For long as there have been channels for the movement of value and information, there have been those that have sought to disrupt and control them. From Spartan military ciphers to the enigma machine to current day cryptographic practices, the fight over privacy and security wages on. Rooted in this conflict, Cyber security has inch by inch and byte by byte, gained more prominence in the media. On the 1st of November and only one year after its announcement by the Chancellor of the Exchequer, the National Cyber Security Centre published the 2016-2021 National Cyber Security Strategy, a step change in any given nation’s focus on Cyber. Put forward to highlight and redress growing security concerns in the wake of ever increasing dependence on digital communication, the strategy encapsulated a national response in three terms; Defend, Deter, Develop.
The NCSC has seen much activity in the field of cyber defence since the release of its inaugural publication. Not more than 5 days after its release, Tesco’s bank saw 40,000 bank accounts compromised by an unprecedented attack with money being lifted from more than 20,000 accounts. A joint response by the NCSC with partners at the NCA, the FCA and the ICO saw an immediate investigation, allaying fears across the wider banking sector. As hacker activity becomes increasingly specialised, knowledge as to the vulnerabilities acute to each individual industry is shared across hacker networks. This is reflected in the target nature of some attacks. The Petya Ransomware attack which zeroed in on systemic vulnerabilities within Ukranian state infrastructure, and which alarmingly disabled radiation monitoring systems in Chernobyl in June this year, highlights the risk to national security of cyber-attacks. Protection of our Critical National Infrastructure (CNI) is a key element of the NCSC’s National strategy paper, recognising that the tapestry of organisations providing infrastructure are the jewels in the nation’s economic crown. With ever more sophistication also comes a range of ‘entry-level’ hacking tools, which can be indiscriminately used to launch blanket attacks on a broad range of industries. On May 12th 2017, the UK suffered, as did the rest of the globe, from the debilitating WannaCry ransomware attack which notably shut down services across over 50 NHS trusts. Endangering patients and reducing staff to paper based processes, the WannaCry attack prompted a detailed post-mortem of NHS-wide cyber security underscoring the importance of technology in health care provision and moreover, the pivotal role of patching.
Governments themselves are by no means immune to such attacks, with national security agencies even being compromised. In April this year, Shadow Brokers, the aptly named hacker group leaked a gigabyte of the National Security Agency’s software exploits including Eternal Blue a Windows exploit employed by the infamous Petya and WannaCry ransomware viruses. It is not only a nation’s ability to protect itself which has come under attack of late, the integrity of government itself has been thrown into question with accusations of hacks ongoing from the American presidential election to the 9GB trove of emails leaked from Emanuel Macron’s party, just two days before election day.