Annual Review Details Chinese, Russian Attacks
The National Cyber Security Centre (NCSC) – the public-facing part of Britain’s signals-intelligence agency, GCHQ [General Communications Headquarters], has pointed to ransomware and supply-chain vulnerabilities as representing two of the biggest threats it is seeing to national interests. In its Annual Review, published today, the agency again identifies Chinese and Russian state-sponsored actors as being behind some of the most serious incidents it has responded to.
“In addition to the direct cyber security threats posed by the Russian state, it became clear that many of the organised crime gangs launching ransomware attacks against western targets were based in Russia,” the review says. China, meanwhile, continued to demonstrate “a proven interest in the UK’s commercial secrets.” The review’s authors say that “how China evolves in the next decade will probably be the single biggest driver of the UK’s future cyber security.”
The two state-sponsored incidents the review concentrates on are the compromise of the American software company SolarWinds, which has been attributed to Russian-backed actors, and exploitation of vulnerabilities in Microsoft Exchange servers, which were “highly likely to have been initiated and exploited by a Chinese state-backed threat actor“. The review goes on to state this attack “was highly likely to enable large-scale espionage” and, as a result, the NCSC issued tailored advice to more than 70 organisations. “The attack on Microsoft Exchange servers was another serious example of a malicious act by Chinese state-backed actors in cyberspace,” NCSC Director of Operations, Paul Chichister, explained. “This kind of behaviour is completely unacceptable and, alongside our partners, we will not hesitate to call it out when we see it.”
In the 2020/21 timeframe covered by the review, the agency responded to 777 cyber incidents, an increase on the previous year’s 723 and a record high since the organisation was formed in 2016. This is partially a result of increasing work the agency has undertaken to proactively identify threats, and may also reflect generally increasing awareness of cyber security, the work the NCSC has done (including a TV advertising campaign) that has raised the profile of its threat-reporting channels, and the increasing ability individuals may have to recognise attempted intrusions such as fake ‘phishing’ emails designed to steal passwords and other personal data. Taken together, it is likely these factors mean more incidents are being reported to the NCSC.
A short section in the review outlines some of the work the NCSC has done with the MoD and its industrial suppliers. “The NCSC supported the development of the Digital Strategy for Defence [published May 27th], which set out plans for how the Armed Forces will use data to underpin technology; worked with the MOD on embedding secure-by-design principles, and helped create a modern assurance and accreditation model,” it says. Other activities in the defence sector include establishing a team “to maintain the highest levels of cyber security for the Continuous-At-Sea-Deterrent, including ongoing support to the DREADNOUGHT programme,” which will replace the UK’s current VANGUARD-class submarines. The review also says the NCSC supported Carrier Strike Group 21 on its first deployment, via joint workshops with the Royal Navy and “providing cyber threat intelligence and technical capabilities.”
The NCSC also worked with the UK’s Civil Aviation Authority and the World Economic Forum to develop international standards for cyber resilience in aviation. Other international outreach included the NCSC chairing a working group with equivalent agencies from the other ‘Five Eyes’ nations, which produced a first joint paper on common vulnerabilities in July.
The full review can be downloaded from https://www.ncsc.gov.uk/collection/ncsc-annual-review-2021