging system the NCSC has produced the first dedicated
A government survey found that many of the The NCSC’s e-learning video, Top piece of research on cyber security in schools.
Logging is an important tool for any UK’s 180,000 charities had experienced cyber Tips for Staff, has proved immensely
organisation to keep track of and capture the breaches, including viruses, phishing emails, popular with small businesses and The NCSC spoke to over 430 schools across
kind of data that’s central to understanding ransomware attacks and identity theft. individuals, as a free, easily accessible the UK, with 92% stating that they would
and recovering from a cyber breach. guide to keeping safe online. welcome more cyber security training for
While criminals may pursue financial gain, teachers and staff. In response, the NCSC is
This can be everything from logins to charities have also been attacked by hackers The 30-minute video, aimed at a non- developing a dedicated cyber security training
emails to firewall updates – all of which motivated by a personal or political agenda. technical audience, covers four key areas: package for schools.
are considered security events. These protection against phishing, the importance
logs provide a detailed record of all One UK charity lost £13,000 after its CEO’s of strong passwords, securing devices and Before this package is launched, the NCSC has
security events which can be used to email account was hacked, and a fraudulent reporting incidents when things go wrong. created information cards that contain basic
manage cyber attacks and prevent message sent to its financial manager cyber hygiene messages for all staff working
them from happening in the future. with instructions to release the funds. Often The NCSC’s Jack says: “The tips can be in the sector, which will be sent directly to over
such crimes go unreported because of a used by anyone, from large companies to 10,000 schools across the country.
The newly launched open source project, charity’s fear of reputational damage. people working on their own from home. It’s
Logging Made Easy (LME), is a self-install highlighting the message to organisations By increasing its engagement with schools
tutorial for small organisations to gain a In response to this, the NCSC has that their first line of security is their staff. and colleges, the NCSC has improved its
basic level of centralised security and provide developed an educational programme understanding of the sector’s cyber vulnerabilities.
them with the tools they need to detect and designed to put the charity sector on a “The advice has been taken up by many The NCSC has built links with the Association
protect themselves against cyber attacks. much stronger footing in cyberspace. smaller businesses and charities which of Colleges and other umbrella bodies, and is
The programme features a series of may not have their own IT departments helping the sector to improve its cyber resilience
simple steps to protect organisations from or the resources to train employees through existing NCSC products and services,
attack, saving reputation, funds and data in cyber security, attracting 1,500 hits including a webinar which is available to all
from falling into the hands of criminals. per month to the NCSC website.” senior college leaders through an industry portal.
Charities often prefer to seek advice

“We know that small charities from the bodies that represent them,
so a partnership has been made with
and voluntary organisations NAVCA which supports 145,000 charities
and voluntary groups in England. A
face real risks from cyber crime. successful programme has been developed
to train volunteers to deliver cyber safety
By working in close partnership awareness sessions for charities and
voluntary groups within local communities.
with NAVCA and its network
The pilot showed a clear need for these
of members, the NCSC has sessions, with 96% of participants having
felt that their increased awareness of cyber
demonstrated a commitment safety would improve their organisation.
to delivering cyber security

protection to thousands of
small voluntary organisations,
AFGVGADDAADA
working to support communities
and people in need the length
and breadth of the country.”
Jane Ide, CEO, National Association of Voluntary
and Community Action (NAVCA)

Large
organisations
Universities
“A common issue in the
Cyber Security Toolkit for Boards Supply chain contracts The NCSC has continued to engage with
UK boardroom has been universities and research institutes, supporting
Boards are pivotal in improving the cyber Most organisations rely upon suppliers to them to defend themselves against and
security of their organisations. The Board that cyber security is deliver products, systems, and services. respond to cyber incidents.
Toolkit has been created by the NCSC to But supply chains can be large and complex,
encourage essential discussions about cyber delegated to the IT department involving many different parties. Effectively Consultation conducted with universities will
security to take place between the Board and securing the supply chain can be hard, form the basis of Trusted Research, advice being
their technical experts, helping to raise the and does not gain attention because vulnerabilities can be inherent or jointly produced by the Centre for the Protection
maturity, readiness and resilience of the UK’s introduced and exploited at any point in of National Infrastructure (CPNI) and the NCSC.
largest organisations against cyber threats. as a priority until a breach the supply chain, in some cases causing
wide-spread damage. Trusted Research is designed to help the
New regulations, such as GDPR, mean that has occurred. Given that a UK’s world-leading research and innovation
board members have a responsibility To combat this risk, the NCSC is introducing sector get the most out of international
to ensure good cyber security cyber attack is no longer support to help companies protect scientific collaboration, whilst protecting
protects their organisation’s resilience themselves as part of their supply intellectual property, sensitive research and
in a complex digital world. an ‘if’ but a ‘when’, board chain contracts, putting processes personal information.
in writing to ensure that any cyber
The NCSC’s Katie says that while those on a members need help with threat in their supply chains have as The NCSC is now funding academics at
board may have the confidence to ask the little negative impact as possible. Academic Excellence in Cyber Security Research
right questions on accounting or health and guidance on what to protect (ACE-CSR) universities to undertake research
safety matters, they often don’t have the Supplier Check projects to identify the specific cyber security
same confidence on cyber security issues. and how to go about it. challenges facing their own and others’ institutions.
The NCSC is piloting an initiative called
“The Board Toolkit gives organisations a The Toolkit is a practical Supplier Check, with critical suppliers to www.ncsc.gov.uk/report/the-cyber-threat-to-
starting point to examine this topic. They may government. The product scans a company’s universities
want to put cyber security on the agenda, resource for board members external footprint to identify and highlight
but are looking for a good place to start. vulnerabilities, which can then be discussed
This toolkit provides an introduction to a wide and their CISOs to help with the supplier to raise their level of
range of subjects in a digestible format. cyber security. Major Events Guide
identify best practice and
“Board members can ask any questions, The NCSC’s Major Events Guide outlines how to
knowing they will receive an engaging and better understand how to incorporate Cyber Risk Management processes
informed discussion with technical experts into event planning. The guide is designed
that will enable them to take positive action.” discuss cyber investment for organisations running large scale sporting
events, but steps and processes outlined can
www.ncsc.gov.uk/collection/board-toolkit decisions in the boardroom.” also be incorporated into general event planning.
Jacqueline de Rojas, President, techUK www.ncsc.gov.uk/guidance/cyber-security-

for-major-events

Commercial Assurance Services: Vulnerability Assessment is a critical service that Case study:
Harnessing industry keeps us all safe in our professional and personal Smart Meters
lives. The NCSC’s “CHECK” companies test systems
Partnerships are vital to the NCSC. This is and networks that are relied upon every day, The NCSC has played a pivotal role in supporting “As always, the NCSC’s technical insights
particularly true for Commercial Assurance looking for flaws that developers can fix before the government’s objective, which requires continue to provide huge value in assessing
Services, where the NCSC aims to increase its systems go live. all 13 million UK households to be offered a current and future requirements, whilst their
reach by harnessing industry. Smart Meter. pragmatism and flexibility has been crucial in
In the last year, these assured industry partners enabling us to continually review and improve
The NCSC has embarked on an ambitious service have raised over 2,000 reports detailing the It has worked with industry partners and BEIS, to the assurance processes where required.”
transformation to simplify operations, enhance vulnerabilities they have identified to keep the certify 12 new gas and electricity meter products.
partnerships and extend its offering to meet the UK cyber safe. In addition, the NCSC’s industry partners have Daryl Flack, Smart Metering Implementation
needs of new customers, as well as improving assured a further six communication products Programme, BEIS
services for existing users. Responding to Cyber Incidents is a critical that transmit data from the meter in homes back
service when problems arise. The NCSC’s Incident to the utility provider.
A wide range of the NCSC’s specialists work in Response experts work with its trusted industry
technical, educational, legal, commercial, and partners to assist in identifying the root cause of
engagement roles to make sure its industry incidents and assist in recovery and clean-up,
partners – currently more than 180 organisations ensuring that the most comprehensive lessons
– meet required standards. These NCSC-assured
products and services help provide people
with confidence and trust in their choices.
are shared along the way. The NCSC has involved
the Information Commissioners Office, enriching
dialogues with industry and helping to set the
Cyber security communities
direction for the Cyber Incident Response service
as it looks to enhance, improve and expand to Cyber Security Information In the last 12 months, 72 work to be carried out across
meet new needs. Sharing Partnership additional secondees, from UK law enforcement.
more than 56 organisations,
The Cyber Security Information have worked across the NCSC The regional Cyber PROTECT
Commercial Assurance Services Sharing Partnership (CiSP) is a

joint industry and government
initiative, set up to exchange
in short-term placements, such
as threat operations, capability
development, and across
teams were central to the
launch of Exercise in a Box,
helping the NCSC to reach
in numbers cyber threat information in

real time, in a confidential and
dynamic environment, reducing
engagement teams.
From engaging with CyberFirst
students and launching
local businesses, providing
them with a practical
way to test their cyber
12 16
impact on UK business. products to better alert their preparedness. The network
sectors to emerging threats, worked with the Foundation
Through CiSP, members to developing systems which for Social Improvement to
are provided with a secure allow real-time detection of raise awareness of the Small
Gas & Electricity Smart Meter Industry partner events environment to engage with adversaries, the secondees Charity Guide and support
products assured hosted, with industry and government have made invaluable organisations in making
325
counterparts, supplying early contributions to the NCSC, their improvements to their
39
warning of cyber threats, organisations and the wider cyber security.
and helping them learn from cyber security community.
experiences and successes of On a day-to-day basis, the
representatives from industry other users. Law Enforcement and network uses the NCSC’s advice
Quality audits of industry Regional Organised and guidance as the foundation
253
partners carried out There are currently 15,571 Crime Units for supporting victims of cyber
registered CiSP members. The crime, to help them recover and
40
NCSC estimates this comprises Managed by the National prevent repeat victimisation.
5,500 organisations from 22 Police Chiefs’ Council, Regional
Cyber Professional sectors. Organised Crime Units (ROCUs)
Certifications issued are trusted partners of the NCSC “The NCSC provides us with
Vulnerability Assessment partners Industry 100 that form the Cyber PROTECT an up to date PROTECT
19
Network and the wider National framework containing current
14,234
Industry 100 is the NCSC’s Crime Agency-led Team Cyber threat data, mitigation advice
principal initiative to facilitate UK network. The ROCUs network and interactive services to
close collaboration with the is made up of more than 100 help keep the businesses and
cyber security training best and most diverse minds officers and staff across the residents of Yorkshire and
courses certified from outside the organisation. country, helping to make the Humberside safe from the
Cyber Essential Certificates issued It brings together public and NCSC’s advice as accessible ever-evolving threats posed
39%
private sector talent to challenge as possible for communities by cyber criminals.”
thinking, test innovative ideas and to protect themselves against
increase on the enable greater understanding of cyber crime. The network also DCI Tim Ingle on behalf of York
previous year cyber security. enables large-scale mitigation and the Humber ROCU

CYBERUK 2019
Hosted in Scotland for the first time, CYBERUK 2019
reached nearly 3,000 delegates across industry,
government and academia. The event delivered
a wide range of content through demonstrations,
talks and interactive workshops with world-
leading experts.
Providing a dynamic forum for the UK’s cyber

security community, CYBERUK 2019 facilitated
national and international conversations to
deepen understanding, challenge thinking, create
debate and foster collaboration in cyber security.
Working closely with partners, a strong Scottish

presence was facilitated through speakers and
exhibiting companies. The Scottish government
ran a Cyber Week in Glasgow to coincide with
CYBERUK 2019 and now plans to run this annually,
ensuring a lasting legacy.
The event also encouraged Scotland’s young Paul Chichester, NCSC Director of Operations
people to consider a role in cyber security, welcomes delegates
inspiring the next generation of industry experts.
Local schools were invited to visit the exhibition at
CYBERUK 2019, to hear from the NCSC and industry
experts, and develop their skills in ‘cyber games’, Highlights
through code-breaking challenges, cipher •
decryption, and lessons in Minecraft and Python. “CYBERUK 2019 was a great “CYBERUK is exactly what
• 2,767 delegates
The NCSC will be hosting CYBERUK 2020 in Wales. opportunity to hear from key you can expect from a
• 240+ speakers
influencers in the industry conference led by the NCSC,
• 159 sponsors and exhibitors
and learn from their experience which continues to focus on
• 21 countries represented
and best practice. It was a high leverage and high impact
• 22 ‘Spotlight Stage’ lightning talks
privilege to host the event in activities. Their innovation
• 48 audience-centred stream sessions
Glasgow and was a testament is setting the bar for cyber
• 17 interactive workshops
to Scotland’s commitment to security efforts across the
• Five Eyes panel discussion on global
cyber issues cyber security. To have all these Five Eyes, and we are
• 9 Scottish SMEs showcased in the exhibition’s varied stands, speakers and grateful for the partnership.”
‘Scotland Street’
organisations come together Rob Joyce, former Senior Cyber Security Advisor,
• 81 children attended from Glasgow schools National Security Agency
is a fantastic opportunity
• 1,800+ pieces of media coverage
to network and build
• 8,187 uses of #CYBERUK19 on social media
relationships.”
• 92% of delegates rated the event overall as
good or excellent Kirstie Steele, Cyber Resilience Unit,
CYBERUK 2019 at the Scottish Event Scottish Government
Campus, Glasgow

Cyber
capability for
the future:
How we work with people
The NCSC uses industry and academic expertise to nurture the

UK’s cyber security capability. It helps to build the UK’s talent
pipeline, promote innovation and develop the country’s cyber
security research, ensuring a secure, resilient and prosperous
economy by providing people and organisations with the cyber
security skills they need.

People
Working with industry, government
and academia, the NCSC strives
CyberFirst pathway 11-14 11-14
11-14
CyberFirst CyberFirst
CyberFirst
AdventurersAdventurers
Adventurers “The CyberFirst
to support the next generation of A free one-day non-residential
students, researchers and cyber A free one-day non-residential
course aimed at 11
A free one-day
course
course
aimed atnon-residential
to course
14 year-olds.
aimed
11 to 14 year-olds.
at 11 toof14four
year-olds.
Bursary scheme has
security professionals at a time of The consists themed
The course consists
The of
course
four themed
consists of four themed
been the best thing
12-13
modules offering interactive, hands
rapid change, to help them develop
12-13 12-13
modules offeringon,
modules
interactive,
offering
hands interactive,learning.
hands
CyberFirst CyberFirst
self-guided, exploratory
the skills they need to have a CyberFirst on, self-guided, exploratory
on, self-guided,
learning.
exploratory learning.
rewarding career in cyber security. Girls
Girls Competition
Girls CompetitionCompetition
I’ve ever done in my
CyberFirst The CyberFirst Girls Competition
The CyberFirst Girls
The Competition
CyberFirst
inspires the next Girls Competition
generation of
life and has opened
inspires the next generation
inspires theof next
togeneration
consider a of
CyberFirst aims to identify
young women
young women to young
considerwomen
a to consider a so many doors for
13-18 13-18
career in cyber security. This free,
Cyber
13-18
and nurture young talent, career in cyber security.
career in This
cyber
free,security. Thistofree,
nationwide contest is open girls Cyber Cyber
engaging students from nationwide contestnationwide
in is open
Year 8 intoEngland
contest
girls is open
and to girls
Wales,
Discovery me. I’ve had the
all backgrounds and
in Year 8 in England
in
Year 9 in NI and S2
Year
Year
and 8
Wales,
in
in Scotland.
England and Wales,
Year 9 in NI and S2 in Scotland.
9 in NI and S2 in Scotland. Discovery Discovery
regions, helping them to
Cyber Discovery is
Cyber Discovery is the government’s
Cyber
theonline,
government’s
Discovery is the government’s
opportunity to meet
explore their passion for technology free, extracurricular
free, online, extracurricular
free, online, extracurricular
and providing them with the programme developing
programme
programme
security the
skills
developing the cyber
developing
cyber
of teenagers theacross
cyber new people, make
14-15
necessary skills and knowledge security
security skills of teenagers
the skills
across
country. of students
For teenagers across
aged
CyberFirst
14-15 14-15 new connections
to put it into practice. the
the country. For students country.
aged For students aged
13 to 18, the NCSC is seeking problem
CyberFirst CyberFirst 13 to 18, the NCSC13 is to
seeking
18, the
solvers, codeproblem
NCSC is seeking
crackers problem
and, most
CyberFirst Bursaries Defenders Defenders
Defenders solvers, code crackers
solvers,and,
importantly, most
code crackers
those whoand,
nevermost
and gain new skills.”
importantly, those who
importantly,
give never those who never
up.
A free five-day residential and give up. give up.
Now in its fourth year, the CyberFirst A free five-day residential
A free five-day
and residential
non-residential and
course aimed Tia, CyberFirst Bursary student,
non-residential course
non-residential
at 14 toaimed
15 year-olds,course aimed
helping to
Bursary is continuing to provide at 14 to 15 year-olds,
at 14helping
to 15awareness
year-olds,
to helping Scotland
cyberto
15-16 15-16
increase of
15-16
financial support, cyber security increase awareness increase
of cyber
awareness of cyber
training and work experience to over
security,
security, whilst also
security,
whilst
equipping
them whilst
with
also equipping
also practical
relevant equipping skills CyberFirst CyberFirst
CyberFirst
750 UK undergraduates, helping them with relevant them
practical
they
they can apply inthey
withapply
can
theircan
relevant
skillsin their
ownapply
practical skills
own life.
life. in their own life. Futures Futures
Futures
young people kick start their career
in cyber. A free five-day residential and
A free five-day residential
A free five-day
and residential
non-residential and
course aimed
“We have benefitted
non-residential course
non-residential
at 15 toaimed course
16 year-olds, aimed
to explore
Each year hundreds of carefully at 15 to 16 year-olds,
at 15totoexplore
16 year-olds, to explore tremendously
16-17
advanced cyber security threats
16-17 16-17
selected and highly talented students advanced cyber security
advanced threats
cyber security threats
CyberFirst to devices, apps and software,
are provided with a bursary of £4,000 CyberFirst CyberFirst to devices, apps and
to devices,
software,
apps and software,
and discover ways to prevent them. from six CyberFirst
for each year of their undergraduate Advanced Advanced
Advanced
and discover ways andto discover
prevent them.
ways to prevent them.
study. They return each summer to A free five-day residential and

Bursary students in
spend a minimum of eight weeks A free five-day residential
A free five-day
and residential
non-residential course aimedand
learning key cyber security skills non-residential course
non-residential
at 16 toaimed
at 16 to 17 year-olds,
at 16toto
hone
course
17 year-olds,
17 behaviours
year-olds,
the to
aimed
to hone
hone
the
the
the last four years.
18+
in either the CyberFirst Academy skills and they need
18+ 18+
skills and behaviours
skillsthey
andthe
need
behaviours they need
or placements with more than 70 to enter
to enter the cybercomputing
tosecurity
enter the
cyber security
orworkplace
cyber security
or
or
for real. CyberFirst CyberFirst
CyberFirst They have been
industry and 14 government members Degree
Degree Apprenticeships
computing workplacecomputing
for real.
workplace for real.
of CyberFirst. Degree Apprenticeships
Apprenticeships amazing students,
A CyberFirst Degree Apprenticeship
To date, 56 Bursary students have A CyberFirst DegreeA
allows undergraduates
CyberFirst
Apprenticeship
allows
allows to
Degree Apprenticeship
undergraduates
undergraduates
earn
to earn
to earn whose ability to
graduated from the CyberFirst whilst they learn, ready for a job
whilst they learn, with
whilst
ready they
for a learn,
job ready for a job
18+
GCHQ.
absorb ideas and
18+ 18+
programme and have moved with GCHQ. with GCHQ.
into full time cyber security roles CyberFirst CyberFirst
CyberFirst
with companies and government
Bursaries Bursaries
Bursaries
deliver results at
departments, including; BAE Systems,
Barclays, IBM, Netcraft, Encipher Ltd, A CyberFirst Bursary offers
A CyberFirst Bursary
A CyberFirst
offers
undergraduatesBursary offers
£4,000 per
pace is a joy and
Lockheed Martin, DSTL, HMGCC, undergraduates £4,000
undergraduates
per
year financial £4,000 per
assistance and
MET Police, the MoD, GCHQ and at year financial assistance
year financial
paid and
cyber assistance
security and
training huge benefit to
the NCSC. paid cyber securitypaid
training
each cyber
summersecurity training
to help kick
each summer to eachhelp
start their career start
kick
summer
in cyber.
to help kick
start their career in cyber.
their career in cyber. For more information visit:
us all.”
Since 2017, the NCSC has seen a 181% For more information visit: information visit:
For more
www.cyberfirst.ncsc.gov.uk/
increase in the number of industry www.cyberfirst.ncsc.gov.uk/
www.cyberfirst.ncsc.gov.uk/ Martin Huddleston,
partners supporting this scheme. Head of Cyber, APMG

90% 809
CyberFirst Courses
“CyberFirst has given
The CyberFirst Courses are carefully designed to
us access to a wealth of bring out every student’s potential. Open to 11 to 17
year-olds, students are encouraged to understand
budding cyber talent. how everyday technology works and importantly,
how to protect it. This year, courses took place in
of CyberFirst students
By giving students the Paisley, Cardiff and Belfast, as well as Newcastle, Defenders, Advanced and aged 11 to 14 years-old, took
Southampton, Warwick, Gloucester and London. Futures students would like part in Cyber Adventurers
skills and investment to pursue a career in cyber courses, 50 of whom
All CyberFirst summer courses have been security, with 936 students attended the course at
they need to live and work credit rated by the Scottish Qualification hoping to attend additional the NCSC's headquarters
Authority (SQA) and have been independently CyberFirst programmes
securely online, CyberFirst certified as a GCHQ Certified course, which is
a fantastic endorsement of the course content,
is totally aligned with our quality and delivery.
own mission to make society

a safer place. It’s through
initiatives like this that we Joanna’s CyberFirst journey
will ensure the industry Joanna reached the final of the CyberFirst
Girls Competition at the age of 12, before
achieves ongoing sustainable going on to complete the CyberFirst
A further
1,100 705
Adventurers, Defenders, Futures and
growth, and we look forward Advanced courses. She is now considering
a CyberFirst apprenticeship.
to strengthening our
“Before the CyberFirst Girls Competition,
partnership in the I didn’t really know much about GCHQ
coming years.”
and the kind of jobs that were available. I
had an interest in computers, but I wasn’t free places young women
sure where to go next. After taking part in who took part in the CyberFirst
Colin Gillingham, Director of the finals of the competition, I realised I were taken up by
15 to 17 year-olds Girls Competition, enjoyed
Professional Services, NCC Group had a love of information gathering and free places on CyberFirst
on CyberFirst
evaluation. The competition sparked a Defenders courses
Defenders, Futures
passion that has led me to want to pursue
and Advanced courses
a career in intelligence/data analysis.
“After the competition I was invited to join

the CyberFirst courses, which excited me as
I wanted to find out more about technology
and how it can be used to protect us. During
the course, we were told about the CyberFirst
apprenticeship and bursary, and what our
next steps could be if we were interested in
a career in cyber security. I’m now hoping
Overall,
to apply for the apprenticeship when I finish
sixth form. I probably would have never course
applications
found out about this area of work if it wasn’t
for the CyberFirst Girls Competition!”
increased
by 29%
with a 47% increase
in the number of
female applicants

CyberFirst Girls Competition

“The competition has
The CyberFirst Girls Competition is part of the
NSCS’s efforts to get more girls into cyber security. helped me learn lots of
It provides a fun but challenging environment to
inspire the next generation of young women to new things that I had never
consider a career in the industry.
heard of before. It opened
With the largest and most diverse set of
participants, the CyberFirst Girls Competition my eyes to what cyber
2019 was the most successful to date. Nearly
12,000 girls from 841 schools entered from all security is really like,
corners of the UK – from Jersey to Caithness,
Essex to Londonderry – with double the number and what it takes to become
of schools participating from Scotland and Wales.
a cyber security professional.
After an online round of codebreaking challenges,
the top 10 schools competed in a face-to-face There aren’t many girls in
Grand Final in Edinburgh. The winning team
saved the day for a fictitious company facing a cyber security, so it is
cyber incident, developing skills in networking,
cryptography, logic and coding along the way. important to encourage
Following the competition, 98% said they would more to get involved.”
like to learn more about cyber security.
Erinna, The Queen’s School, Chester
Cyber Schools Hub at Newent Community School
Cyber Schools Hubs

“We were delighted to “Cyber Club has helped my
The last 12 months have seen the first full
work with the NCSC to academic year of Cyber Schools Hubs, created confidence in computing
to develop a model for engaging with schools
bring this course to our on cyber security. The project currently supports lessons. It has given me access
schools across Gloucestershire in a variety of
bright and engaged young ways, from sharing technical equipment and to technology and equipment
lesson plans, to funding educational visits and
students. Women are very linking with industry supporters. that I have never experienced.
underrepresented in the global Schools have set up extra-curricular cyber- Attending Cyber Club has
related clubs, augmenting the learning and
cyber industry but, here at inspiring the students. Newent Community School, made me consider Computer
for example, organised a Dragons’ Den-style
TIGHS, we have exceptionally event, developing ideas for wearable technology. Science as a job in the future,
They are now looking to run a regular wearable
talented girls who can help tech lunchtime club to build upon the interest as well as helping me develop
now generated amongst students.
make our country the safest my problem-solving skills
Wyedean School welcomed 200 Year 5 children
place to live and do business for a full day of Computer Science and cyber in everyday life.”
security, and Cleeve School ran a Hacking Skills
online. Let’s get them excited day, providing an opportunity for students to Sam, Year 8 student 
use the new hacking servers gifted to the project.
about computing, early.”
Organisations from across the UK are now
Asia Ali, Assistant Principal of Tauheedul actively involved in supporting participating
Islam Girls’ High School, Blackburn schools, from hosting visits, delivering events,
providing facilities for schools to use and
offering work placements.

Cyber Schools Certified Degrees
The NCSC Certified Degree community
Hubs statistics has continued to grow, with seven certified

undergraduate degrees and 24 certified
postgraduate degrees. Universities across
the UK, from Bristol to Dundee, Pontypridd to
Belfast, now offer certified degrees. This year
also saw the publication of a new standard to
26
certify Degree Apprenticeships in Cyber Security,
based on the Institute for Apprenticeships and
Technical Education’s recently published Cyber
Security Technical Professional standard.
participating schools
“Gaining certification has led
250
extra teaching hours of
to a continual increase in
student numbers.”
computer science activities
delivered across four schools “The Cyber Schools Hub Dr Rich Macfarlane, Edinburgh Napier University
project is instrumental in
120 Cyber Security Body of Knowledge

enabling our delivery of
Cyber security encompasses a wide range of
crates of educational equipment successful and impactful disciplines, but its relative youth means it lacks
such as specialised computers, the coherence found in more mature STEM fields.
robots and games, shared by sessions with talented young In response to this, the NCSC set up the Cyber
schools around the county Security Body of Knowledge, with the long-term
people who are incredibly aim of contributing to the development of the
19
cyber security profession. The project’s purpose
passionate about the topic is to codify the cyber security knowledge which
underpins the profession. The project focuses
and are willing to learn how on providing learning pathways, professional
organisations voluntarily development and careers information for the
participating in the project to practice their skills legally people of the UK.
and safely. Through the Apart from giving structure to the core
knowledge, topics and reference texts, the
opportunities provided by the project will enable the UK to focus learning
pathways, professional development and
Cyber Schools Hub, we have careers information. The NCSC has been
working with the cyber security community
also significantly broadened to identify key knowledge areas. To date,
the project has issued 19 knowledge areas
our own understanding into for review, with 14 published as version 1.0,
including Human Factors, Adversarial
why more young people Behaviours and Software Security.
are becoming interested in

cyber and the opportunities
available for them in a variety
of exciting careers.”
Representative, South West Regional Organised
Crime Unit

Research Cardiff University has been recognised

Research Institutes
The NCSC is now supporting four successful

Quality
as an ACE-CSR since 2018. academic Research Institutes, to develop cyber Commercial Assurance Services:
Working with partners in government, industry security capability in strategically important Cyber training and education
and academia, the NCSC identifies and supports Peter Burnap, Professor of Data Science and areas. Each one is focusing community effort in
excellence in cyber security research and Cyber Security at Cardiff University believes its respective area and encouraging interaction The work the NCSC does to set the standards
encourages industry investment. By continuing to the awards act as a magnet for research between academia and industry. for training and education for cyber professionals
work with external partners, the NCSC is helping excellence in the UK and are “a great bridge has far reaching impact, by touching the lives
to put the UK at the forefront of internationally in the process of turning research into • Research Institute in Science of Cyber Security of everyone who comes into contact with it.
leading cyber security research. technological products and services.” It works closely with accreditation and exam
• Research Institute in Verified Trustworthy institute, APMG, to assure the validity of its cyber
Cyber security for the 2020s He says: “The role of academic institutions is Software Systems training courses.
to drive innovations forward and at Cardiff,
The NCSC conducts research into new we decided to work with the local community • Research Institute in Trustworthy The NCSC works with examining bodies to certify
technologies and pioneers innovative to see what industry viewed as some of Interconnected Cyber-physical Systems cyber professionals, guaranteeing a standard
approaches to keeping the UK safe online. the cyber security challenges for them. of professional that delivers cyber services or
Research is essential to ensure the mission • Research Institute in Secure Hardware and products to organisations across the country.
continues to be successful in the long-term. “We started work with Airbus to translate Embedded Systems
Research activities span the full range of NCSC our research into products and services
interests, from new ways of protecting citizens now being used by the company, as well The Research Institute academics are
to its classified research into defending critical as their industry partners such as Rolls- increasingly providing their expertise into relevant
systems from highly motivated attackers. Royce and BT. Over 10 years we have government policy activity. Examples include the
It is important to recognise that just as current developed a strong narrative of converting UK Research and Innovation-managed ‘Digital
research will drive the NCSC’s future work, its research into practical applications. Security by Design’ challenge advisory board and
current successes are built on years of research assisting the DCMS and the NCSC with developing
and development, in-house as well as in “The NCSC needs a lot of information the Institute of Technology Code of Practice.
academia and industry. and the academic world holds a great
deal of that, so it’s an ideal link. CISSE UK
Academic Centres of Excellence in
Cyber Security Research (ACE-CSR) “The NCSC is driving the ideas that come The Colloquium for Information Systems
from the academic community into the Security Education (CISSE) is an academic-led
Academic Centres of Excellence in Cyber Security research councils for funding prioritisation, organisation, which brings together all those from
Research (ACE-CSR) are at the forefront of cyber in a process that is helping to maintain the government, industry and academia who care
security research in the UK and showcase the UK’s status as world-leader in cyber security.” about cyber security education from primary to
UK’s research capabilities on the global stage. tertiary level.
The NCSC and the Engineering and Physical
Sciences Research Council recently welcomed In the last 12 months, the NCSC has supported
De Montfort University and Northumbria University the creation of CISSE UK, the first official, chartered Cyber security awareness training sessions at the
to the ACE-CSR community, bringing the total foreign chapter of CISSE. NCSC's London headquarters
number of universities recognised to 19.

Innovation
The NCSC aims to develop the UK’s cyber security
ecosystem by transforming innovative ideas into
real world solutions. Cyber Accelerator case study: Nettoken Cyber Accelerator case study: LuJam
Cyber Accelerator Simonetta d’Ottaviano is CEO of Nettoken, Five years ago, Tim Moran set up LuJam
an identity management platform Cyber to combat a major challenge
The NCSC Cyber Accelerator supports the growth designed to encourage awareness of an in cyber security, encouraging SMEs to
of start-up cyber companies which are bringing individual’s expanding digital footprint, understand that whatever their size,
new security products to market. It aims to helping improve their personal security. The they are not immune to attacks.
support the emerging cyber security industry platform keeps track of all of a subscriber’s
within the UK, encouraging skills, jobs and growth. online accounts, making everything Last year, 31% of all SMEs suffered from
accessible from a single control panel. hostile incidents and, as Tim states, “The
The third cohort of the NCSC Cyber Accelerator worst thing is that the majority of these
has created 30 jobs, won 18 trials, proof of “The average internet user is signed up attacks were preventable. Many of these
concept and contracts and raised more than to around 150 active accounts, putting companies are relying on a firewall and
£15 million in funding. them at high risk of cybercrime,” says antivirus alone, often because other
Simonetta, who co-founded the firm with forms of protection are too expensive.”
Charlotte Slingsby and Ela Neagu while
completing her master’s in engineering. Tim recognised that SMEs require similar
“Taking part in the levels of security to larger enterprises but “We’ve been really encouraged
“We realised that most cyber security products delivered in a way that is easy for a business
programme was very are designed for businesses and we wanted owner to use and understand, without by the positive experience
to look at it from an individual’s point of view.” needing to be an IT specialist. After attracting
important to challenge investors to match a £250,000 grant won from we’ve gained with the
They designed a management platform for Innovate UK – as well as selling his house to
us and build our credibility. a user’s digital identity; a way of organising raise more capital along the way – Bristol- NCSC. We firmly believe
multiple online accounts, which also based LuJam launched a subscription service
The team was very acts as a single password manager. offering customers full protection against the that all businesses should be
latest cyber threats for all of their devices.
encouraging, and to have “Nettoken provides an overview of all encouraged to reach Cyber
the services that you may have signed “Following extensive trials, we were ready
access to their technical up for, whether it was to book a flight or to provide companies with cyber security Essentials certification, with
create a new Wifi access. It acts as a software at a competitive price. Our goal
expertise was invaluable. manager which puts them into groups, is to help Managed Service Providers continuous monitoring of
your shopping accounts in one, utilities (MSPs) take their customers on a steady
It’s been a brilliant experience and financial accounts in another.” journey to improved cyber hygiene. cyber security becoming best
for us to be mentored and She explains: “We wanted to create “Our service is powered by cloud analytics practice for all.”
a usable tool that has cyber security and network scanning that discovers IT
assisted by the NCSC.” embedded, without the user having assets, assesses risks, blocks bad connections Tim Moran, Founder and CEO,
to worry too much about it.“ and provides continuous monitoring.” LuJam Cyber
Simonetta d’Ottaviano,
Co-Founder and CEO, Nettoken The service is already proving popular LuJam spent nine months working with
and the company is aiming to soon the NCSC, an experience Tim views as
reach 5,000 paying customers. incredibly rewarding. After five years of
development, the future looks bright for
Simonetta believes Nettoken has benefited the company, which is now in trials with
greatly from being included in the NCSC several major partners and investors.
Cyber Accelerator programme.
Tim says: “Our solution is applicable
“Taking part in the programme was anywhere in the world and we are already
very important to challenge us and involved in a number of initiatives in
build our credibility. The team was very Commonwealth countries. We’ve also
encouraging, and to have access to their started to explore much larger opportunities
technical expertise was invaluable. It’s in cyber insurance, enterprise supply
been a brilliant experience for us to be chains and enterprise homeworkers.”
mentored and assisted by the NCSC.”

CyberFirst Courses
Venue Course
Beaufort School Adventurers

Cardiff Metropolitan University Adventurers, Defenders, Futures, Advanced
Energus Cumbria Defenders, Futures, Advanced
Imperial College London Defenders, Futures, Advanced
Lancaster University Adventurers
NCSC headquarters, London Adventurers
New Scotland Yard Adventurers
Queen’s University Belfast Adventurers, Defenders, Futures, Advanced
RAF Benson Defenders
RAF Lossiemouth Defenders
Tauheedul Islam Girls’ High School Adventurers
University of Bristol Advanced
University of Central Lancaster Advanced
University of Gloucestershire Adventurers Adventurers, Defenders,
University of Leicester Adventurers
University of Kent Defenders
University of Newcastle Adventurers, Defenders, Futures, Advanced
University of Southampton Futures, Advanced
University of Warwick Defenders, Futures, Advanced
University of the West of England Adventurers
University of the West of Scotland Adventurers, Defenders, Futures, Advanced
University of Wrexham Defenders
Research Institute – Host Universities
Research Institute in Science of Cyber Security – University College London

Research Institute in Verified Trustworthy Software Systems – Imperial College London
Research Institute in Trustworthy Interconnected Cyber-Physical Systems – Imperial College London
Research Institute in Secure Hardware and Embedded Systems – Queen’s University Belfast
Academic Centres of Excellence

in Cyber Security Research NCSC - Certified Degree Providers
University of Birmingham University of Birmingham

University of Bristol University College London
University of Cambridge Edinburgh Napier University
Cardiff University Imperial College London
University College London Lancaster University
De Montfort University University of London International
University of Edinburgh Academy
Imperial College London University of Oxford
University of Kent Oxford Brookes University
King’s College London Queen’s University Belfast
Lancaster University Royal Holloway, University of London
Newcastle University Sheffield Hallam University
Northumbria University University of South Wales
University of Oxford University of Southampton
Queen’s University Belfast University of Surrey
Royal Holloway, University of London University of Warwick
University of Southampton University of York
University of Surrey
University of Warwick

Celebrating 100
years of GCHQ's
cyber mission
The last century has seen 100 years and beyond. This
GCHQ placed at the heart of year saw a number of events
the nation’s security and it is take place to celebrate the
committed to continuing to milestone.
keep the UK safe for the next

The Science Museum launches The GCHQ Centenary Puzzle book II

exhibition revealing GCHQ secrets
The NCSC contributed to the development
Coinciding with the centenary and in a first for of GCHQ’s Puzzle Book II. It includes stories from
a UK intelligence agency, GCHQ has launched the organisation’s inception, all the way through
a new exhibition which will take visitors through to the opening of the NCSC and puzzle designs
the history of secret communications. 'Top based on previous cyber competitions.
Secret: from Ciphers to Cyber Security', explores
a century’s worth of intelligence that underpin The proceeds from the sales of Puzzle Book II
GCHQ’s vital role. will be donated to Heads Together, which works
to raise the profile of the importance of
Supported by funding from the National Cyber mental health.
Security Programme, free tickets are available
to book on the Science Museum’s website. From
July to September 2019, 80,000 people visited the “For the first time the public
exhibition. It runs in London until February 2020,
moving to Manchester’s Science and Industry will be given a glimpse into
Museum in October the same year.
our secret history of amazing
Royal celebrations for GCHQ
intelligence, world-leading
Her Majesty The Queen visited the original top-
secret home of GCHQ as part of the centenary innovation, and most of all
celebrations for the UK’s intelligence, security,
and cyber agency (see image top right). brilliant people. And – as the
Her Majesty The Queen unveils an historic plaque at Watergate House, the 1919 birthplace of GCHQ
During The Queen’s visit, she met with the 2018 threats to the UK become
CyberFirst Girls Competition winners from The
Piggott School. more diverse and complex –
As part of the celebrations, His Royal Highness the it’s a chance to encourage
Prince of Wales also visited GCHQ’s Cheltenham
headquarters, where he was introduced to the the next generation of recruits.
NCSC’s Technical Director Dr. Ian Levy, as well
as teachers and students from schools taking Because at GCHQ we believe
part in the Cyber Schools Hubs pilot. His Royal
Highness also met a team from Girl Guiding South that with the right mix of
West England, who showed off their new set of
Girl Guides’ Cyber Skills badges, developed in minds, anything is possible.”
conjunction with the NCSC.
Jeremy Fleming, Director, GCHQ
“It is reassuring that with the

founding of the National Cyber
Security Centre, which has
tackled over 1,500 significant
cyber attacks since opening in
2016, the cyber security of this
country is in safe hands.”
Secure telephones display at 'Top Secret' exhibition at the Science Museum
His Royal Highness The Prince of Wales © Jody Kingzett, Science Museum Group

Annual Review 2019
Can you find the secret message?

Decrypt at ncsc.gov.uk/annual-review-2019
94 National Cyber Security Centre

ncsc.gov.uk/annual-review-2019
@NCSC
National Cyber Security Centre
@cyberhq
© Crown copyright 2019. Photographs produced with permission from third parties.
NCSC information licensed for re-use under Open Government Licence
(http://www.nationalarchives.gov.uk/doc/open-government-licence).
Designed and created by Agent Marketing Ltd.

agentmarketing.co.uk

Annual Review: Making The UK The Safest Place To Live and Work Online

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Annual Review: Making The UK The Safest Place To Live and Work Online

Uploaded by

Copyright:

Available Formats

Annual Review 2019

Making the UK the safest place to live and work online

The NCSC has also produced a digital report

National Cyber Security Centre 3

Ministerial foreword Contents

12 Cyber security for individuals and families

20 Targeting the biggest risks

46 Countering the adversary

60 Securing the digital homeland

74 Cyber capability for the future

90 Celebrating 100 years of GCHQ's cyber mission

On the international stage, too, the NCSC is

4 National Cyber Security Centre National Cyber Security Centre 5

6 National Cyber Security Centre National Cyber Security Centre 7

14 Oct 20 Dec 21 Mar

03 Oct 22 Nov 29 Nov 29 Jan 12 Mar 24-25 Mar

8 National Cyber Security Centre National Cyber Security Centre 9

Year Three Highlight Statistics

Handled 658 incidents

Provided support to almost 900

Produced 154 threat assessments

Took down 177,335 phishing URLs, 62.4% of

Awarded 14,234 Cyber Essentials certificates

Enabled 2,886 small businesses across the UK

20 countries visited by the NCSC

Welcomed visiting delegations from 56 countries

Hosted 197 events, with more than 9,000 attendees

10 National Cyber Security Centre National Cyber Security Centre 11

It will take a holistic approach

12 National Cyber Security Centre National Cyber Security Centre 13

Understanding the threat Reducing the burden:

to people in their everyday lives 13 guidelines for manufacturers to embed into

14 National Cyber Security Centre National Cyber Security Centre 15

UK Cyber Survey 2019

80% say cyber security is a high

very/fairly big impact

Quietly fixing the technology Most_Hacked_Passwords

The NCSC aims to reduce risk of further

18 National Cyber Security Centre National Cyber Security Centre 19

The UK continues to be one of The NCSC’s breadth of work,

20 National Cyber Security Centre National Cyber Security Centre 21

Active Cyber Takedown Service Web Check

Defence 98% of phishing URLs

2.1% (August 2019). 177,335 phishing URLs

500 per month

1 Web Check helps make websites a less

In 2016, HMRC was

the 16th most phished

2019, as a result of ACD

services and HMRC 460+ organisations

their ranking had

Aug 18 Oct 18 Dec 18 Feb 19 Apr 19 Jun 19 Aug 19

22 National Cyber Security Centre National Cyber Security Centre 23

Case studies “The NCSC is not the only What’s next

Protective DNS is actively engaging with

24 National Cyber Security Centre National Cyber Security Centre 25

Raising cyber Mail Check monitors Working with local government

resilience 6,273 The NCSC assists local government both through

across domains classed

Digital Government Lofts

government Commissioned by the Ministry of Housing,

and the and funded by the National Cyber Security

public sector Resilience’, Cyber Pathfinder training scheme.

Exercise in a Box is an online tool which allows