monsitj - Fotolia

US considers UK-style cyber defence model

The US is considering adopting a similar cyber defence model to the UK’s in recognition of the growing threat to all levels of society

A report by the US Department of Homeland Security (DHS) indicates US national cyber defence strategy is moving to one similar to that used in the UK.

The move is outlined in a newly-unveiled strategy to address the evolving threats to US cyber and critical infrastructure security.

The government “must think beyond the defence of specific assets and confront systemic risks that affect everyone from tech giants to homeowners,” DHS chief Kirstjen Nielsen said in a statement.

This approach is aligned with the Active Cyber Defence (ACD) programme being developed by the UK’s National Cyber Security Centre (NCSC).

The NCSC has rolled out four measures under the ACD programme, with more planned in the coming months aimed at providing systemic protection to make it more difficult and costly for cyber criminals to carry out attacks.

Although the measures provide protection for government departments, the NCSC is working with partners to find ways of scaling them up to cover both the public and private sector.

The NCSC’s protected domain name server (DNS) service uses GCHQ and commercial partners’ data about known malicious addresses to provide automatic protection for public servants by blocking access to known bad sites.

Read more about cyber crime

The NCSC is driving the adoption of the Dmarc (domain-based message authentication, reporting and conformance) protocol to block malicious emails pretending to be from government departments and in  parallel, the NCSC’s MailCheck service processes the Dmarc reports centrally to generate data that further enhances the NCSC’s knowledge of the threat picture.

The NCSC has built a free service known as WebCheck to scan the websites of public bodies and generate a report on what needs fixing, and how to fix it.

Since June 2016, the NCSC has been working with Netcraft, a private sector company, on a phishing and malware countermeasures service to protect the whole of the UK, including government brands.

The US move to a UK-style systemic approach to cyber defence has been prompted by the recognition that cyber adversaries threaten every level of society.

The US faces threats from a growing set of sophisticated malicious actors who seek to exploit cyberspace, with a range of motivations, including espionage, political and ideological interests, and financial gain, according to a 35-page DHS report reviewed by Reuters before its public release.

The report notes that while nation states continue to present a considerable cyber threat, non-state actors are emerging with capabilities that match those of sophisticated nation-states.

This is being enabled by the emergence of cyber crime services that enable would-be cyber criminals with little or no technical skill to carry our cyber attacks using sophisticated tools developed by highly organised and well-funded organised crime groups.

Risks posed by internet of things

The report also highlights the “substantial” cyber security risk posed by the rapidly growing number of internet of things (IoT) devices being connected to the internet.

The DHS “must better align our existing law enforcement efforts and resources to address new and emerging challenges in cyber space, to include the growing use of end-to-end encryption, anonymous networks, online marketplaces, and cryptocurrencies,” the report said.

According to the DHS, more than half of US states have signed up for the agency’s cyber scanning service, which like the NCSC’s WebCheck service , is designed to detect potential weaknesses that could be targeted by hackers.

The new DHS cyber security strategy is aimed at identifying and managing risks to national cyber security, reducing the cyber vulnerabilities of federal agencies, enabling effective and coordinated cyber incident response, and strengthening the security and reliability of the cyber ecosystem.

A recently released report by the UK’s National Crime Agency (NCA) warned that the use of technologies such as the dark web, encryption, virtual private networks (VPN) and virtual currencies will support fast, “secure” and anonymous operating environments, facilitating all levels of criminality.

The NCS report was published just over a month after a report issued in collaboration with the NCSC said cyber threat to UK business was “bigger than ever” and the best way to defend against it was collaboration between government, law enforcement and business.

According to the latest NCA report, the increasingly ubiquitous “by default” nature of these enabling technologies will continue to lower the barriers to entry for some types of cyber-enabled crime, while the rapid and often unpredictable nature of technological change and its subsequent application is adding further layers of complication and uncertainty for developers, users and law enforcement agencies. 

Read more on Hackers and cybercrime prevention