NCSC Annual Review 2021 – a marker for the future of cyber defence

18th November 2021

David Carroll
MD Nominet Cyber

2021 signifies the culmination of the 5-year National Cyber Security Strategy from the National Cyber Security Centre (NCSC) and the ground it has covered is nothing short of impressive. In its final year before the new National Cyber Strategy (NCS) begins, NCSC dealt with a record number of incidents – increasing from 723 to 777 this year – and tackled a huge number of threats. The NCSC’s Active Cyber Defence measures took down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding, 80 illegitimate NHS apps hosted and available to download outside of official app stores.

The threat posed by cyber attackers goes beyond these individual incidents. If we take a step back and look at the themes, it is clearer to see why cyber has become an issue of national concern. Technically, ransomware has been named as the most significant cyber threat facing the UK. When you consider the real-world impact of the Colonial pipeline attack – oil shortages across the East Coast of the US – and the ‘major’ attack on American software firm, Kaseya, that is unsurprising.

Further to this, there is a very real economic impact of the cyber threat we’re facing today. As highlighted in the Annual Review, Hackney Borough Council estimated that it would cost £10 million to recover from the breach it suffered and the Irish Health Service Executive cited recovery costs of around £442 million. When you consider that this is the bill for just two incidents of ransomware, the cost to the UK economy of organisations falling victim to ransomware attacks is as big as it is concerning.

Finally, there is a political element to the cyber-attacks we’re defending against. The Annual Review explicitly mentions the threat emanating from Russia and warns of China’s interest in UK commercial secrets. Indeed, it notes that ‘how China evolves in the next decade will probably be the single biggest driver of the UK’s future cyber security’. We must be prepared for this not only on a national front, but in close cooperation with our international security partners.

Protective DNS

The UK has made great progress with the single authority model, and with the NCSC’s Active Cyber Defence measures in particular. At Nominet, we’re proud to deliver PDNS for the UK, on behalf of NCSC. It has protected vital public services at a critical juncture of heightened threat and exposure.

PDNS played an active role in response to one of the most significant security incidents of 2021 when software vendor SolarWinds was breached by the Russian Foreign Intelligence Service. It protected the NHS, healthcare and vaccine providers from accessing malicious domains 4.4 billion times and generated 12.2 million blocks against Covid-19 phishing specific domains. No mean feat.

Perhaps most notably for the future, PDNS can disrupt ransomware that manages to bypass first lines of defence. It does so by blocking connections to known ransomware domains. Considering ransomware is the most significant threat in the UK, this capability to stop attacks in flight will continue to deliver value for the foreseeable future.

Looking further afield

The UK has done a tremendous job in the past 5 years protecting the economy against cyber-attack, but significant challenges remain.

In a year when our health services were facing unprecedented strain, cyber criminals pursued it. In doing so, they presented a clear threat-to-life for the UK public. 20 percent of the 777 incidents that the NCSC dealt with were linked to healthcare, including a specific attack on the University of Oxford which could have caused significant disruption to the UK’s pandemic response.

Several initiatives were launched throughout the course of the pandemic to protect those within Health and Social Care. Indeed, more than 1,000 additional organisations – amounting to an estimated 3 million more employees – were protected by PDNS.

Nominet worked in close collaboration with the NCSC to defend against cyber-attacks on our health services during the pandemic. This experience highlights the need for a dynamic security posture, specifically the ability to ramp up defences when other critical services are put under pressure.

Cyber defence transcends national borders. The NCSC Annual Review mentions global leadership and international engagement for real-world impact. This will be essential as we learn more about who our cyber adversaries are and the nature of their attacks. Critically, we will need collaborative efforts like PDNS which involve governments, the cyber security industry, employees and citizens.

The 2021 Annual Review from NCSC is not only an overview of the tremendous work done in the past 5 years, but a marker of the proactive and collaborative action ahead. We fully support the ‘whole of society’ approach taken in the National Cyber Strategy and look forward to the role Protective DNS plays within it for years to come.