In the rapidly shifting landscape of cybersecurity, where threats grow increasingly sophisticated by the day, the UK’s National Cyber Security Centre (NCSC) is taking proactive measures to ensure its defenses remain state-of-the-art. Recently, I had the opportunity to speak with Emily Thompson, a cybersecurity analyst who has been closely monitoring the development of the next-generation Active Cyber Defence (ACD) program, known as ACD 2.0, currently in its planning stages at the NCSC.
Emily’s insights shed light on how the NCSC’s approach to cybersecurity extends beyond mere reaction to threats; it emphasizes anticipating and mitigating them through innovative and strategic initiatives. The NCSC’s ongoing efforts illustrate a forward-thinking stance in the realm of cybersecurity.
The initial ACD program, launched in 2016, was a groundbreaking endeavor designed to protect the majority of the UK’s population from most cyber attacks most of the time. This program primarily targeted high-volume, low-sophistication attacks using readily available tools. However, with ACD 2.0, the NCSC intends to advance these efforts even further. Emily highlighted that while specific details of ACD 2.0 are still confidential, the NCSC has established two guiding principles for its new suite of services: addressing genuine market gaps by introducing capabilities that are not already available, and ensuring that any new service will be transitioned to another part of the government or an industry partner within three years. This approach allows the NCSC to continuously innovate rather than becoming a national managed service provider.
One of the most compelling aspects of ACD 2.0 is its focus on identifying and filling market gaps. Emily pointed out that the cybersecurity market has matured significantly since 2016, with many robust private sector solutions now widely available. The NCSC aims to avoid redundancy by pinpointing areas where existing offerings fall short. To achieve this, the NCSC is actively seeking collaboration from various sectors, including government, industry, and academia. By inviting these partners to provide input on what is needed, the NCSC ensures that the new services will be both relevant and impactful.
One area already under exploration within ACD 2.0 is attack surface management. The NCSC is conducting six-month projects to assess what is currently available in the market and to develop potential national-level solutions. Emily elaborated that the hypothesis is that helping organizations understand and reduce their attack surface is one of the most efficient ways to enhance external resilience. This collaborative approach ensures that the new services meet real-world needs and provide tangible benefits.
Moreover, the NCSC is not merely theorizing but actively experimenting with new solutions in collaboration with industry partners. This dynamic process involves tackling various aspects of these services, from communication to delivery, and remains open to ideas from the wider industry. One such experiment involves the Early Warning service, which alerts organizations to potential threats. Emily noted that this service has proven exceptionally successful, issuing alerts for approximately 323,000 unique IP addresses with vulnerabilities and 10,200 unique IP addresses about malware infections last year. The NCSC aims to build on this success with ACD 2.0, further enhancing its capabilities.
Reflecting on the NCSC’s history, Emily emphasized that its strategy of developing and then divesting services is not a new approach. Services like Logging Made Easy and Protective DNS (PDNS) are already managed by external partners, such as CISA and Cloudflare. This methodology allows the NCSC to focus on identifying and addressing new challenges, rather than managing long-term services. Importantly, this strategy is not driven by financial constraints but by a desire to add value to the market and ensure continuous innovation. The NCSC seeks to be the catalyst for new solutions rather than the entity that oversees them indefinitely.
As our discussion concluded, Emily expressed her enthusiasm for the future of ACD 2.0. She highlighted the NCSC’s commitment to collaboration, innovation, and addressing real market needs as particularly inspiring. By continuously evolving their approach, the NCSC is not only keeping pace with cyber threats but also staying ahead of them.
In a world where cyber threats are a constant and ever-present danger, the NCSC’s proactive and forward-thinking approach provides hope for the future. As they continue to develop ACD 2.0, the UK’s digital defenses are set to become stronger, more resilient, and more adaptive to the challenges that lie ahead.