At a glance.
- UK’s NCF has launched offensive hacking exercises.
- Australian senior official predicts a cyber dystopia.
- NIST on the importance of transparency.
UK’s NCF has launched offensive hacking exercises.
A new report from UK spy agency Government Communications Headquarters (GCHQ) has confirmed that the National Cyber Force (NCF) has been conducting government-supported offensive hacking operations targeting other countries. As TechMonitor explains, the report is a rare glimpse into the inner-workings of this covert organization. Although home secretary Suella Braverman suggested in a recent speech the UK would engage in offensive cyber operations, this report is the first confirmation of this activity. The NCF, a collaborative effort out of GCHQ and the Ministry of Defence, was established in 2020 and, the report states, has been deployed to support military efforts, “disrupt terrorist groups,” combat state disinformation campaigns, and “reduce the threat of external interference in democratic elections.” Because of the covert nature of NCF’s activities, the operations’ target countries have not been disclosed, though Russia and Iran are mentioned in the report as countries that “routinely carry out cyber operations of different kinds in order to spread disinformation.”
Australian senior official predicts a cyber dystopia.
At the Sydney Dialogue Conference today, Australia’s Minister for Home Affairs and Cybersecurity Clare O’Neil announced that the federal government will be launching a series of national cyber exercises focused on critical infrastructure. During her speech, she warned that Australia is headed toward a “dystopian future” in which cyberattacks will be commonplace. Referencing the recent surge in attacks on high-profile Australian organizations like Medibank, Optus, and Latitude, she said the country faces “a scale and intensity in the threat landscape that far outstrips the recent cases we have seen.” As the Guardian explains, the purpose of these government-led exercises is to help the country better prepare for future cyberattacks and gain insight into the ways different types of incidents might impact critical infrastructure. “Let me be clear,” O’Neil said, “I’m not saying the following dystopian future will happen, but if there is one thing I’ve learned in the cybersecurity portfolio is that you need to plan for the most consequential scenario and work to stop it.”
NIST on the importance of transparency.
In a new blog post, the US’s National Institute of Standards and Technology (NIST) offers its take on what true cybersecurity transparency in the digital era means, and how it can positively impact the cyber landscape. As connected devices become more and more commonplace, the security of these products is key. Although developers are increasingly incorporating security into design, there’s still a lack of transparency when it comes to communicating these security processes, functions, and features to customers and other stakeholders. “Effective communication is the next step towards a more secure connected ecosystem,” the post reads. NIST is working on creating a Cybersecurity Transparency Framework for Connected Products, with the aim of providing a more structured approach to ensuring device developers are effectively communicating with customers about cybersecurity and sharing information across the supply chain.