NCSC marks 20th anniversary of first response to state-sponsored cyber attack
Above:
The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simone Flamigni / copyright Shutterstock
In June 2003, GCHQ experts were involved in responding to a cyber attack against the UK Government for the first time. Unlike today, in 2003 there was no government agency set up to deal with cyber attacks, nor was there a dedicated national incident management function. This all changed in 2016 with the establishment of the National Cyber Security Centre (NCSC), a part of GCHQ.
The NCSC can reveal that in June 2003 cyber experts were called upon to investigate after a government employee detected suspicious activity on one of their workstations.
A suspected phishing email had been identified, so technical specialists sought help from the Communications-Electronics Security Group (CESG) – the information assurance arm of GCHQ at that time.
CESG’s analysis discovered that malware, designed to steal sensitive data and evade anti-virus products, had been installed, raising suspicions about the attacker’s intent and setting in motion a series of actions that was transformative to cyber incident investigations.
For the first time, GCHQ fused its signals intelligence capabilities with its cyber security function to investigate and identify the actor responsible.
The ground-breaking analysis, coupled with international engagement, led CESG to conclude the intent of the attack had been cyber espionage by a nation state, setting in train a mission that today is at the heart of NCSC operations; namely, understanding and responding to cyber threats to the UK.
Paul Chichester, Director of Operations at the National Cyber Security Centre, said: “Twenty years ago, we were just crossing the threshold of the cyber attack arena, and this incident marked the first time that GCHQ was involved in a response to an incident affecting the UK Government.
“It was also the first time that the UK and Europe started to understand the potential online risks we faced and our response transformed how we investigate and defend against such attacks.
“The NCSC and our allies have come such a long way since this incident, and it is reassuring to be at the forefront of efforts to develop tools and techniques to defend against cyber threats and keep our respective nations safe online.”
The National Cyber Security Centre, a part of GCHQ, was set up in October 2016 to help keep the UK safe online. It combined existing expertise from CESG, the Centre for Cyber Assessment, CERT-UK and the Centre for Protection of National Infrastructure (now the National Protective Security Authority).
The NCSC responds to cyber security incidents to help reduce the harm they cause to organisations and the wider UK, as well as working with other law enforcement, defence, the UK’s intelligence and security agencies and international partners.
