Combatting online threats exploiting the COVID-19 pandemic, building resilience into National Health Service's IT systems and protecting the setting up of a virtual parliament are just some of the projects the National Cyber Security Centre has been involved in, according to its latest annual review.
Much of the recent activity of NCSC — established in 2016 and a part of GCHQ — has been directly or indirectly concerned with the pandemic. This includes building NHS resilience, protecting vaccine and medicine research, supporting remote working, securing the NHS COVID-19 app and large-scale data, and helping essential service providers.
Throughout a year of change, where the NCSC welcomed new CEO, Lindy Cameron to replace the departing Ciaran Martin, the division deployed analysts to analyse NHS threat data and supported the health sector through cybersecurity incidents. As a result, more than one million NHS IP addresses were supported, over 160 high-risk and critical vulnerabilities were identified and shared and threat hunting was performed on 1.4 million endpoints.
In addition, the NCSC worked to protect vaccine and medicine research by supporting the government's Vaccine Taskforce, which controls decision-making on research funding and purchasing through to manufacturing and distribution. In July, the NCSC revealed that Russian cyber actors were targeting organisations involved in the development of coronavirus vaccines.
With the ability to share Indicators of Compromise (pieces of data which identify potentially malicious activity on a system or network) in a matter of seconds, the NCSC exponentially increased the number of tips to the NHS, with 51,910 shared by the end of August.
Cyber Threats to Remote Working
The Centre also helped businesses and individuals as they moved to remote working by providing advice on working securely from home, and providing guidance on how to spot and deal with suspicious emails, calls and texts. It helped the Government Security Group and the Government Digital Service to provide advice for civil servants on accessing official IT when working remotely.
The NCSC says it has disrupted thousands of attempts to trick people, from fake lures of personal protective equipment (PPE), testing kits and cures, to sham key worker badges.