0% found this document useful (0 votes)

69 views76 pages

NCSC Annual Review 2024

Uploaded by

hdrye hans

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

69 views76 pages

NCSC Annual Review 2024

Uploaded by

hdrye hans

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 76

Annual

Review
2024

1 # NCSC Mission
2 # iteration 1|
3

4 ncsc = national_technical_
5 authority(“UK”,”cyber”,”2016”)
6 yr = 2024
7 while UK_cyber.threat › 0:
8 UK_cyber.resilience += ncsc.
9 improve_cyber_resilience()
10 UK_cyber.harm -= ncsc.reduce_
11 cyber_harm()
12 UK_cyber.threat = ncsc.evaluate_
13 threat(yr)
14

15 print(annual_review(yr))
16

17 yr +=1
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> (NCSC Annual Review 2024) page_number = 01 Overview

>>>
>>>>>contents = {
1

>>>>> 3

# Overview:
>>>>>>>>
5

6
Ministerial foreword = 02
>>>>>>>>

7

8 Director GCHQ foreword = 04

>>>>>>>>>>
9

10
NCSC CEO foreword = 06
Timeline = 08
>>>>>>>>>>
11

12
The NCSC at a glance = 12
>>>>>>>>>>>>>
13

14 The NCSC, working with... = 14
>>>>>>>>>>>>>>
15

# Chapter 01:
>>>>>>>>>>>>>>>
17

18
Countering the cyber threat = 16
>>>>>>>>>>>>>>>>

19

20 Staying in the race: keeping up with

>>>>>>>>>>>>>>>>>>
21

22
increasingly complex cyber attacks = 24
>>>>>>>>>>>>>>>>>>>
23

# Chapter 02:
24

>>>>>>>>>>>>>>>>>>>>
25

26 Building the UK’s cyber resilience = 28
>>>>>>>>>>>>>>>>>>>>>
27

28
Realising a more secure and
prosperous cyber future = 42
>>>>>>>>>>>>>>>>>>>>
29

>>>>>>>>>>>>>>>>>>>
31

# Chapter 03:
32

>>>>>>>>>>>>>>>>>>
33

34
Developing the UK’s cyber ecosystem = 46
Market incentives and the future
>>>>>>>>>>>>>>>>
35

36
of technology security = 54
>>>>>>>>>>>>>>>
37

>>>>>>>>>>>>>>
# Chapter 04:
39

>>>>>>>>>>>>
41 Keeping pace with evolving
technology = 58
42

>>>>>>>>>>>
43

Post-quantum cryptography = 69
44

>>>>>>>>>>
} 45

>>>>>>>>>
47

>>>>>>>>
(NCSC Annual Review 2024) page_number = 01 Overview

Ministerial foreword:
1

Cyber now underpins every aspect of everyday

9
life. It is central to our economy and society,
10
offering huge potential for the Government’s
11
# Define the number one mission for growth and prosperity. But
message
12 message = alongside its huge benefits there are also risks and
13
“Start here” vulnerabilities, making it more important than ever
14 that we secure our online world.
15

17
The Government has taken a number
18
of steps to strengthen our national
19
security in the cyber realm, but we can’t
20
do it alone. We need businesses and
21 The UK has a world-class
other organisations to boost their own
22 reputation in cyber, and we
cybersecurity where they can. While
23 are determined to stay one
we have made significant progress,
24 step ahead - remaining alive
this report shows that the cyber threat
25 to the threats for the UK while
is dynamic and grows more complex
26 embracing the benefits of the
each year.
27 digital future.
28 As this report shows, while AI presents
The Rt Hon Pat
29 huge opportunities, it is also transforming
McFadden MP
30 the cyber threat. Cyber criminals
Chancellor of the
31 are adapting their business models
Duchy of Lancaster
32 to embrace this rapidly developing
and Minister for
33 technology - using AI to increase the
Intergovernmental
34 volume and impact of cyber attacks
Relations
35 against citizens and businesses, at a
36 huge cost. Meanwhile the proliferation
37 of advanced cyber intrusion tools
38 is lowering the barrier for entry to
39 criminals and states alike.
40

48
(NCSC Annual Review 2024) page_number = 02 Overview

7
We need to combat these threats and We know we cannot keep pace with the
8
increase our overall resilience. One threat or seize opportunities without a
9
key way of doing this is by driving up skilled and professionalised workforce that
10
the adoption of our “Cyber Essentials” represents the breadth of talent across the
11
scheme; stats show those businesses UK. The NCSC has significantly contributed
12
who implement Cyber Essentials are 92% to increasing diversity, especially through
13
less likely to make a claim on their cyber the CyberFirst Girls Competition. But there is
14
insurance. We are also working closely much more to do - including by increasing
15
with businesses and industry through interest in the computing curriculum and
16
the National Cyber Security Centre plugging the cyber skills gap.
17
and the National Protective Security
18 As ever with cyber, new challenges will arise
Authority to offer practical ways that
19 as the threat continues to evolve. The UK
organisations can strengthen their own
20 has a world-class reputation in cyber,
security and help defend the nation from
21 and we are determined to stay one step
cyber attacks.
22 ahead - remaining alive to the threats for
23 Developing international partnerships the UK while embracing the benefits of the
24 is a priority and the Government is digital future.
25 strengthening relationships with countries
26 around the world. You’ll see in this report
27 how NCSC and UK law enforcement are The Rt Hon Pat McFadden MP
28 working with partners internationally Chancellor of the Duchy of Lancaster and
29 to counter the threat from cybercrime. Minister for Intergovernmental Relations
30 We are also disrupting malicious cyber
31 actors emanating from hostile states. In
32 October, we sanctioned 16 members of
33 the prolific Russian cyber-crime gang Evil
34 Corp, delivered in coordination with the US
35 and Australia.
36

48
(NCSC Annual Review 2024) page_number = 03 Overview

Director GCHQ foreword:

As Director GCHQ, I have the privilege of leading

9
an organisation that is integral to our nation’s
10
security. In this review, you will read many
11
# Define the examples of the real-world impact our work
message
12 message = has had over the past 12 months.
“Start here”
13

17
The world is growing more complex, more
18
unstable and more unpredictable. We
19
have seen persistent aggression from
20
Russia as it continues to wage its unjust
21 The ransomware attack on
war against Ukraine. Ongoing tensions in
22 Synnovis, and the impact
the Middle East are a stark reminder of the
23 this had on thousands of
volatility across the globe, and the ever-
24 procedures and appointments
present risk for miscalculation. And while
25 across six NHS trusts, illustrates
much of this conflict is playing out on the
26 why – in our increasingly
frontlines, there’s been an increase in cyber
27 interconnected world – we must
operations against Ukraine and its allies in
28 remain ahead of the threat.”
support of Russia’s military campaign and
29
Anne Keast‑Butler its wider geopolitical objectives.
30
Director GCHQ
31 Meanwhile the pace and scale of
32 technological change shows no sign
33 of slowing down. In everything from AI
34 to quantum computing, there are both
35 opportunities and challenges. New
36 technologies transform and improve our
37 lives, but they can also be used by malicious
38 actors to carry out more effective cyber
39 attacks. We must prepare for a future where
40 these capabilities are an integral part of life
41 and also become part of how we continue
42 to keep the country safe.
43

48
(NCSC Annual Review 2024) page_number = 04 Overview

7
Against this backdrop, this year’s report GCHQ’s wider skills and intelligence informs
8
describes numerous examples of how our NCSC-led cyber security mission, and
9
the NCSC’s work has helped to keep vice versa. The mission ‘making the UK the
10
the country safe. The ransomware safest place to live and work online’ applies
11
attack on Synnovis, and the impact this not only to the NCSC, but to the whole
12
had on thousands of procedures and organisation. There is huge power and
13
appointments across six NHS trusts, potential in greater partnership, and I ask
14
illustrates why – in our increasingly you to join us on the journey, in making this
15
interconnected world – we must remain mission a reality day to day.
16
ahead of the threat.
17

18 The general election this summer was

Anne Keast‑Butler
19 another significant moment for the
Director GCHQ
20 UK’s cyber resilience. The security of the
21 election was front and centre, and I’m
22 proud of the NCSC’s contribution to the
23 government’s Election Cell, which brought
24 together experts from the security and
25 intelligence agencies to ensure the
26 integrity of both the campaign and the
27 election results.
28
I’ve experienced first-hand the
29
importance and impact of international
30
collaboration, working with allies to keep
31
us safe across cyberspace and in the
32
real world. And at CYBERUK earlier this
33
year in Birmingham, I saw the UK cyber
34
community come together in a thought-
35
provoking and energising conference.
36
We will be heading to Manchester for
37
CYBERUK 2025, and I’m looking forward
38
to welcoming the brightest minds from
39
across government, industry, academia
40
and the intelligence community.
41

48
(NCSC Annual Review 2024) page_number = 05 Overview

NCSC CEO foreword:

It is with huge pride that I present the National

9
Cyber Security Centre’s eighth Annual Review,
10
and the first in my role as CEO.
# Define the
11
message
12 message =
“Start here”
13

17
In the few short months since I joined the
18
organisation, I have been astounded by
19
the breadth and depth of expertise and
20
creativity within the NCSC. I am similarly
21 We face enduring threats
struck by the magnitude of the challenge
22 from hostile states and cyber
ahead, as we strive to ‘make the UK the
23 criminals looking to exploit our
safest place to live and work online’. That
24 dependency on the technology
was the NCSC’s founding mission eight
25 that now underpins all aspects
years ago, and it remains the same today.
26 of modern life.”
But we should be under no illusion that the
27
Richard Horne challenge is getting harder.
28
CEO NCSC
29 We now find ourselves in a contest for
30 cyberspace.
31
We are all using digital technology to our
32
benefit: to drive growth, drive innovation,
33
drive productivity, drive better public
34
services, drive prosperity. However, we
35
face enduring threats from hostile states
36
and cyber criminals looking to exploit
37
our dependency on the technology that
38
now underpins all aspects of modern life.
39
From ransomware attacks to AI-enabled
40
intrusion, malicious actors are looking to
41
maximise their disruptive and destructive
42
efforts in an increasingly connected world.
43

48
(NCSC Annual Review 2024) page_number = 06 Overview

7
In recent years, the NCSC has produced Since its inception, the NCSC has
8
world-leading cyber security guidance maintained that the UK’s collective cyber
9
and frameworks, such as our Guidelines resilience depends upon everyone –
10
for secure AI system development. Cyber from individuals and families to SMEs
11
Essentials and the Cyber Assessment and large enterprises – playing their part.
12
Framework (CAF). The reality is, not This starts by acknowledging the scale of
13
enough organisations are implementing the challenges we face and identifying
14
our guidance, nor applying these the urgent interventions that we need to
15
frameworks. implement now. Only then we can stay
16
ahead of the cyber criminals and hostile
17 We have a responsibility to ensure that
states that seek to do us harm.
18 the whole of the UK rises to the challenge.
19 We will encourage businesses across I’m aware that the important work of the
20 the UK to use the NCSC’s frameworks NCSC can only happen with the support
21 and guidance to drive up our national from our friends across government,
22 defences at scale. We will also help industry, academia, and international
23 organisations of all sizes to be better partners for which we are so grateful.
24 prepared so they can quickly recover I look forward to meeting more of you
25 when cyber attacks do get through. in the coming months and in Manchester
26 for CYBERUK 2025.
We will work with our partners across
27
government to explore how we can
28
influence the technology market to adopt
29 Richard Horne
more secure behaviours, which may
30 CEO NCSC
include new legislation (such as the Cyber
31
Security and Resilience Bill) and regulation
32
to drive through the step change we
33
believe is required to keep the UK safe.
34

35 Everyone has a role to play when it comes

36 to improving cyber security. Whether
37 you are working for the UK’s critical
38 infrastructure ensuring that the lights stay
39 on, or a parent unboxing and setting up
40 your child’s tablet, we can all contribute
41 to our national online resilience.
42

48
(NCSC Annual Review 2024) page_number = 07 Overview

Timeline:
1

2023
7

1 September 26 October
9

10
NCSC announces new CTO NCSC PDNS for schools launched The first phase
11
announces Ollie Whitehouse as new rollout of a protective DNS (PDNS) service
12
Chief Technology Officer for schools
13

14 11 September 27 October
15 Evolution of Cyber Crime Publication of a Logging Made Easy (LME) with CISA LME
16 white paper by the NCSC and NCA examining relaunched by the Cybersecurity and
17
the rise of ‘ransomware as a service’ and Infrastructure Security Agency (CISA)
extortion attacks
28 October
18

19
12 September British Library cyber attack: Major ransomware
20

NCSC and ICO sign Memorandum of attack compromises most of its online systems
21
Understanding Memorandum sets out how
22 both organisations will cooperate in the future 1-2 November
23
AI Safety Summit, Bletchley Park: NCSC support

24 28 September first ever global AI safety summit
25
UK and US host international dialogue
26 NCSC CEO and CISA Director lead talks with 9 November
international partners to boost the cyber
27
resilience of global democracies Black Friday Cyber Aware campaign launched:

28 Aimed at helping shoppers protect themselves
online in the run up to the festive period
29 11 October
23 November
30
Principles for ransomware-resistant cloud
31 backups NCSC publish best practice to
ensure cloud backups are more resistant DPRK advisory: UK and Republic of Korea issue

32
to ransomware warning about DPRK state-linked cyber actors
33
attacking software supply chains
12 October
34

35 27 November
Supply chain guidance published A new
36
collection of resources for understanding the Guidelines for secure AI system development:

37
impact of supply chain cyber security risks NCSC publishes first global guidelines to ensure
38
the secure development of AI technology
39 18 October
30 November
40 NCSC at Singapore Cyber Week NCSC CEO
41 delivers speech on ‘Reshaping cyber security Unitronics statement: NCSC publish mitigation
in the era of generative AI’ advice following exploitation of Unitronics
42
programmable logic controllers
23 October
43

45
Cisco advisory published Organisations
are encouraged to take action to mitigate
46
vulnerabilities affecting Cisco IOS XE
47

48
(NCSC Annual Review 2024) page_number = 08 Overview

2024
7

5 December 11 January
9

10
Launch of Cyber Incident Exercising scheme:
Ivanti advisory: Advising organisations to take
11
Providing organisations with access to NCSC immediate action to mitigate vulnerabilities
12
assured CIE service providers able to create affecting Ivanti Connect Secure
13 bespoke, structured cyber incident exercises
14 24 January
15
7 December Cyber Threat Assessment: How AI will impact

16 Star Blizzard advisory: Joint advisory to raise
the efficacy of cyber operations and the
17
awareness of the spear-phishing techniques implications for the cyber threat over the
Russian FSB cyber actor Star Blizzard are using next two years
18
to target individuals and organisations
19
6 February
20 7 December Pall Mall Process: UK and France host

21
Defending Democracy guidance: A collection
conference on proliferation and irresponsible
22 of guidance published to help counter the use of commercial cyber intrusion capabilities
23 cyber threat and sign the Pall Mall Process declaration.
24

25
15 December 7 February
26 Culture sector summit: NCSC and DCMS Living
off the land advisory: A joint advisory
met with representatives from the UK cultural and guidance warning CNI operators about
27
sector to discuss what can be done to protect the threat from cyber attackers using
28
institutions’ digital collections sophisticated techniques to camouflage
29 their activity on a victims’ network
30

31
20 February
32 LockBit statement: NCSC statement on

33
law enforcement’s disruption of LockBit
ransomware operation
34

35
26 February
36
Five Eyes joint SVR advisory: Revealing
37
evolving tactics used by Russian state-linked
38 cyber actors as more organisations move
39 to cloud-based infrastructure
40

41
1 March
42
Vulnerability Researchers event: NCSC
Challenge Coins presented to researchers who
43
have contributed to vulnerability disclosure
44 programmes across government
45

48
(NCSC Annual Review 2024) page_number = 09 Overview

2024 continued
7

4 March 2 May
9

10
CyberFirst Girls Competition awards ceremony: UK local and mayoral elections: NCSC worked
11
Winning teams from across the UK recognised with partners to ensure elections were resilient
12
for their success at an awards ceremony hosted
13 at the University of Oxford’s Robotics Institute
14 6 May
15
25 March Director for National Resilience and Future
16 APT31 advisory: UK calls out China state- Technology attends RSA Conference:
17
affiliated actors for malicious cyber Roundtable with CISA to discuss joint ‘global
targeting of UK democratic institutions guidelines for AI security’
18
and parliamentarians
19

20 17 April 3-15 May

21
PDNS partner announced: A three year contract CYBERUK 2024: The UK government’s flagship
22 was awarded to Cloudflare Inc. cyber security event convened over 2,000 cyber
23 security leaders, professionals and international
24 18 April delegations in Birmingham
25 NCSC podcast live: NCSC Cyber Series went live
with a total of 5 episodes
26
14 May
27
19 April yber insurance guidance: Joint guidance
C
28
from the NCSC with ABI, BIBA, IAU to help
29
NCSC announces new CEO: Richard Horne organisations faced with ransomware demands
appointed as new CEO of NCSC and GCHQ minimise disruption and cost of an incident
30
Board Member
31

32 22 April 14 May

33
Palo Alto Advisory: NCSC encourage Share and Defend capability launched:
34 organisations to take immediate action to A capability designed to enable protection
35 mitigate a vulnerability affecting Palo Alto to the UK public and businesses from cyber
Global Protect Gateway attacks and cyber-enabled fraud
36

37
24 April
15 May
38
CISCO advisory: The NCSC advises
39
organisations to take immediate action L aunch of Personal Internet Protection service:
40 to mitigate vulnerabilities affecting Cisco The service provides an extra layer of security
41 firewall platforms on personal devices for high-risk individuals
42

48
(NCSC Annual Review 2024) page_number = 10 Overview

5 June 2 August
9

10
Cyber Essentials celebrates 10th anniversary CD 2.0 blog: Introducing ACD 2.0 and the
A
11
principles that have been set
12

13 21 June
14
Synnovis incident: NCSC working with Synnovis,
7 August
15 NHS and law enforcement to fully investigate NCSC CEO attendance at BlackHat, USA:

16 reports of sensitive data being published online NCSC CEO took part in CISA’s panel focused
17
following cyber attack on election security
18

19
4 July 12 August
20
UK General Election: NCSC work with partners Building a nation-scale evidence base

21
to help deliver a safe and secure election for cyber deception: The NCSC invited UK
22 organisations to contribute evidence of cyber
23 9 July deception use cases and efficacy to support
our long-term research goals
24
APT40 advisory: Australian-led joint advisory

25 exploring how China state-sponsored actors
have evolved their techniques for launching
26
cyber attacks
14 August
27
Post-quantum cryptography blog: NIST

28
published three algorithm standards: ML-KEM,
29 10 July ML-DSA, and SLH-DSA. The NCSC has updated
30 its PQC white paper to reflect this milestone
arolyn Ainsworth recognition: NCSC’s Chief
C
31 Engineer named as one of the top 50 women
32 in engineering
33

19 July
34

35
CrowdStrike outage: Following the global IT
36
outage NCSC issued guidance and a warning
37
of an increase in phishing
38

40 25 July
41 DPRK advisory: Joint advisory exposing a

42
global cyber espionage campaign carried out
by attackers sponsored by the DPRK to further
43
the regime’s military and nuclear ambitions
44

48
(NCSC Annual Review 2024) page_number = 11 Overview

The NCSC at a glance:

The population and vast majority of organisations in

9
the UK are dependent on digital technology to live
10
and work. Cyber security ensures individuals and
11
# Define the businesses can operate effectively in our connected
message
12 message = world, and is central to national resilience.
“Start here”
13

What is cyber security?

17
Crucially, good cyber security facilitates
18
Cyber security is how individuals and better cyber resilience; the ability of an
19
organisations reduce the risk and impact individual or institution to protect itself
20
of cyber attacks. from, respond to, and recover from a cyber
21
attack, data breach or service outage. All of
22 Its core function is to defend the
these can cause huge financial losses and
23 services we rely on and the devices
reputational damage.
24 we use – both at home and at work –
25 from disruption, theft or damage. It’s On an individual level, smartphones, internet
26 also about preventing unauthorised of things (IoT) devices, computers and the
27 access to the vast amounts of data and internet are now such a fundamental part of
28 personal information stored online and modern life that it’s difficult to imagine how
29 on these devices. we would cope without them. Cyber security
30 can prevent cyber criminals from accessing
Cyber security is important because most
31 our accounts and services, keep our devices
organisations in the UK are dependent,
32 secure, and help us to navigate our online
directly or indirectly, on digital technology
33 lives, safely and with confidence.
to function. Cyber security ensures
34
organisations, including the UK’s critical
35
national infrastructure, can operate
36
effectively in our increasingly connected
37
world, and that governments can
38
continue to provide the essential services
39
that citizens depend upon.
40

48
(NCSC Annual Review 2024) page_number = 12 Overview

What is the NCSC? Who is at risk?

8
The National Cyber Security Centre Any organisation relying on digital
9
(NCSC) was formed in 2016 by combining technology, directly or through its supply
10
separate parts of government, MI5 chain, is at risk of a cyber incident. The
11
and GCHQ, to create the UK’s technical majority of cyber attacks are untargeted
12
authority for cyber security. Our mission and opportunistic in nature. As the high
13
is to make the UK the safest place to live profile cyber attack on the British Library
14
and work online. illustrates, criminals will exploit weaknesses
15
in an organisation without any regard
16 The NCSC supports the most critical
for the sector it operates in, its size, or who
17 organisations in the UK, the wider public
is impacted.
18 sector, industry, small and medium-
sized organisations and the general
Who is behind cyber attacks?
19

20 public. We also work collaboratively

Despite how they are frequently described
21 with law enforcement organisations,
in the media, most cyber breaches are
22 the UK’s intelligence and security
not a result of ‘complex and sophisticated
23 agencies, the National Protective Security
attacks’. The vast majority of cyber attacks
24 Authority (NPSA), international allies and
are still based upon well-known techniques
25 government partners.
exploiting commonly understood
26
The NCSC reduces cyber risks to the UK weaknesses. This means that organisations
27
by helping secure public and private employing basic cyber security standards,
28
sector networks, and reduces the cyber such as Cyber Essentials, can successfully
29
threat by seeking to understand and defend themselves from the most common
30
disrupt it. When incidents do occur, we online threats. Some cyber attacks are
31
provide effective incident response to highly sophisticated, and these are usually
32
minimise harm to the UK and help victims conducted by hostile foreign states for
33
to recover. espionage or wider state objectives.
34

35 We also coordinate activities across

36 industry, government and academia
37 to develop the UK’s cyber security skills,
38 technologies and capabilities.
39

48
(NCSC Annual Review 2024) page_number = 13 Overview

The NCSC, working with...

National
The NCSC’s collaborative efforts with these partners
7

8 Partners
9
International (not exhaustive) are crucial for enhancing the UK’s
10
Partners cyber resilience and addressing the global nature
11
of cyber threats.
12

15 Government Government UK intelligence

16 agencies departments community
17

19
International Devolved
20
bilateral partners administrations
21

22
a
23

25 Law enforcement
b

28 Regulators
29

30
c

31 International
32 organisations
33 Public
34
sector
35

38
Industry
39 International
40 certification
41
bodies
42

44
Non-
45 governmental
46 Industry and Law organisations
47
private sector enforcement (NGOs) Academia
48
(NCSC Annual Review 2024) page_number = 14 Overview

National International
Partners Partners

A. C. F. A. D.
Government Devolved Public sector Government International
departments administrations > National Health agencies certification
> Home Office > Northern Ireland Service (NHS) > US Cybersecurity bodies
> Cabinet Office Executive > Local government and Infrastructure
> Scottish authorities Security Agency
>
Foreign, E.
Government > Educational (CISA)
Commonwealth
and Development > Welsh Government institutions > New Zealand Industry and
Office National Cyber private sector
Security Centre > Global
>
Ministry of Defence G.
D. (NCSC-NZ) technology firms
>
Department Industry
Law > Australian Cyber > International
for Science,
> Critical national Security Centre
Innovation and enforcement (ACSC)
financial
infrastructure institutions
Technology > National Crime (CNI) > Canadian Centre
Agency (NCA) > Multinational
> Financial services for Cyber Security corporations
B. > Regional (CCCS)
> Telecommuni-
Organised Crime
UK intelligence Units (ROCUs)
cations > European Union
F.
community > Technology Agency for
> Local police forces Cybersecurity Law
> Government companies
Communications (ENISA) enforcement
Headquarters E. > National Security > Europol
(GCHQ) H. Agency (NSA)
Regulators > INTERPOL
> Secret Intelligence > Office of Gas and
Academia
> Federal Bureau
Service Electricity Markets > Universities B. of Investiga-
> National Cyber (OFGEM) and research tion(FBI)
Force (NCF) institutions International
> Health and Safety bilateral
> Security Service Executive (HSE) > Academic
(MI5) Centres of partners
> Civil Aviation
> National Protective Excellence in
Authority (CAA)
Cyber Security
Security Authority > Office of C.
Research
(NPSA) Communications (ACE-CSRs) International
(OFCOM)
organisations
> Information
I. > NATO
Commissioner’s
Office (ICO) Non-gov- > United Nations
ernmental (UN)
> Financial Conduct
Authority (FCA) organisations > Organisation
for Economic
(NGOs)
Co-operation
> Think tanks and and Development
advocacy groups (OECD)
> Charities
(NCSC Annual Review 2024) page_number = 15 Chapter 01 = (Countering the
cyber threat)

12
# Chapter title
13 chapter_title =
14

15
“Countering the cyber threat”
16

42
Chapter:

01
43

48
(NCSC Annual Review 2024) page_number = 16 Chapter 01 = (Countering the
cyber threat)

2
Introduction
We face real and enduring threats from hostile
3

4
# Define the states and cyber criminals targeting our critical
5 message
6
message = national infrastructure.
“Start here”
7

China
11
The NCSC continues to analyse and
12
respond to the cyber threats facing the China continues to be a highly sophisticated
13
UK. From hostile states and commercial and capable threat actor, targeting a wide
14
cyber proliferation, to ransomware and range of sectors and institutions across the
15
the challenges of AI-enabled intrusion, globe, including in the UK.
16
the NCSC leverages its technical expertise
17 In February 2024, the NCSC and international
and unique position in government to
18 partners co-signed an advisory on observed
counter conventional and unprecedented
19 compromises of US CNI by ‘Volt Typhoon’,
cyber threats, working alongside law
20 a China state-sponsored threat actor. The
enforcement and international partners.
21 targeting of energy, transportation and water
22 Ransomware attacks continue to pose sectors could be laying the groundwork
23 the most immediate and disruptive threat for future disruptive and destructive cyber
24 to our critical national infrastructure (CNI), attacks, and is a clear warning about China’s
25 with some state-linked cyber groups now intent to threaten essential networks.
26 targeting the industrial control systems
In March 2024, the UK government and
27 that infrastructure relies on.
international allies called out China state-
28
The NCSC’s Incident Management affiliated threat actors for targeting UK
29
team worked with the Information institutions that underpin our democracy.
30
Commissioner’s Office and the legal The NCSC assessed that:
31
and insurance sectors to produce
32 • threat actor APT31 was almost certainly
joint guidance on ‘ransom discipline’,
33 responsible for conducting online
which aims to reduce the number of
34 reconnaissance activity against UK
ransomware payments being made by
35 parliamentarians’ emails in 2021
victims of cyber crime and has since been
36 • a separate threat actor was almost
internationalised through the Counter
37 certainly responsible for the compromise
Ransomware Initiative (CRI), with 40
38 of computer systems at the UK Electoral
members and 8 insurance bodies globally
39 Commission between 2021 and 2022
endorsing it. It’s just one example of how
40
we’re partnering with government and The NCSC continues to work across
41
private organisations to improve the UK’s government, and in partnership with
42
cyber resilience. international allies, industry and academic
43
colleagues, to deter, degrade and detect the
44
cyber threat posed by China.
45

48
(NCSC Annual Review 2024) page_number = 17 Chapter 01 = (Countering the
cyber threat)

Russia Democratic People’s Republic of Korea

(DPRK)
2
Russia continues to act as a capable,
3
motivated and irresponsible threat actor The DPRK (also known as North Korea)
4
in cyberspace. Russian threat actors continues to prioritise raising revenue to
5
almost certainly intensified their cyber circumvent sanctions and intelligence
6
operations against Ukraine and its allies collection in its cyber activity. DPRK
7
in support of their military campaign and threat actors indiscriminately target
8
wider geopolitical objectives. cryptocurrency companies and users
9
globally, and attempt to steal data from
10 Through its activities in Ukraine, Russia is
defence industries, governments, and
11 inspiring non-state threat actors to carry
academia to improve their internal
12 out cyber attacks against western CNI.
security and military capabilities. In July
13 These threat actors are not subject to
2024, the NCSC co-signed an advisory
14 formal or overt state control, which makes
on a group sponsored with the DPRK’s
15 their activities less predictable. However,
overseas intelligence agency that has
16 this does not lessen the Russian state’s
targeted defence, aerospace and nuclear
17 responsibility for these ideologically-
entities globally.
18 driven attacks. The NCSC continues to
19 publicly expose Russian cyber activity, UK firms are almost certainly being targeted
20 which makes it a more challenging by IT workers from the DPRK – disguised
21 environment for them to operate in. as freelance third-country IT staff – to
22 generate revenue for the DPRK regime. The
23 Iran DPRK remains a prolific and capable threat
24 Iran-based threat actors remain actor, and the NCSC continues to work with
25 aggressive in cyberspace and continue partners to understand and address the risk
26 to achieve their objectives through to the UK.
27 less sophisticated cyber techniques
28 (including prolific use of spear-phishing),
29 but also targeting industrial control
30 systems. In August 2024, US government
31 agencies issued an advisory highlighting
32 ransomware attacks by Iran-based threat
33 actors on organisations in the education,
34 finance, healthcare, and defence sectors
35 in the US and other countries.
36
Although much of Iran’s cyber activity
37
has likely been focused on the Israel/
38
Hamas conflict throughout 2024, it is
39
developing its cyber capabilities and
40
is willing to target the UK to fulfil its
41
disruptive and destructive objectives.
42
The NCSC continues to work closely with
43
government, industry and international
44
partners to understand and mitigate the
45
cyber threat from Iran.
46

48
(NCSC Annual Review 2024) page_number = 18 Chapter 01 = (Countering the
cyber threat)

4
# Define the
5 message
6
message =
“Start here”
7

Defending democracy
11
The nature of modern supply chains
12
The UK general election in July 2024 means that a ransomware attack on one
13
presented an attractive target for a organisation can have a significant impact
14
range of threat actors, due (in part) to on many others. In June 2024, the financially
15
the UK’s membership of NATO, the G7 and motivated ransomware attack on Synnovis,
16
our continued support for Ukraine. More a pathology laboratory supplier to the NHS,
17
generally, threats against UK officials and had significant impact on citizens, delaying
18
election candidates – particularly their elective procedures and outpatient
19
personal devices and accounts – are appointments.
20
seen as a softer target by adversaries,
21 The NCSC provides guidance to help reduce
and were highlighted in public attributions
22 the risk of ransomware attacks (and how
that included APT31 and Russian FSB threat
23 to recover if you’ve been infected), whilst
actors ‘Star Blizzard’.
24 our Cyber Incident Response scheme
helps victims to identify trusted providers
Ransomware
25

26 of commercial incident response services

Ransomware remains one of the
27 should the worst happen.
most pervasive cyber threats to UK
28
organisations. In addition:
29

30 Ransomware is a type of malware • the NCSC’s Cyber Essentials scheme has

31 which prevents organisations from been proven to reduce an organisation’s
32 accessing their systems or data, usually vulnerability to cyber attacks (including
33 by encrypting files. More recently, threat ransomware)
34 actors are choosing not to encrypt • the NCSC’s Cyber Advisor scheme can
35 systems and simply threatening to provide cyber security consultancy
36 publish sensitive data, using the potential tailored to small and medium-sized
37 reputational and financial damage to organisations
38 leverage a ransom payment.
39

48
(NCSC Annual Review 2024) page_number = 19 Chapter 01 = (Countering the
cyber threat)

Artificial intelligence
1
Disrupting global ransomware
2
operators Many nation-state threat actors and
3
The NCSC and the National Crime Agency cyber criminals are already using artificial
4
(NCA) assessed that the cyber crime intelligence (AI) to increase the volume
5
group LockBit was the leading global and heighten the impact of cyber attacks.
6
ransomware threat since the demise of In January 2024, the NCSC released an
7
the Conti ransomware strain in mid 2022. assessment of the near-term impact of
8
In 2024, the NCA, alongside international AI on the cyber threat, highlighting how it
9
law enforcement partners, led activity can be used for reconnaissance, social
10
against the LockBit group, including engineering and analysis of exfiltrated data.
11
taking control of their infrastructure and
12 Generative AI (that is, AI tools that can
naming the primary operator. The NCSC
13 produce different types of content, including
works with government, law enforcement
14 text, images and video) will make it harder
and international partners to disrupt
15 for defenders to identify social engineering
and impose costs on high harm cyber
16 attacks without the development of new
criminals with targeted sanctions. In
17 mitigations. At the same time, the shrinking
October, the UK sanctioned 16 members of
18 time between the exploitation of certain
the Russian cyber-crime gang ‘Evil Corp’
19 unpatched software vulnerabilities and
alongside coordinated action taken by
20 the release of security updates to patch
the US and Australia. The NCSC is also an
21 systems, is already challenging network
active participant in the multilateral body,
22 managers. AI is expected to further narrow
the Counter Ransomware Initiative.
23 this interval, as reconnaissance to identify
24 vulnerable devices becomes more precise.
25
Highly capable state actors, in terms of both
26
AI and cyber operations, will most likely be
27
able to exploit the potential of AI to create
28
more advanced cyber attacks. The NCSC
29
continues to work closely with government,
30
international, industry and academic
31
partners to understand the impact on cyber
32
threat to inform the UK’s response.
33

48
(NCSC Annual Review 2024) page_number = 20 Chapter 01 = (Countering the
cyber threat)

Cyber proliferation
1
The result was the signing of the Pall Mall
2
Over the next five years, expected Process declaration; a new international
3
increased demand for commercial initiative across governments, industry and
4
cyber tools and services, coupled with civil society to address the proliferation
5
a permissive operating environment and irresponsible use of commercial cyber
6
in less-regulated regimes, will almost intrusion tools and services, providing
7
certainly result in an expansion of the consensus on what constitutes responsible
8
global commercial cyber intrusion behaviour in cyberspace. The NCSC
9
sector. The real-world effect of this will supported the Foreign, Commonwealth and
10
be an expanding range and number of Development Office (FCDO) led initiative
11
victims to manage, with attacks coming through robust assessment of the threat,
12
from less-predictable types of threat technical expertise, engaging closely with
13
actor. Many of these will have access to industry, civil society groups and think tanks.
14
commodity cyber tools that require low
15
skill to weaponise, and will be operating
16
from countries with scant regard for
17
international norms and regulations.
18

19
The Pall Mall Process declaration
20
In February 2024, the UK and France
21
hosted the first, dedicated conference
22
on tackling the threat from commercial
23
cyber proliferation. It brought together a
24
wide range of organisations and views
25
– states, tech companies, civil society
26
representatives, academia, cyber security,
27
investors, researchers and private industry
28
– to establish guiding principles for the
29
legitimate development, facilitation,
30
purchase, and use of commercially
31
available cyber intrusion capabilities.
32

48
(NCSC Annual Review 2024) page_number = 21 Chapter 01 = (Countering the
cyber threat)

2
Incident management
The NCSC’s Incident Management (IM) team responds
3

4
# Define the to serious cyber incidents impacting UK organisations.
5 message
6
message = The IM team is responsible for triaging incidents,
7
“Start here” providing support to impacted organisations, and
8
coordinating the NCSC and cross-government response.
This year the IM team received 1,957 reports of cyber
9

11
attacks covering a range of sectors. These were triaged
12
into 430 incidents requiring support from the IM team,
13
an increase on the 371 last year. Of these incidents,
14
89 were nationally significant, 12 of which were at
15 the top end of the scale and more severe in nature
16 (which is a three-fold increase on last year).
17

21
The IM team issued 542 bespoke Commercial and sensitive data continues
22
notifications informing organisations to to be attractive to threat actors, hoping
23
a cyber incident impacting them and to extort victims or use the data for other
24
providing advice and guidance on how to criminal or espionage activities. This year,
25
mitigate it. This was more than double the the NCSC was made aware of 347 reports
26
258 bespoke notifications issued last year. of activity that involved the exfiltration/
27
Almost half of the bespoke notifications extortion of data.
28
sent this year related to pre-ransomware
29 Vulnerabilities continue to pose a cyber
activity, enabling organisations to detect
30 security risk to organisations. This includes
and remove precursor malware before
31 known vulnerabilities, for which a mitigation
ransomware was deployed.
32 exists, and newly discovered/zero-day
33 The top sectors reporting ransomware vulnerabilities. Over the last year, the IM
34 activity into the NCSC this year were team issued approximately 12,000 alerts
35 academia, manufacturing, IT, legal, about vulnerable services through its Early
36 charities and construction. We received Warning service (a free, automated NCSC
37 317 reports of ransomware activity, either threat notification service). Exploitation of
38 directly from impacted organisations, or zero-days CVE-2023-20198 (Cisco IOS XE)
39 from our partners (an increase on 297 and CVE-2024-3400 (Palo Alto Networks PAN
40 last year). These were triaged into 20 OS) also resulted in six nationally significant
41 NCSC-managed incidents, of which 13 incidents for the IM team to manage.
42 were nationally significant. These included
43 high-profile incidents impacting the
44 British Library and NHS trusts.
45

48
(NCSC Annual Review 2024) page_number = 22 Chapter 01 = (Countering the
cyber threat)

2 Yearly breakdown of tips, incidents handled, highly Total Tips

Incidents handled
3 significant and significant and data exfiltration Highly significant
4 (stacked) and significant
5 Data exfiltration
6

8
Sep 21 - Aug 22 Sep 22 – Aug 23 Sep 23 – Aug 24
9

10 Total: 1226 Total: 2005* Total: 1957

11
2005*
12
1957
13

26
1226
27

31
* Increase in reports
attributed to change
32
in data collection and
33 cannot be compared
34 directly to previous
35
years.
36

37
430
38
371
39 355
347
40 327
41
276
42

89
45
62 62
46

48
Not drawn to scale
(NCSC Annual Review 2024) page_number = 23 Chapter 01 = (Countering the
cyber threat)

Staying in the race:

keeping up with
3

7
increasingly complex
8

9 cyber attacks
10

Organisations must step-up their cyber resilience

15
to protect the UK’s economic wellbeing and critical
16
national infrastructure.
# Define the
17 message
18 message =
“Start here”
19

23
Every year, the cyber threat landscape under pressure, and organisations should
24
grows more complex. In 2024 it is best take the necessary measures needed to
25
characterised as ‘diffuse and dangerous’. defend themselves.
26
We face a spectrum of threats where
27 The NCSC believe that the severity of the risk
persistent activity by capable hostile
28 facing the UK is – widely – underestimated
states compounds the acute challenges
29 by organisations from all sectors. Basic
posed by organised crime.
30 cyber security practices need to be
31 The number of cyber incidents is implemented right across the country. Mass
32 increasing, as is the impact of those adoption of these measures remains the
33 incidents. Ransomware attacks, best way to defend, respond, and recover.
34 network intrusions, cyber espionage But it must happen now.
35 and theft of intellectual property are all
36 commonplace. These have significant Advances in cyber intrusion
37 consequences for our economic and technologies
38 national security, as well as personal and Ransomware continues to be the most
39 professional costs for individuals. significant, serious and organised cyber
40 crime threat faced by the UK, with global
Our collective ability to defend against
41 ransomware payments in 2023 topping $1
cyber attacks – and to be resilient enough
42 billion. Critically, the cyber criminals behind
to remain operational when attacks do
43 ransomware continue to mostly operate
get through – has not kept up with the
44 from foreign jurisdictions that refuse to take
threat. The strategic advantage that
45 action against them, providing a permissive
network defenders have historically
46 and enabling environment for these groups.  
enjoyed in cyberspace is diminishing.
47
The UK’s national cyber resilience is
48
(NCSC Annual Review 2024) page_number = 24 Chapter 01 = (Countering the
cyber threat)

1
dependence on technology grows, our
2
supply chains become more complex, and
3
more services and data move to the cloud.
4

5 The complexity of the threat landscape is

6 also almost certain to intensify with the use
7 of AI technology. States that can develop an
8 advanced sovereign AI capability will pose a
9 cyber threat of real scale and sophistication.
10 Publicly available models will continue to
11 make all types of threat actor more efficient
12 and effective, exacerbating the challenges
13 of defence and response. AI will also almost
14 certainly enhance actors’ abilities to extract
15 intelligence value out of exfiltrated data. And
16 so, as more data is stolen and systems are
17 compromised, state and non-state proxy
The commercial proliferation of
18 actors use this stolen data to generate
advanced cyber intrusion tools against
19 information campaigns in support of their
an increasing range of devices will almost
20 wider competitive goals.
certainly be transformational in the years
21
ahead. There is now a global, skilled,
22 Geopolitics as a driver of cyber threat
commercial cyber intrusion sector. This
23 On top of a more complex picture of actors,
proliferation of cyber tools, combined with
24 the overall cyber threat is amplified by
advances in technology, is lowering the
25 geopolitical risks from global conflicts.
barriers to entry and putting sophisticated
26 Through the last year, we have repeatedly
tradecraft in the hands of a far wider
27 seen heightened use of cyber activity in
range of relatively unskilled actors. This
28 areas of wider competing influence around
enables actors to access cost-effective
29 conflict zones. In direct conflict, Russia has
capabilities and intelligence that would
30 routinely deployed wiper malware to delete
otherwise take decades to develop. It
31 data from inside Ukrainian government and
will no longer just be states buying a few
32 critical national infrastructure to hinder their
high-end, off-the-shelf products; by
33 operation. Additionally, Russia is routinely
2030, a cyber intrusion ecosystem will be
34 seeking to compromise the systems of NATO
available, putting surveillance, espionage,
35 states and aiming to shape the information
and possibly even effects capabilities into
36 space globally around Ukraine as it
the hands of new actors.
37 erroneously sees itself in conflict with NATO.  
38 This hugely increases the scale and
Autocratic nation states continue to pose
39 scope of global threat actors, and with it
a fundamental and persistent threat to
40 the number of attacks to defend against
the UK by using advanced cyber capability
41 (and risks to mitigate). The diffusion of
against our most critical sectors, seeking to
42 previously high-end tradecraft is also
undermine our society. Highly sophisticated
43 making it harder for defenders to establish
tools, techniques and procedures, including
44 with a high level of certainty who might
use of covert networks, helps to obfuscate
45 be behind attacks. All this is happening
the activity of these states, increasing the
46 against a backdrop of an expanding
overall impact of their activities and making
47 attack surface, where opportunities
it harder to attribute attacks.
48 for bad actors increase at scale as our
(NCSC Annual Review 2024) page_number = 25 Chapter 01 = (Countering the
cyber threat)

1
The operating environment inside a have routinely sought to gain access to
2
country can itself be an enabler to state networks across the world that enable
3
cyber activity. An advanced ecosystem their collection of bulk data and follow-
4
of cyber criminals, hacktivists, data on compromises. This includes actively
5
brokers, access brokers and cyber targeting a wide range of networks for
6
intrusion companies now enables access espionage, and prepositioning on critical
7
to data and systems across the globe national infrastructure for future disruptive
8
which can support and benefit nation and destructive purposes. Earlier this year,
9
state aims. While these groups are not the US stated that China affiliated actors
10
always subject to formal or overt state had compromised networks at multiple
11
control, this does not lessen states’ telecommunications companies to enable
12
responsibilities for their actions. the theft of customer call records data
13
revealing a broad and significant cyber
14 China remains a highly sophisticated
espionage campaign.
15 cyber actor, with increasing ambition to
16 project its influence beyond its borders Russia and Iran both engage in hostile
17 through both cyber and information cyber activity, not just to degrade, damage
18 operations. China state-affiliated actors and compromise data and systems, but to
19

48
Felicity Oswald speaking at Blackhat USA Conference
(NCSC Annual Review 2024) page_number = 26 Chapter 01 = (Countering the
cyber threat)

The widening gap

1
support or trigger direct physical threat
2
activity, broader espionage, and hybrid There is a widening gap between the
3
warfare activities. These regimes have increasingly complex threats (outlined
4
also looked to encourage a new wave above) and our collective defensive
5
of state-aligned hacktivism. The NCSC capabilities in the UK, particularly around
6
has seen a stark increase in the focus on our critical national infrastructure.
7
critical national infrastructure systems,
8 That widening gap will only become more
as hacktivist groups strike to compromise
9 pronounced over time as the scale and
these systems for political effect and
10 capability of cyber actors proliferates, the
propaganda victories. From the Cyber
11 relationship between state and non-state
Army of Russia Reborn to the Islamic
12 actors becomes more obfuscated, and
Hacking Army, these groups pose an
13 states’ abilities to understand cyber activity
active threat to poorly-defended critical
14 becomes fraught. It is therefore vital we
systems far beyond their traditional
15 increase our cyber resilience across the
activities of DDoS attacks, as evidenced
16 whole of the UK, and that we do so with
by the US advisory in April 2024 on the
17 urgency. Elsewhere in this review, we have
hacktivist threat to US water facilities.
18 outlined what organisations must do, and
19 North Korea continues to use cyber how they should do it. The NCSC stands
20 operations for a range of activities, ready to help.
21 including the acquisition of digital assets
22 and other operations which result in
23 monetary benefit. This is done in a variety
24 of ways, of which supply chain attacks
25 are one.
26

48
(NCSC Annual Review 2024) page_number = 27 Chapter 02 = (Building the
UK’s cyber resilience)

12
# Chapter title
13 chapter_title =
14

15
“Building the UK’s cyber resilience”
16

42
Chapter:

02
43

48
(NCSC Annual Review 2024) page_number = 28 Chapter 02 = (Building the
UK’s cyber resilience)

2
Introduction
From critical national infrastructure to emerging
3

4
# Define the technology, cyber resilience underpins the UK’s
5 message
6
message = economic future and safety.
“Start here”
7

11
The speed at which new technologies More specifically, the NCSC is building UK
12
– such as artificial intelligence – are cyber resilience by:
13
being used to facilitate cyber attacks
14 • delivering transformational active cyber
continues to rise, as does the volume and
15 defence services and interventions
sophistication of cyber threats from a
16 • supporting legislative and regulatory
range of capable adversaries.
17 reform
18 The NCSC is prioritising the cyber • growing the UK’s cyber ecosystem
19 resilience of the UK’s critical systems • influencing the security standards for new
20 against the most advanced and and emerging technologies
21 sophisticated threats. At the same time,
This year the NCSC, working with the
22 we’re raising our national resilience
Cabinet Office Election Cell and alongside
23 to commodity cyber attacks across
policing, central and local government
24 the whole of the UK’s economy, using
and private sector organisations, helped
25 the unique insights we get from being
to deliver safe and secure elections.
26 a part of GCHQ, and by working with
We worked with the NPSA to provide
27 partners across government, industry,
dedicated support and services to high-risk
28 and academia.
individuals and organisations targeted by
29
nation-state actors wishing to disrupt the
30
democratic process. The general election
31
was delivered smoothly and securely. No
32
major information operations, cyber or
33
concurrent incidents that caused a notable
34
impact on the election and its outcome
35
were observed.
36

48
(NCSC Annual Review 2024) page_number = 29 Chapter 02 = (Building the
UK’s cyber resilience)

Securing government
30
2024 also saw the first set of annual
31
The NCSC has continued to strengthen GovAssure returns from government
32
cyber resilience across government, departments, which provide an assessment
33
by supporting the establishment of of the cyber security of critical systems
34
the Government Cyber Coordination underpinning government’s essential
35
Centre (GC3) in September 2023. GC3 is services. GovAssure is run by the Cabinet
36
a joint venture between the Government Office and uses the NCSC’s Cyber
37
Security Group, the Central Digital Assessment Framework (CAF) as its
38
and Data Office and the NCSC. It is the assurance methodology.
39
coordination point for operational cyber
40 The NCSC has piloted new approaches to
security efforts across the government
41 collaborating with security researchers from
sector relating to vulnerabilities, threats
42 across the public sector, and accessing
and incidents, enhancing government’s
43 operational cyber security event data, at
resilience and ability to ‘Defend as One’,
44 scale. This included hosting a workshop with
meaning that government cyber defence
45 researchers from across the public sector
is far greater than the sum of its parts.
46

48
(NCSC Annual Review 2024) page_number = 30 Chapter 02 = (Building the
UK’s cyber resilience)

Sector resilience
1
to conduct threat hunting across shared
2
datasets, and to develop new tradecraft Over the last year, we have evolved
3
for detecting threats. our approach to the NCSC’s sector-
4
specific Trust Groups; industry-specific
5 The NCSC is driving a transformational
communities of Chief Information Security
6 journey, moving away from traditional,
Officers (CISOs) in businesses and
7 anecdotal, incomplete and slow
organisations. This has involved taking
8 approaches to cyber resilience and
a more thematic approach to common
9 instead embracing data-driven methods
risks and vulnerabilities such as supply
10 where insights inform our decisions and
chain resilience and the security of
11 enable us to respond more effectively
overseas travel.
12 and more efficiently to emerging threats.
13 By applying the standard data science Nearly 300 CISOs now actively participate
14 toolkit to the cyber resilience problem, in the NCSC’s sector-specific Trust Groups.
15 the NCSC will have better situational As of 31 August 2024, over 70% of the
16 awareness, prioritisation and agility. This UK organisations that are Trust Group
17 transformation will enable us to minimise members had signed up to the NCSC’s Early
18 harm by avoiding or mitigating more Warning service, which is designed to inform
19 incidents faster. organisations of potential cyber attacks on
20 their network.
The NCSC have developed joint cyber
21
security priorities with the Ministry of We also provide bespoke support where
22
Defence to increase the cyber resilience required, including the creation of a suite of
23
of our armed services. We have also practical resources for schools which, this
24
been working with international partners year, passed over half a million combined
25
to ensure the cyber security of joint views on YouTube and downloads from
26
projects to deliver the next generation our website. In addition, we also extended
27
of defence capabilities including the our ‘Protective DNS’ offering into the school
28
Global Combat Air Programme (GCAP) sector, which helps to prevent malware,
29
and AUKUS submarines. ransomware, phishing attacks, and other
30
online threats from reaching school
31
networks. This will mean more schools –
32
regardless of their resources – can now
33
benefit from enhanced cyber resilience.
34

48
(NCSC Annual Review 2024) page_number = 31 Chapter 02 = (Building the
UK’s cyber resilience)

2
Defending democracy
The integrity of the general election is fundamental to
3

5
# Define the our democracy. Securing the election was a top priority
message
6 message =
for the NCSC. We played a part in the UK’s Defending
7
“Start here” Democracy Taskforce, made up from representatives from
8
across government, the UK Intelligence Community (UKIC)
9 and the NPSA.
The taskforce’s aim was to ensure protection of our
10

democratic institutions, processes and civil society,

13
which included a establishing the constructs for free
14
and transparent elections in 2024. The Defending
15
Democracy Taskforce then established the Joint Election
16 Security Preparedness unit (JESP), which took overall
17 responsibility for coordinating electoral security and
18 drove the government’s election preparedness. Looking
19 beyond the election the NCSC will continue to support
20 the Defending Democracy Taskforce’s priorities.
21

25
Before the election, the NCSC helped notifications if we become aware of a cyber
26
secure digital infrastructure, working with incident affecting a registered account)
27
devolved governments and the Ministry and ‘Personal Internet Protection’ (a service
28
of Housing, Communities and Local which helps manage the risk of visiting
29
Government to ensure local authorities malicious domains).
30
were resilient. We extended Active Cyber
31 Post-election, the NCSC worked with
Defence (ACD) services and offered
32 parliamentary security and the Cabinet
expert advice to political parties and
33 Office to deliver cyber security briefs and
electoral management service providers.
34 facilitated the adoption of individual cyber
35 Recognising that personal digital services defence services.
36 (such as email) are seen as softer targets
The 2024 general election took place in
37 by our adversaries, the NCSC developed
a complex information environment. The
38 a comprehensive cyber offer for high-
NCSC partnered with colleagues across
39 risk individuals including briefings and
government to offer expert technical advice
40 the development of innovative individual
on how to protect against and respond to
41 cyber defence services, which were made
information-based incidents. This included
42 available to all parliamentary candidates.
using our expertise in exercising to test a
43 These services included ‘Account
number of scenarios and our collective
44 Registration’ (a service to provide rapid
readiness to respond to any incidents,
45
as well as participating in JESP’s Election
46
Security Exercise Programme.
47

48
(NCSC Annual Review 2024) page_number = 32 Chapter 02 = (Building the
UK’s cyber resilience)

Defender Communities Research and innovation

18
In support of the ‘Defend as One’ In early 2024, the NCSC set up a new team
19
objectives, the NCSC has piloted new dedicated to enhancing the resilience
20
approaches to engage and collaborate of the UK’s research and innovation (R&I)
21
with security practitioners across the sectors, in partnership with the NPSA.
22
public sector. Successful projects like The work focuses on enhancing cyber
23
NHS England’s Cyber Security Operations resilience in critical emerging technologies
24
Centre (CSOC), Police Digital Service’s including quantum, AI, engineering, biology
25
National Management Centre (NMC), and semiconductors. A new Emerging
26
and CymruSOC (Security Operations Technology Trust Group spans universities,
27
Centre) have made expertise accessible incubators, spin-outs, funders, investors
28
to many organisations. and larger tech companies. This provides
29
us with direct, one-to-one engagement
30 The NCSC’s work with these communities
with the most significant and strategic R&I
31 has identified opportunities to support
organisations, which helps us to:
32 experts by tailoring analytic products
33 and engagements for wide distribution. • influence funders and investors in these
34 Regular engagements have facilitated critical sectors
35 the sharing of actionable intelligence, • encourage them to incentivise or
36 encouraging proactive defences mandate cyber security best practice
37 and knowledge sharing. Over half of
The NCSC have also worked with the NPSA
38 all actionable insights come from
and published the ‘Secure Innovation’
39 external contributors.
guidance, which provides emerging
40
Threat hunting workshops have technology companies with a set of
41
developed and shared tradecraft for cost-effective measures that they can
42
detecting threats, enabling coordinated use from day one to better protect their
43
threat hunting on critical systems. The ideas, reputation and future success.
44
NCSC has invested in developing subject The international launch of the Secure
45
matter expertise and technical innovation, Innovation campaign highlights the join up
46
working closely with Five Eyes partners. across our 5 Eyes community.
47

48
(NCSC Annual Review 2024) page_number = 33 Chapter 02 = (Building the
UK’s cyber resilience)

Cyber Essentials
1

33,836
2
Cyber Essentials can help every
3
organisation – from micro businesses
4
to large corporations – guard against Cyber Essentials
5
the most common cyber attacks whilst certificates awarded
6
signalling to potential customers that (+20%)
7
they take the cyber threat seriously. The
8
technical controls defined in the Cyber
9
Essentials scheme continue to be the
10
minimum standard of security that the

10,939
11
NCSC advise all organisations strive for.
12
In 2024, Cyber Essentials celebrated its
13
tenth anniversary. 939 Cyber Essentials
14
Plus certificates awarded
15 Research from insurers show that
(+20%)
16 organisations implementing the Cyber
17 Essentials controls are 92% less likely to
18 make a claim on their cyber insurance
19 than those which don’t have Cyber
20 Essentials. We’ve also launched the

358
21 Cyber Essentials Knowledge Hub, to
22 provide a central, up-to-date source of
23 authoritative information, and it’s already
24 received great feedback from customers Certification Bodies
right across the UK
25 and certification bodies. (+12%)
26

48
(NCSC Annual Review 2024) page_number = 34 Chapter 02 = (Building the
UK’s cyber resilience)

2 Certifications by business size Micro

Small
3
Medium
4 Large
5

7
Cyber Essentials certificates Cyber Essentials Plus certificates
8

9 35% 33%
10

35% 29%
13

16 23%
17 20%
18
15%
19
10%
20

Top 4 reasons given for certification

21
To generally improve
22
cyber security
23 (33%)
33%
24
To give confidence to
25 our customers
26
31% (31%)
27 Required for
28 13% government contract
(13%)
29
Required for
30 13%
commercial contract
31
(13%)
32

As recommended by users
33

35 91% of customers would recertify to Cyber

• • Of sole traders, micro and small organisations,
36
Essentials next year. around 40% told us it was the first time that
they’d implemented the Cyber Essentials
37 • 89% would recommend certifying to other
controls. This figure is an increase of 10% on
organisations like theirs.
38 last year.
39 • 40% of smaller organisations implemented the
• The proportion of organisations that say they
controls for the first time.
40 will recertify (91%) and those saying they
41 • 2% failure rate for Cyber Essentials; dropping would recommend the scheme (89%) have
42
for the third straight year. both increased.
43 • The estimated fail rate for Cyber Essentials • Achieving Cyber Essentials Plus compliance
across all organisation sizes has dropped across their partnership network has helped St
44
from 2.45% to 2.0%. James Place reduce cyber security incidents
45
by approximately 80%.
• This year saw an increase (of 6%) in renewals
46
of CE certifications 72% compared to the
47
previous year.
48
(NCSC Annual Review 2024) page_number = 35 Chapter 02 = (Building the
UK’s cyber resilience)

1
Growing the cyber ecosystem Cyber Essentials Plus
2
Cyber Essentials is also fuelling growth Cyber Essentials Plus offers a higher level of
3
across the wider cyber security sector. assurance of the standard Cyber Essentials
4
Through our Delivery Partner, IASME, we scheme, as it includes a technical audit,
5
support the UK’s cyber security industry by carried out by an approved third party, to
6
licensing the Cyber Essentials assessment ensure the technical controls have been
7
process to ‘Certification Bodies’ across correctly implemented. This year, St James’s
8
the UK. We now have 358 cyber security Place, one of the UK’s largest advice-led
9
companies right across the UK (up 12% wealth management companies, asked
10
on last year), who are licenced to deliver its partnership network of over 2,800
11
Cyber Essentials. independent business to certify to Cyber
12

14 Certification Bodies by region Certification Bodies

15 (March 24) by size
16

17
Micro
18 Small
19 Medium
20
Large
21

22
Mar 24 Aug 24
Scotland
23
29 5% 5%
24

25 10% 10%
26
Northern
27
Ireland North 30% 29%
28 4 East
29 12
30 Yorkshire
31 & Humber
32
North 16
West
33
Isle of Man 35
34
2 East
35 55% 56%
West Midlands
36 Midlands 21
37 36
38 Wales East
10 29
39
London
40 58
41

42
South
West
43
29 South East
44 55
45
Channel
46 Islands
47 3
48
(NCSC Annual Review 2024) page_number = 36 Chapter 02 = (Building the
UK’s cyber resilience)

1
Essentials Plus. In such a large supply Since beginning the programme, 525
2
chain this had its challenges, but the small organisations have benefitted from
3
decision is already showing a positive the opportunity to access free Cyber
4
impact with an 80% reduction in cyber Essentials support. Initially targeting small
5
security incidents. organisations in the legal aid and charity
6
sectors (that is, organisations handling
7
The Funded Cyber Essentials sensitive data that would have significant
8
Programme impact if disrupted), we expanded in
9
The NCSC has continued to deliver its 2023 to the ‘emerging technology’ sector,
10
three-year Funded Cyber Essentials widening our offering to small businesses
11
Programme, by supporting small working in AI, engineering biology, quantum
12
organisations that work in those sectors engineering and semi-conductors.
13
that are at greater risk of cyber attack
14 Between September 23 and August 24,
than others. This may be because of
15 204 applications were approved (29
sensitive information they deal with, or
16 charities, 99 legal aid and 76 emerging
because they’re seen as an ‘easy target’
17 tech companies). Since its launch 90% of
for cyber criminals.
18 organisations responding to feedback feel
19 more confident about cyber security after
20 completing the process.
21

48
CyberFirst event
(NCSC Annual Review 2024) page_number = 37 Chapter 02 = (Building the
UK’s cyber resilience)

Industry assurance
1
Cyber Advisor
2
The Cyber Advisor scheme provides small The NCSC, working with partners, offer
3
and medium-sized organisations with certified assurance that covers a range
4
access to local, reliable and cost-effective of products, services and organisations.
5
cyber security advice and practical We continue to develop our range of
6
support, all based on the implementation industry assurance schemes and have
7
of the Cyber Essentials technical controls. launched new services to help grow the
8
Every Cyber Advisor must work for a cyber security industry, leveraging the
9
company which has met the NCSC’s NCSC brand so consumers can choose
10
standards, and pass an independent products and services they can trust. This
11
assessment that measures their: all means that more organisations than
12
ever before can have confidence in the
13 • knowledge and understanding of the
cyber security solutions they rely on to grow
14 Cyber Essentials’ technical controls
their businesses.
15 • competence in providing practical,
16 hands-on support
Cyber Resilience Audit
17 • ability to understand and work with
In August 2024 we announced the opening
18 small and medium-sized organisations
of a new Cyber Resilience Audit (CRA)
19
Launched in 2023, Cyber Advisor has scheme. CRA will assure providers who can
20
continued to grow this year, with 100 conduct independent CAF-based audits.
21
individual Cyber Advisors now employed These audits are primarily delivered to
22
by 93 NCSC assured service providers. government departments, the wider public
23

26 Growth in cyber advisor providers

29
100
30

33
80
34

37 60
38

41 40
42

45
20
Feb-23

Mar-23

Apr-23

May-23

Jun-23

Jul-23

Aug-23

Sep-23

Oct-23

Nov-23

Dec-23

Jan-24

Feb-24

Mar-24

Apr-24

May-24

Jun-24

Jul-24

Aug-24

48
(NCSC Annual Review 2024) page_number = 38 Chapter 02 = (Building the
UK’s cyber resilience)

1
sector, and organisations operating Over the past 12 months our assured service
2
in critical national infrastructure or providers have carried out over 2,700 tests.
3
specifically regulated sectors, although As well as ensuring the resilience of some
4
other organisations may also buy Cyber of the most critical sectors, the information
5
Resilience Audits for their own benefit. gathered through these penetration
6
tests helps the NCSC identify and better
7
Cyber Incident Exercising understand common vulnerabilities
8
Last year we made an effort to make across organisations. Meanwhile, CHECK
9
our schemes more accessible to a wider has completed the first phase of a digital
10
range of organisations. This included transformation programme, automating
11
the launch of a Cyber Incident Exercising the management of the scheme and
12
(CIE) scheme. CIE allows organisations allowing service providers the ability to carry
13
to test the effectiveness of their incident out many day-to-day business activities
14
response plans in a safe environment and themselves, while fuelling the ability to
15
strengthen their incident management further explore relevant datasets.
16
processes. CIE doesn’t test cyber
17
defences, but helps organisations to Cyber Resilience Test Facilities (CRTFs)
18
explore and evaluate their response plans, To further develop Principles Based
19
understand what risks they are holding Assurance (the NCSC’s evidence-based
20
from a cyber perspective, and how they method for technology assurance), initial
21
can be managed. There are now 28 work to establish Cyber Resilience Test
22
providers assured by the NCSC under CIE. Facilities (CRTFs) was completed, being the
23
mechanisms that will deliver assurance
24
‘Standard’ Cyber Incident Response for a wide range of internet-connected
25
As part of our aim to support a products using the Principles Based
26
wider range and larger number of Assurance methodology. The objective
27
organisations, last year a new ‘Standard’ is to set up a network of commercially
28
service level was introduced to our Cyber operated CRTFs across the UK to assure
29
Incident Response (CIR) scheme. The these products at scale. Not only will this
30
requirements of the Standard level are raise the bar for cyber-resilient product
31
designed to support target organisations development, it will also widen the range
32
which are at risk of common cyber attack, of products being assured whilst driving
33
and are likely to include most private private sector growth.
34
sector organisations, charities, local
35 The CRTF pilots are now complete, with the
authorities and smaller public sector
36 results being analysed to determine what
organisations. There are now 36 providers
37 the future assurance model will look like
assured across the CIR scheme.
38 ahead of a small-scale CRTF operating
39 capability launch planned for 2025.
CHECK
40 Opportunities to scale the capability further
The NCSC’s CHECK scheme sets standards
41 will then be considered and implemented
for penetration testing that government
42 where feasible.
departments, public sector bodies and the
43
UK’s CNI organisations can trust. There are
44
currently 53 companies assured, delivering
45
CHECK penetration testing engagements.
46

48
(NCSC Annual Review 2024) page_number = 39 Chapter 02 = (Building the
UK’s cyber resilience)

Active Cyber Defence

2 Mail Check is the NCSC’s platform for

Active Cyber Defence (ACD) – a collection
3 assessing email security compliance.
of NCSC services designed to protect
4 It helps domain owners identify,
UK citizens and organisations from
5 understand and prevent abuse
commodity cyber attacks – continues
6 of their email domains.
to play an important role in building
7
resilience. This year we announced
8
ACD 2.0, which aims to build the next
9
generation of ACD services in partnership
10
with industry and academia.
11

>3,800
12 As we embark on ACD 2.0, our first
13 step is to look at our attack surface
14 management suite (currently Web Check,
organisations are now using
15 Mail Check and Early Warning) and apply Mail Check
16 evidence-based scrutiny to our existing
17 ACD services. This will ensure we have
18 ongoing justification for the continuation • Over 34,600 domains, 60% of
19 of a service, along with a responsibility which are protected by DMARC
20 to evidence impact and be transparent
21 about whole life costs, driving them down
22 where possible. As a result, the NCSC will
23 look to divest most of our new successful
24 services within three years for the private
25 sector to run on an enduring basis.
26 Web Check helps users find and fix
27 Share and Defend common security vulnerabilities in
28 Share and Defend is a new ACD service their websites.
29 that shares feeds of known malicious
30 domains with internet service providers
31 (ISPs) and others so that they can be
32 blocked or taken down, protecting UK
33 citizens in near real time from high volume
34 cyber crime and cyber-enabled fraud.
35 The platform is already enabling the

>64,000
36 protection of approximately 50% of the UK
37 public by sharing these known malicious
38 domains with ISPs.
assets subscribed
39
Share and Defend works with threat
40
intelligence providers and security
41
vendors to consume data sets which • Service now has over 4,000
42 organisations utilising Web Check
contain malicious indicators (such as
43
domains and URLs). Share and Defend
44
also uses data from the PDNS and
45
Takedown services.
46

48
(NCSC Annual Review 2024) page_number = 40 Chapter 02 = (Building the
UK’s cyber resilience)

2 Check Your Cyber Security offers a Suspicious Email Reporting Service

3 range of tools to help users identify (SERS) allows the public to report
4 common vulnerabilities in their potential scam messages for removal.
5 public-facing IT.
6

>33,000 >10.5m
12

14
IP checks completed in review period reports received
15
(82% increase on previous year)
16

18 • Over 7,300 IP • Total number of reports since April

19 vulnerabilities detected 2020 reached over 34.4 million
20
• Over 25,800 browser checks • 351,000 scam URLs removed by
completed in review period the NCSC since April 2020
21
(76% increase on previous year)
22 • 30% of checks detected an
23 out-of-date browser
24

26 The Takedown service works Early Warning allows system owners

27 with hosting providers to remove to receive email alerts from the NCSC
28 malicious sites and infrastructure tailored to the cyber threats for their
29 from the internet. organisation’s IP address.
30

2.2m(+22%) 181,180
36

38
cyber-enabled commodity campaigns vulnerable systems on the
39
removed (up from 1.8m last year) internet were notified
40

41
• Share of global phishing has • Notified about malware infections
42 remained on average between on 117,700 IPs
43 1-2% throughout the last year. • Notified about 47,739 hacked
In 2016 the figure was over 5% internet servers
44
• There were 11,190 organisations
45
signed up at the end of the
46 period, an increase of 29%
47 on the previous year
48
(NCSC Annual Review 2024) page_number = 41 Chapter 02 = (Building the
UK’s cyber resilience)

Realising a more
1

secure and prosperous

7
cyber future
8

The gap between the threat and the UK’s ability

13
to defend against it is growing. We can address
14
this through immediate practical actions while
15
# Define the developing long-term strategic measures to
message
16 message = outpace our adversaries and secure the UK
17
“Start here” economy’s growth.
18

Not a technical challenge

23
The UK has one of the world’s most
24
advanced digital economies which The majority of cyber attacks rely on
25
relies on having a secure digital techniques and vulnerabilities that are well
26
infrastructure. Our reliance on the known to us. We have the knowledge and
27
technology that underpins much of the capability to defend against them. For
28
society comes with a growing threat example, we know that the five technical
29
from nation states, cyber criminals and controls defined in the NCSC’s Cyber
30
other malicious actors. Hostile activity in Essentials Scheme – the minimum standard
31
UK cyberspace has grown in frequency, of security we advise organisations to
32
sophistication and intensity. achieve – can stop the vast majority of
33
commodity cyber attacks.
34 The NCSC believes that the severity of
35 the risk facing the UK is being widely However, too many organisations are not
36 underestimated, and that the cyber implementing the most basic protective
37 security of critical infrastructure, measures. Schemes like Cyber Essentials
38 supply chains and the public sector are effective; the evidence described in this
39 must improve. There is a growing Annual Review is clear, and it is corroborated
40 disparity between the resilience of our by similar data from a range of industry
41 infrastructure and the threat we face. The partners. However, the NCSC only issued
42 gap between the threat and the cyber 30,000 Cyber Essentials certificates last year,
43 resilience of the UK needs to close as a which means millions of organisations are
44 matter of urgency. leaving themselves open to cyber attacks
45 that we know how to prevent.
46

48
(NCSC Annual Review 2024) page_number = 42 Chapter 02 = (Building the
UK’s cyber resilience)

1
So improving the cyber resilience of expertise and know-how to build a future
2
the organisations, at scale, is not a where products are secure, private, resilient,
3
technical challenge. and accessible to all. The technology to
4
achieve this exists, but the commercial
5 The UK needs to wake up to the severity of
incentives to encourage adoption are
6 the cyber threat. We need all organisations,
flawed. We need to ensure there are market
7 public and private, to see cyber security
incentives to make this happen.
8 as both an essential part of operational
9 resilience, and a driver for business The NCSC advocates that immediate action
10 growth. To view cyber security not just as is required to enhance the cyber security
11 a ‘necessary evil’ or compliance function, practices across the whole of society so
12 but as a business investment and catalyst we can:
13 for innovation. Safeguarding systems
• build a national infrastructure that is
14 and preventing data breaches, but at the
better prepared to withstand all but the
15 same protecting reputation and building
most advanced cyber threats
16 customer trust and retention.
• create an environment that imposes
17
This challenge is exacerbated by a higher costs on adversaries targeting the
18
technology market that does not incentivise UK and its interests
19
organisations to develop secure products • foster the development of a market for
20
(which is discussed in depth on page 54 of secure technology and services
21
this review). To re-emphasise, the barriers
22 This is our aspiration for a more secure and
we need to overcome are not technical
23 prosperous future.
in nature. Defective and flawed software,
24
sometimes rushed to market, is often at
25
the heart of cyber incidents. We have the
26

48
(NCSC Annual Review 2024) page_number = 43 Chapter 02 = (Building the
UK’s cyber resilience)

Protecting our digital way of life:

1
way to enhancing the security of critical
the role of legislation
2
network and information systems in the
3
The NCSC raises awareness of the cyber UK, covering both ‘operators of essential
4
threat and clearly guides citizens and services’ (OES) and ‘relevant digital service
5
organisations towards trusted cyber providers’ (RDSPs).
6
security advice, tools and services,
7 As the UK’s only cross-sector cyber
promoting best practice, preparedness
8 legislation, NIS regulations boost cyber and
and mitigation. As the national technical
9 physical resilience. However, more could
authority for cyber security and critically,
10 be done to build greater resilience into
an integral part of GCHQ, the NCSC will
11 the UK’s critical national infrastructure, to
continue to benefit from and leverage
12 better withstand or recover from attacks by
its unique insights to carry out this work.
13 the most sophisticated state-level cyber
But this will not be enough. There is
14 threats. This government has committed
more to do.
15 to introducing the Cyber Security and
16 One of the strategic levers that we Resilience Bill (CSRB) in this year’s King’s
17 can use to improve cyber security Speech, and we believe it’s a crucial
18 outcomes is legislation. The Network step towards hardening the UK’s cyber
19 and Information Systems Regulations defences. The UK government are using
20 2018 (NIS Regulations) went some this opportunity to broaden the scope
21

48
(NCSC Annual Review 2024) page_number = 44 Chapter 02 = (Building the
UK’s cyber resilience)

1
of current regulations to protect more The UK cannot underestimate the severity
2
digital services and supply chains, to put of state-led threats, or the volume of the
3
regulators on a stronger footing, and to threat posed by criminals. The resilience of
4
strengthen reporting requirements to critical infrastructure, supply chains and the
5
build a better picture across government public sector must improve. But so must our
6
of cyber threats to the UK. wider economy.
7

8 The new legislation won’t be an end in We believe that cyber security legislation
9 itself. First, the implementation of the and regulation in the UK needs to be
10 legislation – across government, across comprehensive, forward-looking, and
11 regulators, and across the economy – is responsive to an increasingly dangerous
12 a collective challenge. This may not be and diffuse threat landscape. Globally
13 the only time we need new legislation to pioneering work done in the context of
14 protect our infrastructure and economy. the Telecommunications Security Act has
15 We need to listen to organisations shown how effective legislation can be. We
16 working in the sector, to learn from our are bringing our technical expertise to bear
17 international partners, and ensure we in shaping and enabling these outcomes.
18 have the legislation we need to give the
The NCSC has always believed that cyber
19 nation the tools it needs to contest the
security is a team sport, and right now,
20 threats we face. The scope stretches
our collective efforts are not enough. Only
21 beyond the confines of our most critical
when we are clear about what needs to be
22 infrastructure, with the Minister for
done, and then together are committed to
23 Security recently committing to reviewing
actually doing it, will we succeed.
24 the 1990 Computer Misuse Act to combat
25 cyber crime.
26
As well as strengthening regulation, policy
27
and legislation to accelerate progress on
28
raising resilience, the NCSC is planning
29
to work across government to develop
30
new capabilities to harden defences
31
around our highest priority systems in
32
response to changes in the geopolitical
33
environment. This work will help us to
34
prepare for crises and ensure that our
35
national posture can keep up with what’s
36
going on in the real world. This will include
37
how we communicate the threat, and
38
what is expected of operators to prepare
39
for, respond to, and recover from a
40
cyber incident.
41

48
(NCSC Annual Review 2024) page_number = 45 Chapter 02 = (Building the
UK’s cyber resilience)

12
# Chapter title
13 chapter_title =
14

15
“Developing the UK’s cyber ecosystem”
16

42
Chapter:

03
43

48
(NCSC Annual Review 2024) page_number = 46 Chapter 03 = (Developing the
UK’s cyber ecosystem)

2
Introduction
The NCSC is future-proofing the UK’s national security
3

5
# Define the by building a self-sustaining ecosystem of cyber talent.
message
6 message =
“Start here”
7

CyberFirst Girls Competition 2023/24

11
The NCSC plays a key role in strengthening
12
the UK’s cyber security ecosystem, which The CyberFirst Girls Competition aims
13
now contributes around £11.9 billion per to inspire girls aged 12-13 to explore the
14
year to the economy. world of cyber and technology, helping
15
to address the lack of diversity in the UK
16 We harness the power of government,
cyber workforce, where women currently
17 industry and academia to cultivate a
make up just 17%. Since its inception in
18 fertile ground for excellence that supports
2017, over 69,000 girls have taken part in
19 the ecosystem at every level. From
CyberFirst Girls Competitions. The 2024
20 inspiring school pupils and providing
competition attracted more teams and
21 opportunities in higher education, to
schools than any other year, with 3,608
22 funding research and bringing together
teams participating from over 750 schools,
23 innovative tech startups, we are future-
a 28.6% increase from last year. 84% of all
24 proofing the UK’s national security
participating schools were state schools.
25 by developing a sustainable cyber
26 ecosystem that now employs almost
27 61,000 people.
28
To sustain this ecosystem, we need to
29
ensure skilled people, quality products
30
and trusted services are on hand to help
31
organisations stay resilient and develop
32
their digital offerings. The NCSC works
33
closely with partners to define standards,
34
assure products and services, and to
35
grow the pipeline of talent that the cyber
36
security sector needs to thrive.
37

61,000
43

48 employed in cyber security related roles

(NCSC Annual Review 2024) page_number = 47 Chapter 03 = (Developing the
UK’s cyber ecosystem)

CyberFirst Regional Ecosystem The social value of CyberFirst

initiatives
2
The CyberFirst Regional Ecosystem has
3
experienced remarkable growth this Like many organisations, social value is an
4
year, which now includes 173 recognised ongoing priority for the NCSC. This year, the
5
schools and colleges, 140 CyberFirst NCSC commissioned (for the first time) a
6
Ambassadors, and over 35,000 engaged study to examine the social value of the
7
students. This growth has been driven CyberFirst programme. The study revealed
8
by the regional and home nation that for £1 invested in CyberFirst there was
9
partners offering in-school and extra a £4.06 social return on investment (SROI),
10
curricula courses to schools within which equated to £31m of evidenced
11
their region. All courses emphasise the social value.
12
ethics and legalities of ‘messing around’
13 The Regional Ecosystem work has a
with computers and the internet, and
14 particularly high SROI, and showed a
offer practical, hands-on learning and
15 £6.52 SROI against every £1 invested. This
applied teamwork.
16 indicates how the ongoing commitment
17 The partnerships approach is a model from industry, academia and government
18 that delivers real impact, providing enables CyberFirst to continue to provide
19 national and local employers with a opportunities to empower and develop
20 trusted framework where they can talented students.
21 engage with local schools and students
22 in some of the most deprived parts of the
23 country, releasing untapped potential and
24 helping to keep the most talented young
25 people within their local communities.
26

27 CyberFirst Ambassadors
28 The CyberFirst Ambassador network
29 was launched this year, and there are
30 now over 100 CyberFirst Ambassadors
31 signed-up from within academia and
32 across a variety of businesses, from small
33 startups to large-scale multinationals.
34 The ambassadors are a key part of the
35 ecosystem, and support the CyberFirst
36 programme by:
37
• forging trusted relationships between
38
schools and industry
39
• delivering CyberFirst activities in schools
40
and colleges
41
• representing the regional and home
42
nation partnerships, the NCSC and the
43
CyberFirst brand
44
• being involved in assessment panels for
45
CyberFirst schools and colleges
46
• encouraging schools and colleges that
47
are not yet part of CyberFirst to apply
48
(NCSC Annual Review 2024) page_number = 48 Chapter 03 = (Developing the
UK’s cyber ecosystem)

2 CyberFirst year on year cumulative Girls comp Bursary

Courses Students
3 engagement and growth table attendees engaged via
4 Schools/ CF Schools
5 colleges Total
6
Ambassadors
Courses
7
applications
8

14 60,000
15

16
49,324
17
50,000
18

21
40,000
22

25 30,000
26

27
17,352
28
20,000 15,783
29 13,030 12,261
30 9,525 9,349
8,059
31

32 10,000
33
18 91
34

35
0
36
2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
37

38
Cumulative engagement growth
39

40
160,000
140,000
41

42
120,000
100,000
43

44
80,000
45
60,000
46
40,000
47
20,000
48
2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
(NCSC Annual Review 2024) page_number = 49 Chapter 03 = (Developing the
UK’s cyber ecosystem)

CyberFirst Bursary CyberFirst Hackathon

2
The CyberFirst Bursary scheme continues In close collaboration with the NCF, NCSC
3
to support the next generation of cyber co-delivered the inaugural CyberFirst
4
talent, offering undergraduates a £4,000 Hackathon. The event marked a significant
5
per year bursary and a paid cyber stride in the novel ways NCSC and NCF are
6
security placement each summer to collaborating across Government to nurture
7
help kickstart their career in cyber. This the UK’s cyber talent. Hosted at Lancaster
8
year, a total of 111 students enrolled in the University, this event brought together
9
CyberFirst bursary scheme. Of these, 37% 40 NCSC CyberFirst university students to
10
were female and 20% came from ethnic tackle real-world cyber challenges in a
11
minority backgrounds. collaborative environment. By focusing
12
on wearable tech, Internet of Things, and
13 The bursary program has a total of
data insights, the Hackathon bridged
14 1,280 students, supported by over 240
academia, industry, and government to
15 industry, academic and government
create opportunities for hands-on learning
16 institutions. Graduates finish the course
and innovation.
17 with invaluable work experience, new skills,
18 a better understanding of their career The hackathon initiative not only enhances
19 options and the confidence to succeed participants’ technical skills, but also
20 in the world of cyber. 88% of the 742 provides a gateway to future employment
21 graduates are now employed in cyber within the NCSC and NCF, and is a
22 security roles. testament to the collective commitment
23 to cultivate a robust UK cyber ecosystem
24 CyberFirst Champion scheme that supports national security and
25 A CyberFirst Champion is an alum of the technological advancement.
26 CyberFirst Bursary Programme, working
27 in a company and acting as the point
28 of contact for current bursary students.
29 The scheme has expanded from 30 to 41
30 members, serving as a vital link between
31 current and former students, and
32 CyberFirst members. Last year, the NCSC
33 also introduced ‘Cluster Events’, a series of
34 regionally organised gatherings providing
35 a unique platform for networking among
36 the alumni community. Attendees
37 participate in lightning talks and engage
38 with guest speakers from across
39 government and industry.
40

48
(NCSC Annual Review 2024) page_number = 50 Chapter 03 = (Developing the
UK’s cyber ecosystem)

Higher education Cyber Security Body of Knowledge

(CyBOK)
2
Since its launch in 2020, the programme
3
for Academic Centres of Excellence in Since 2017, the NCSC have sponsored Cyber
4
Cyber Security Education (ACEs-CSE) Security Body of Knowledge (CyBOK), a free
5
has recognised UK universities with resource that codifies the foundational
6
gold and silver awards for showing their knowledge in cyber security for education
7
commitment to delivering first-rate and professional training, born out of
8
cyber security education on campus a desire to bridge a well-recognised skills
9
and beyond. This year saw Greenwich gap within the cyber security sector.
10
University added to the list of recognised
11 CyBOK is also supported by the UK Cyber
institutions across England, Wales,
12 Security Council, who set the professional
Scotland and Northern Ireland.
13 standards adopted by the NCSC’s Industry
14 The ACE-CSE programme builds on the Assurance Schemes. Since 2021, we’ve been
15 NCSC’s Certified Degree Programme, using CyBOK as the basis for describing
16 which certified eight new degree courses, the course content of the NCSC-certified
17 bringing the total to 85. NCSC-certified undergraduate and postgraduate cyber
18 degree courses help universities to attract security degrees programme, and for
19 high quality students from around the NCSC-certified training.
20 world, and prospective students to make
21 informed choices when considering the
22 hundreds of institutions that now offer
23 cyber security content.

16
24

30
Academic Centres of Excellence
31
in Cyber Security Education
(ACEs-CSE) up 1

21
32

38 ACE-CSR

85
39

44 Certified degrees up 8
45 (61 PG, 18 UG and 6
46 apprenticeships)
47

48
(NCSC Annual Review 2024) page_number = 51 Chapter 03 = (Developing the
UK’s cyber ecosystem)

NCSC For Startups

1
The community also provides access to
2
The NCSC For Startups programme the wider cyber ecosystem, giving startups
3
provides young businesses with insights, the opportunity to engage and collaborate
4
support and access to help them shape with industry, academia and government
5
their cyber security products and services. partners, bringing their unique perspective
6
The programme has supported startups and innovative approaches to difficult
7
at different all stages of maturity, from cyber security challenges.
8
those developing a minimum viable
Industry 100
9
product (MVP) to businesses with
10
established solutions looking to develop, The NCSC’s Industry 100 (i100) initiative
11
adapt and pilot their products. All brings together public and private sector
12
supported projects are aligned to specific talent to challenge thinking, test innovative
13
technology or cyber challenges that are ideas and enable greater understanding
14
set by the NCSC. of cyber security. i100 encourages a variety
15
of companies (with unique insights and
16 Created to engage corporations,
capability in cyber security) to loan staff
17 consultants, investors and national
to the NCSC to help us defend the UK. The
18 security agencies, NCSC For Startups
secondees are given security clearance
19 helps businesses to take breakthrough
that enables them to work alongside the
20 technologies to market faster than would
NCSC’s staff, including on sensitive projects
21 be possible in a purely commercial model.
and investigations.
22 To date, the programme has helped more
23 than 70 tech companies and raised over This year, an additional 45 new participants
24 £526m in investment, whilst creating over joined the scheme, growing the
25 1,700 new jobs delivering security and community to 132. Highlights from i100
26 growth for the UK. this year included:
27
• technical advice to modernise
28 The NCSC For Startups alumni
cyber security best practice for data
29 community
infrastructure and managed service
30 The NCSC For Startups alumni community
providers (MSPs)
31 has grown over the 8 years of the
• expert support in the NCSC’s open source
32 programme to include over 60 startup
research, and in the development of
33 members, as well as government
critical guidance around industrial
34 and industry partners from the cyber
control systems (ICS) and operational
35 security sector.
technology (OT)
36
The alumni community includes a • endorsement from delegates from
37
powerful network of entrepreneurs who Japan and India at CYBERUK 2024, citing
38
have faced similar business challenges. i100 as a stand-out example of the UK’s
39
Members share valuable insights with world-leading approach to public-
40
each other on key issues, from securing private partnership in cyber security
41
investment and international growth to
42
achieving successful company exits.
43

48
(NCSC Annual Review 2024) page_number = 52 Chapter 03 = (Developing the
UK’s cyber ecosystem)

CYBERUK 2024
1

£2m
2
CYBERUK, the UK government’s flagship
3
cyber security conference, was held
4
in Birmingham for the first time. Worth boost to the local economy
5
over £15.3 billion, the West Midlands has

2,380
6
the fastest-growing tech sector in the
7
UK, with specialist university research
8
centres, innovative startups, world-class
9 in-person delegates from
R&D infrastructure, and a cluster of major
10 55 countries
cyber security enterprises. This success
11
story mirrors the essence of CYBERUK,

150
12
where innovation converges with tradition.
13

14 CYBERUK 2024 examined how future

speakers across 45 sessions,
15 technology represents significant
including Harry Coker,
16 opportunity, from employing AI in National Cyber Director
17 pioneering healthcare research, to using for The White House
18 quantum computers to solve problems

137+
19 like climate change and food security. The
20 150 speakers across 45 sessions included
21 Harry Coker (National Cyber Director for
22 The White House), Sir Roly Keating (CEO, companies sponsored or
exhibited with over 90% stating
23 The British Library) and Heather Adkins (VP
that CYBERUK met or exceeded
24 Security Engineering, Google). their expectations
25

⅔
26

29 Nearly two thirds of attendees on

30
average would consider using
NCSC products and services
31
following CYBERUK 2024 (24%
32
increase from 2023)
33

93%
34

37 rated the event

38
as good/excellent

87%
39

42
felt more informed on how to
43 build a cyber security ecosystem
44 that can manage the threats and
45 opportunities of the future
46

48
(NCSC Annual Review 2024) page_number = 53 Chapter 03 = (Developing the
UK’s cyber ecosystem)

Market incentives
1

and the future of

7
technology security
8

Technology markets do not incentivise

13
the investments required to secure
14
the foundations of cyberspace.
# Define the
15
message
16 message =
“Start here”
17

21
The modern three-point seat belt, education establishments and the wider
22
designed by a Volvo engineer over 60 public sector that are most impacted
23
years ago, has doubtless saved millions of because for most organisations, cost
24
lives. Yet the patent for it was given away consideration is the primary driver.
25
for free for the betterment of all, because
26 Put simply, if the majority of customers
Volvo chose not to compete on safety.
27 prioritise price and features over ‘security’,
28 Just as seat belts are not a premium then vendors will concentrate on reducing
29 feature that users pay extra for, we time to market at the expense of designing
30 should not have to pay for ‘safety products that improve the security and
31 features’ across the software and resilience of our digital world.
32 hardware sectors. Unfortunately, many
The NCSC want to build a future where
33 cyber security features (such as multi-
products are secure, private, resilient, and
34 factor authentication, single sign-on
accessible to all. The technology to achieve
35 or even access to certain logging)
this exists, but the business and commercial
36 are deemed ‘premium add-ons’;
incentives to encourage adoption are not
37 functionality that involves additional cost
present. So how can we ensure there are
38 for organisations (or users), rather than
market incentives to make this happen?
39 being a fundamental component of
40 the offering.
41
Products and services are produced by
42
commercial enterprises operating in
43
mature markets which – understandably
44
– prioritise growth and profit rather
45
than the security and resilience of their
46
solutions. Inevitably, it’s small and medium
47
sized enterprises (SMEs), charities,
48
(NCSC Annual Review 2024) page_number = 54 Chapter 03 = (Developing the
UK’s cyber ecosystem)

The roots of digital architecture

1
The NCSC believe that fixing these
2
For some time now, the NCSC has used foundational insecurities will improve digital
3
the term ‘secure by design’ to describe an resilience across the globe, which is why we
4
approach that encourages organisations fully support a paper by the White House’s
5
to ‘bake’ cyber security into all stages of Office of the National Cyber Director, ‘Back
6
the development life cycle, rather than To The Building Blocks: A Path Toward Secure
7
adding it as an afterthought. Doing this and Measurable Software’. Like the NCSC’s
8
addresses cyber security problems at root principles based assurance initiative, this
9
cause and prevents costly redesigns later paper stresses the need to solve security
10
on. We can improve the overall resilience problems at root cause, and to explore the
11
of systems by encouraging investment incentives required to re-align the market.
12
in ‘secure by design’ practices. This is
13 The backdrop to this is a threat landscape
particularly true at the ‘foundational layer’
14 that reveals increased intent from nation-
of our digital architecture, as any software
15 state actors and cyber criminals, both with
or systems built on those foundations
16 access to enhanced capabilities such as
will benefit.
17 AI-enhanced vulnerability scanning. The
18 When we follow a ‘secure by design’ increased appetite and ability to rapidly
19 approach, we fix classes of vulnerability, scan for and exploit these foundational
20 rather than having to address the vulnerabilities means we are presenting
21 symptoms of a particular issue (typically adversaries with an increasingly exploitable
22 through software patching). Memory attack surface. One which we could harden
23 safety vulnerabilities, for example, are one by fixing vulnerabilities at root cause.
24 of the most prevalent types of disclosed
25 software vulnerabilities, and investing
26 in ‘secure by design’ development
27 could drastically reduce onerous patch
28 management and incident response
29 activities. But with few incentives in current
30 market structures for organisations
31 to fix the root cause, memory safety
32 vulnerabilities will continue to proliferate.
33

48
(NCSC Annual Review 2024) page_number = 55 Chapter 03 = (Developing the
UK’s cyber ecosystem)

Creating the right market incentives

1
• the adverse cyber security outcomes
2
As mentioned earlier, the software and from an ever-growing mountain of
3
hardware market does not incentivise technical security debt, exacerbated
4
investment in security. The reasons by mergers and acquisitions which
5
for this are due to a wide set of market inherit legacy technologies
6
behaviours and incentives, including: • a belief by some that the risks of
7
insecure technology and digital
8 • ‘information asymmetry’ between
infrastructure should be borne by
9 vendors and customers (a situation
wider society, rather than by those
10 where sellers are better informed than
making investment decisions
11 buyers about the quality of the goods
12 or services) A series of discussion groups, expert
13 • vendors will prioritise reducing time panels and academic research led the
14 to market over designing products NCSC to develop an understanding of
15 that are ‘secure by design’ (which four key drivers that we believe could shift
16 takes longer and requires increased the incentive structures that underpin
17 engineering costs) technology markets and their attitude to
18 • customers will usually prioritise price security. These drivers are: liability, financial
19 and features over security reward, transparency, and consensus.
20

33 Liability
framework Transparency
34

35 Establishes
36
Provides return common security
on investment baseline
37

40
Enables ‘organic’ Drives
market action accountability
41

42 Financial Ecosystem
43
Rewards Consensus
44

48
(NCSC Annual Review 2024) page_number = 56 Chapter 03 = (Developing the
UK’s cyber ecosystem)

Two visions of the future of security…

1
Leveraging these drivers to develop
2
policy options would use network The future of technology security will evolve
3
effects, the drive for profit and the desire somewhere along a spectrum. At one end,
4
to maintain reputation to incentivise the market continues as it is now, where
5
enterprises to prioritise security. We security remains an afterthought and
6
believe that a range of incentives are consumers and wider civil society bear the
7
required to encourage commercial brunt. In this scenario, consumers will find
8
enterprises to focus on security for their their data compromised, their systems held
9
own benefit, which will mean better at ransom, and their privacy invaded. They
10
security outcomes for everyone. will have no means of holding to account
11
those responsible for the defects that failed
12 The NCSC wants to build an alliance
to prevent such attacks.
13 of stakeholders across HMG, industry,
14 academia and with our international Furthermore, it will be increasingly difficult
15 partners. Creating the desired market to know where defective products have
16 incentives will require further research allowed vulnerabilities to be exploited,
17 into the dynamics of our most important such is the increasing complexity of
18 technology sectors and markets. Strategic interconnected digital systems. Entire
19 policy will need to be developed across swathes of our critical infrastructure could
20 government. We must: be severely impacted by exploitation of
21 simple vulnerabilities, affecting the UK’s
• work with DSIT to develop the
22 ability to have consistent flows of electricity,
underpinning strategic policy
23 clean water and a functioning transport
• signal to markets that nations are
24 system. The UK won’t be economically
fully committed to increasing the
25 prosperous if we can’t trust the integrity of
transparency and visibility of poor cyber
26 our critical sectors.
security standards that organisations
27
have grown used to accepting At the other end, entire classes of exploitable
28
• make those responsible for those bugs could be mitigated by organisations
29
decisions accountable for investing investing in basic digital resilience through
30
in ‘defective products’ 1 foundational security and ‘secure by
31
design’ technology.
32

33 Improving the resilience of our software

34 and hardware technology stacks in ways
35 that can scale globally is a multi-faceted
36 challenge. The technology to raise resilience
37 at scale exists, but it will require – amongst
38 other things – a strategic policy agenda
39 that fundamentally alters the dynamics of
40 the existing market.
41

46
1
CISA chief Easterly calls software vulnerabilities a ‘product
47
defect,’ urges liability regime (https://insideaipolicy.com/
48 share/16704)
(NCSC Annual Review 2024) page_number = 57 Chapter 03 = (Developing the
UK’s cyber ecosystem)

12
# Chapter title
13 chapter_title =
14

15
“Keeping pace with evolving technology”
16

42
Chapter:

04
43

48
(NCSC Annual Review 2024) page_number = 58 Chapter 04 = (Keeping pace with
evolving technology)

2
Introduction
The NCSC’s expertise across the technology
3

5
# Define the stack helps the UK respond to emerging threats
6
message
message =
and opportunities.
“Start here”
7

11
As the national technical authority for The NCSC invests in extensive internal
12
cyber security, it’s vital that the NCSC research into emerging technologies
13
keeps pace with evolving technology, to explore new ways to reduce harm at
14
particularly where significant changes scale. Some new technologies – such as
15
affect our critical technologies, systems AI – are potentially disruptive, and their
16
and sectors. development cannot be ignored. Many
17
others evolve more slowly, but continue
18 Some of these changes directly impact
to have a huge effect on how resilient our
19 end users, such as understanding how we
systems are. For example, cloud and the
20 can reduce our reliance on passwords
‘internet of things’ (IoT) can no longer be
21 for authentication and move to passkeys.
described as new, but they’re so ubiquitous
22 Other changes impact developers,
that small changes to the standards or
23 for example improving software
technologies they incorporate can have far
24 development practices to reduce
reaching impact.
25 vulnerabilities in the apps and devices
26 embedded throughout our connected
27 society. The NCSC requires expertise
28 throughout this technology stack to help
29 the UK prepare and respond to emerging
30 opportunities, risks and threats.
31

48
(NCSC Annual Review 2024) page_number = 59 Chapter 04 = (Keeping pace with
evolving technology)

1
Research is long-term work that doesn’t The global technology landscape is vast.
2
always result in short-term benefits. The NCSC’s technical teams are small
3
However, the expertise we gain informs by comparison, so we work closely with
4
everything we do and allows us to provide national and international partners in
5
expert authoritative input to drive our industry, government and academia to
6
strategic aims which manifest elsewhere meet the challenge and maximise our
7
in government, such as our work impact. The NCSC’s research institutes
8
supporting research into semiconductors (based at the University of Bristol, University
9
led by the Department for Science, of Surrey, Imperial College London and
10
Innovation and Technology (DSIT). Queen’s University Belfast) provide focal
11
Similarly, our expertise in IoT platform points for foundational research into critical
12
security informed the development aspects of cyber security. The communities
13
of the PSTI (Product Security and they generate span all of our technical
14
Telecommunications Infrastructure) partnerships, and allow us to collaborate on
15
Act, which came into force in April 2024. a larger scale.
16
The act requires manufacturers of UK
17
consumer connectable products (or
18
‘smart’ products) to meet minimum
19
security requirements.
20

48
(NCSC Annual Review 2024) page_number = 60 Chapter 04 = (Keeping pace with
evolving technology)

Artificial intelligence (AI)

2
The NCSC is pioneering research in the
3
secure development of AI technologies,
4
both through our own insights and
5
through engaging with industry
6
and academia.
7

8 In February 2024, the NCSC hosted the

9 fourth iteration of WAIST (the Workshop
10 on AI Security Technologies). This is an
11 annual event delivered by the NCSC’s
12 data science research team, and aims
13 to build understanding of AI security
14 vulnerabilities and strengthen the
15 community working to mitigate them. This
16 year’s delegates included partners from
17 across the Five Eyes and UK intelligence
18 community, as well as industry, academia
19 and other international agencies. By
20 working together in this way, we can
21 drive global security improvements in a
22 critical technology whilst supporting UK
23 entrepreneurship.
24
At the same time, the NCSC has
25
deepened its cooperation with US
26
counterparts, including the Cybersecurity
27
and Infrastructure Security Agency
28
(CISA), the AI Security Center (AISC), and
29
the US AI Safety Institute. In November
30
2023, the NCSC published the Guidelines
31
for Secure AI System Development in
32
cooperation with industry experts and
33
21 other international agencies and
34
ministries from across the world, including
35
those from all members of the G7 group.
36
The UK-led guidelines, the first of their
37
kind to be agreed globally, aim to raise
38
the cyber security levels of AI and help
39
ensure that it is designed, developed,
40
and deployed securely.
41

48
(NCSC Annual Review 2024) page_number = 61 Chapter 04 = (Keeping pace with
evolving technology)

Crypt-Key
1
The NCSC are now working closely with
2
DSIT to deliver the next stages of this work, The NCSC collaborates with UK and
3
developing the guidelines into a voluntary international partners to protect our
4
Code of Practice and global standard. most sensitive information and enable
5
our most important capabilities using
6 In the past year, the NCSC has also
our cryptographic expertise, known as
7 advanced its collaboration with the UK AI
‘Crypt-Key’. Crypt-Key ensures the UK
8 Safety Institute (AISI), which was set up by
has high confidence in critical systems
9 DSIT in November 2023. This partnership
against the most advanced cyber threats.
10 has focused on developing robust AI
The NCSC’s National Crypt-Key Centre
11 safety protocols. These efforts aim to
(NCKC) remains central to developing
12 ensure that AI technologies are deployed
and maintaining secure communications
13 responsibly, reducing the risk of cyber
for government, military, industry and
14 harm due to AI models.
national security partners within the UK,
15
and to ensure interoperability with key
16 Post-quantum cryptography
allies as technology and threats evolve.
17 In August 2024, a major milestone in post-
18 quantum cryptography (PQC) was reached Throughout 2024, the NCSC produced and
19 when NIST, the US national standards distributed thousands of highly secure
20 organisation, published three PQC cryptographic keys to protect the UK’s
21 algorithm standards. The same month, the most sensitive data whilst continuing to
22 NCSC published a paper describing what build capabilities to support and key the
23 this means for UK organisations planning next generation of cryptographic devices.
24 their migration to PQC. This is covered in This is only achieved in concert with the
25 more detail on page 69 of this review. UK’s sovereign Crypt-Key industry, a
26 national asset that as well as supporting
In addition to hosting an event on PQC with
27 NCSC directly has collaborated with
UK regulators, on the international front we
28 us throughout 2024 to deliver world-
have ensured that the NCSC’s technical
29 leading encryption products to protect
positions are prominent in work that the
30 the UK’s most sensitive data, and that of
Central Digital & Data Office (part of DSIT)
31 our partners.
have led in the multi-national Digital
32
Government Exchange, and offered Working with the MOD the NCSC is also
33
a well-received thought leadership leading major transformation in Crypt-
34
paper on the likely computational cost Key that will benefit the UK’s defence
35
of quantum attacks on cryptography capabilities for many years to come.
36
within standards bodies. The Joint Crypt-Key Programme (JCKP)
37
is a £2.6 billion initiative that protects
38
the MOD’s people, platforms, networks
39
and information and provides high-
40
grade cryptography for mission-critical
41
services, enhancing cyber security and
42
trust among allies. 2024 has seen JCKP
43
gain Ministerial approval of the next major
44
phase of Crypt-Key transformation. This
45
phase will deliver an adaptable and
46

48
(NCSC Annual Review 2024) page_number = 62 Chapter 04 = (Keeping pace with
evolving technology)

28 innovative, architecture, ready to face The flexibility of PBA means it can be used to
29 the threats to defence over the coming assure a wide range of different technology
30 decades, through collaboration between products. This year we’ve developed a
31 government and the UK sovereign Crypt- range of new assurance services that
32 Key industry. use PBA for specific technology classes or
33 customer needs, including those facing
34 Principles Based Assurance elevated threats. The first of these at-scale
35 Principles Based Assurance (PBA) is the services will be Cyber Resilience Testing
36 NCSC’s chosen approach to determining (CRT), which is designed to assess how
37 if a technology product is ‘secure enough’ resilient any connected technology is to
38 for its intended use. This approach is a attack from a connection to a less-trusted
39 quite radical departure from traditional environment, such as the internet. PBA
40 methods of ‘technology assurance’, in that is applied to consider the engineering
41 the principles describe ‘what’ needs to be processes used to develop and support the
42 achieved, rather than ‘how’ this is carried technology throughout its life cycle, limiting
43 out. For us, PBA describes the overarching vulnerabilities at every stage.
44 aim, as opposed to providing specific
45 granular instructions for users to follow.
46

48
(NCSC Annual Review 2024) page_number = 63 Chapter 04 = (Keeping pace with
evolving technology)

1
The CRT service (and associated services The Personal Internet Protection service
2
for cyber resilience when facing elevated builds on the NCSC’s Protective DNS service
3
threats) has been successfully piloted, which was developed principally for use by
4
laying the ground for formal launch. organisations. Since 2017, PDNS has provided
5
These services will be closely aligned with protection at scale for millions of public
6
initiatives from international partners, sector users, handling more than 2.5 trillion
7
and will prove a valuable tool in uplifting site requests and preventing access to
8
the cyber resilience of technology across 1.5 million malicious domains.
9
all sectors.
Vulnerability Reporting Service
10

Individual Cyber Defence

11
Since 2018, the NCSC Vulnerability Reporting
12
In response to the UK general election, Service (VRS) has allowed individuals to
13
we accelerated our development of report vulnerabilities in government online
14
the Individual Cyber Defence (ICD) services to the NCSC. As a thank you to
15
service to provide practical support those who submit vulnerabilities, finders are
16
for high-risk individuals for UK officials awarded HackerOne reputation points. In
17
and election candidates, as part of our select cases we have also presented them
18
Defending Democracy initiative (see with an NCSC challenge coin.
19
page 32 of this review). This followed
20 In addition, the NCSC also runs the
the government’s announcements of
21 Disclosure for Government Scheme, which
attempts by the Russian Intelligence
22 enables government departments to
Services and China state-affiliated actors
23 manage their own vulnerability disclosure
to carry out malicious activity targeting
24 process while making use of the shared
UK institutions and individuals, including
25 platform and triage service the VRS
parliamentarians.
26 offers. We now have over 40 government
27 The two new opt-in ICD services comprise: organisations running their own disclosure
28 programme through the scheme with a
• the Personal Internet Protection
29 further 30 more currently being onboarded.
service, which adds an extra layer
30
of security against spear-phishing The VRS and the Disclosure for Government
31
by blocking access to known Scheme have both successfully been
32
malicious domains on individual’s transitioned to the Government Cyber
33
personal devices Coordination Centre (GC3). The NCSC, as
34
• the Account Registration service, which part of GC3, will continue to support and
35
alerts individuals if the NCSC becomes encourage vulnerability disclosure across
36
aware of a cyber incident impacting government. Of course, this wouldn’t be
37
a personal account possible without the continued support of
38
the finder community and the value they
39
bring to government.
40

48
(NCSC Annual Review 2024) page_number = 64 Chapter 04 = (Keeping pace with
evolving technology)

1
In the last 12 months we have seen the
2
number of finders who have submitted
3
vulnerabilities continue to grow to the
4
highest numbers we have had so far. The
5
graph below shows the trend continuing,
6
and it is predicted by the end of 2024
7
we will see an even higher number of
8
individual finders participating in the VRS.
9
We are working as part of GC3 to take
10
feedback from the finder community
11
and working with our platform and
12
triage partners to continue to improve
13
this engagement and encourage best
14
practice amongst the vulnerability
15
disclosure community.
16

18 Annual Breakdown of Researchers (Vulnerability Finders)

25
250
26

30 200
31

34
150
35

39
100
40

43 50
44

47
0 2018 2019 2020 2021 2022 2023 2024
48
(NCSC Annual Review 2024) page_number = 65 Chapter 04 = (Keeping pace with
evolving technology)

2 Reports by Department Type 2023

3 2024
4

5 Local
6
79.4%
7

9 74.6%
10

12 Central
13
14.2%
14

16 19.4%
17

19 Other
20 6.4%
21

23 6.0%
24

25
0 10 20 30 40 50 60 70 80
26

27
Finders can report a vulnerability they find have their own vulnerability disclosure
28
in any UK government online service. The programme (VDP) through the Disclosure
29
bar chart below shows a breakdown of for Government scheme.
30
submitted reports by department type.
31 Other departments that comprise
Three quarters of all reports submitted
32 significant but out-of-scope cases, such
to the VRS are related to services run
33 as critical national infrastructure. ‘Other’ will
by local authorities. However, this is to
34 also include any spam reports.
be expected as the UK is split into over
35
10,000 local councils, each with an online Cross-site scripting continues to be the
36
presence and any number of digital most reported vulnerability, although the
37
service offerings. total is down from last year. Vulnerabilities
38
that result in information disclosure have
39 Local government providing services at
also decreased. We have also seen
40 local level from county level, down to town
insecure direct object reference (IDOR)
41 or parish councils. It can also include local
vulnerabilities break into the top 10. Of
42 public services such as GP surgeries, and
course, the most encouraging aspect is that
43 fire and police services.
these vulnerabilities are being reported and
44
Central government departments with remediated as soon as possible.
45
overall governance at a national level,
46
such as national regulatory bodies.
47
Some central government departments
48
(NCSC Annual Review 2024) page_number = 66 Chapter 04 = (Keeping pace with
evolving technology)

2 Breakdown of top 10 (2023/24)

9
i. j. j.
10 h. i.
g. h.
11
f. g.
12
a.
13 e.
f.
14
d.
15 2023 a.
e.
2024
16

17 c.
d.
18

20 c.
b. b.
21

25 A. 49.61% Cross-site Scripting (XSS) - Reflected 33.99%

27
B. 14.27% Information Disclosure 18.50%
28
C. 11.52% Open Redirect 11.55%
29

30 D. 4.45% Path Traversal 6.69%

31
E. 4.32% Code Injection 6.56%
32

33 F. 3.80% Improper Access Control - Generic 5.64%

35
G. 3.27% Privilege Escalation 4.59%
36
H. 3.27% Information Exposure Through Directory Listing 4.59%
37

38 I. 3.01% SQL Injection 4.20%

39
J. 2.49% Cross-site Scripting (XSS) - Generic 3.67%
40

41

48
(NCSC Annual Review 2024) page_number = 67 Chapter 04 = (Keeping pace with
evolving technology)

NCSC guidance
1
Other major guidance published this
2
The NCSC produced a suite of ‘Defending year included:
3
Democracy’ guidance in advance of the
4
general election, which included: Vulnerability management
5
Principles to help organisations
6 • new guidance for high-risk individuals
establish an effective vulnerability
7 (such as parliamentarians and election
management process.
8 candidates) to help them improve
9 the security of their personal devices
Principles for ransomware-resistant
10 and accounts
cloud backups
11 • guidance for political organisations
Helping to make cloud backups resistant
12 offering advice to help IT practitioners
to the effects of destructive ransomware.
13 implement security measures that will
14 help prevent common cyber attacks
Private Branch Exchange (PBX) best
15 • guidance for organisations involved in
practice
16 coordinating elections, such as local
Guidance helping organisations to protect
17 authorities on steps to take to protect
their telephony systems from cyber attacks
18 electoral management systems
and telecoms fraud.
19
In addition to the Guidelines for Secure AI
20 Info as follows:
System Development (which was jointly
21
published by the NCSC, CISA, and 20 other • 1 9 new or revamped pieces
22
partner agencies from around the world) of guidance published
23
the NCSC also updated the principles • 1.5 million user visits
24
for the security of Machine Learning to • 58 blogs on a range of subjects
25
reflect recent developments in the rapidly
26 Top searched terms:
advancing world of AI. This included new
27
sections on risks to large language model • Cyber aware 1441
28
(LLM) systems, the importance of supply • Password(s) 1376
29
chain security and lifecycle management. • Phishing 858
30

31 Most accessed topics:

32
• Phishing 397k
33
• Education 200k
34
• Passwords 167k
35
• CNI 102k
36
• AI 60k
37

48
(NCSC Annual Review 2024) page_number = 68 Chapter 04 = (Keeping pace with
evolving technology)

Post-quantum
1

cryptography
3

Migration to post-quantum cryptography (PQC)

13
may feel daunting, but it also promises major
14
opportunities. The NCSC explains how it will help
15
# Define the
message
organisations plan their migration.
16
message =
“Start here”
17

21 Cryptography is everywhere. Migration to post-quantum cryptography

22 (PQC) – cryptography that is resistant to
It protects our data when we access
23 attack by quantum computers – is the
online services and shops. It’s used when
24 primary mitigation to this threat. There will
you electronically sign legal documents.
25 be a global migration of IT and operational
It’s a critical part of our military and
26 technology systems to use PQC. Major
emergency services’ communications
27 technology firms are already integrating
and the smooth running of the UK’s
28 PQC into some of their core products.
critical national infrastructure (CNI). Yet
29
it’s also invisible to almost all users, even Our priority at the NCSC is to ensure that the
30
though cryptography underpins every UK’s migration to PQC is smooth and does
31
online service, and every aspect of the not raise wider cyber risks to our central
32
UK’s infrastructure. government systems and our CNI. However,
33
as the national technical authority for cyber
34 Quantum computers of the future,
security, we also need to help system and
35 with their potential to offer capability
risk owners across all sectors of the UK
36 unachievable by any conventional
plan their PQC migrations. We can’t solve
37 computers, pose a threat to much of the
all the challenges in migration for every
38 cryptography that underpins the security
organisation; the scale is far too large. So,
39 of our digital infrastructure. Although
our focus is on how we raise understanding,
40 such computers are some years away,
set examples of best practice and identify
41 governments of all major nations are
interventions the NCSC can make that
42 investing heavily in the development
have the most scalable impact. These are
43 of quantum computing.
outlined below.
44

48
(NCSC Annual Review 2024) page_number = 69 Chapter 04 = (Keeping pace with
evolving technology)

Providing access to cryptographic Maintaining confidence in PQC

expertise
2
Migration to PQC, for many organisations,
3
Addressing the quantum computing will take more than a decade and cover
4
threat has, for many years, been a multiple investment cycles and changes
5
problem for mathematicians and of leadership. This means we need
6
cryptographers, and this summer, three to understand the incentives that will
7
post-quantum algorithm standards encourage organisations to invest now;
8
were finalised. However, migration to if everything is left until several years’ time,
9
PQC is a much broader cyber security migration will be poorly planned, rushed,
10
effort that needs expertise from more expensive, and likely introduce the
11
cryptographers alongside systems sort of easy-to-exploit vulnerabilities we
12
integrators and engineers. are too used to seeing.
13

14 A challenge for migration to PQC is that The NCSC’s work on market incentives (see
15 preparatory effort in cryptographic page 54) will play a part in this. We know
16 discovery (the process of identifying that our regulators understand their sectors
17 sensitive data, and where the better than we do, so our focus is to equip
18 cryptography that protects it lives within those regulators with the knowledge and
19 a system) is not a simple activity. However, advice that will enable them to set the
20 the UK has some world-leading specialist right direction.
21 cryptography companies, who have
22 a focus on PQC. The NCSC is currently
23 building a pilot scheme to accredit some
24 of these companies, and to help them
25 find markets in the UK. This will also help
26 some of our critical sectors access the
27 expertise required to help them prepare
28 for their migration
29
As these initiatives encourage new
30
companies in this sector to grow, they
31
will need to be able to hire skilled talent
32
from UK universities, and develop
33
applied cryptographers, fusing
34
expertise from a wide range of scientific
35
disciplines, who understand how to build
36
cryptographic systems in the real world.
37
To enable this growth, we would be keen
38
to see groups with deep expertise in the
39
implementation of cryptography flourish
40
within UK academia, so that all sectors
41
of the economy will benefit.
42

48
(NCSC Annual Review 2024) page_number = 70 Chapter 04 = (Keeping pace with
evolving technology)

Learning from the early adopters

1
As well as building this initial
2
momentum, we need to ensure that we There are some sectors – finance is a
3
help maintain confidence throughout good example – where working within
4
migration. We are now in a period international regulations (and keeping pace
5
where mature implementations of the with competitors) means that planning
6
algorithms, built into modern protocols, is already well underway in many larger
7
are still evolving. In this early phase organisations. There are other sectors that
8
where organisations are planning their are less well-resourced with significant
9
migration (rather than deploying PQC legacy technology, for which direct
10
widely), we might expect to see some upgrades to PQC will not be possible.
11
vulnerabilities; not in the underlying
12 The NCSC’s approach is to identify good
cryptography but in the implementation
13 practice and lessons learned in the faster-
of the technology. There is a role
14 moving sectors. Since the differences
for many groups, in the media, in
15 between sectors are vast, we’re not
academia, and in government, to
16 planning to set universal target dates for
discuss these cases maturely. The
17 migration. Instead, we’ll work with regulators
NCSC’s role, as the authority within
18 to help them set suitable targets for each
government on cryptography, will be
19 sector individually.
to help our key partners navigate these
20
discussions, and signal to the rest of the
21
UK our confidence in PQC.
22

48
(NCSC Annual Review 2024) page_number = 71 Chapter 04 = (Keeping pace with
evolving technology)

1
However, we do believe that planning for
2
all sectors should get underway as soon
3
as possible, using what we learn from
4
early adopters to develop case studies
5
and guidance for some of the harder
6
migration problems. Where we identify
7
aspects of migration within government
8
(and within unregulated areas that are
9
not fully understood), we will support
10
pilot projects that help us provide the
11
guidance that people need.
12

The benefits of secure migration

14
We intend to have accredited a small
15
group of PQC consultancies by the end
16
of March 2025. Alongside this, we will be
17
running test projects within government
18
focussing on the discovery activities that
19
the NCSC recommends all organisations
20
undertake; understanding where and
21
how cryptography is used in all systems -
22
theirs and their suppliers, the technologies
23
that rely on it, and the data it protects
24
whether in transit or storage. We will
25
also be refining our broader offer to UK
26
industry and provide tailored advice to
27
sectors of national importance to support
28
transition to PQC.
29

30 Migration to PQC is a national technology

31 change programme. It comes with
32 significant potential cyber risk, and
33 we have a strong responsibility to
34 manage that. But it also promises
35 major opportunities. All organisations
36 should be focussing on activities that
37 underpin PQC migration; clear system
38 auditing, rationalising services, putting
39 a greater focus on building systems
40 that can be easily updated in future and
41 growing new technical skills. These are all
42 important for broader secure design and
43 management, so if the migration is done
44 well, we will all benefit, far beyond the
45 cryptographic changes.
46

48
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
© Crown copyright 2024.
Photographs produced with
permission from third parties.
NCSC information licensed
for re-use under Open
Government Licence
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> (www.nationalarchives.gov.
uk/doc/open-government-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> licence).

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Designed and created

by Treble and M&C Saatchi
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Follow us
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@NCSC
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @cyberhq

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> National Cyber

Security Centre
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Annual Review: Making The UK The Safest Place To Live and Work Online
No ratings yet
Annual Review: Making The UK The Safest Place To Live and Work Online
49 pages
AI & Cybersecurity: UK Annual Review
No ratings yet
AI & Cybersecurity: UK Annual Review
74 pages
The Cyber Threat To UK Business (B)
No ratings yet
The Cyber Threat To UK Business (B)
24 pages
National Cyber
No ratings yet
National Cyber
40 pages
Cyber Defence for UK Organizations
No ratings yet
Cyber Defence for UK Organizations
62 pages
Celebrating Eight Years Being The NCSC Part of GCHQ
No ratings yet
Celebrating Eight Years Being The NCSC Part of GCHQ
2 pages
Issues in Contemporary Public Administration: Managing Performance Within The National Cyber Security Centre (NCSC) To Strengthen The Cybersecurity Infrastructure of The UK
No ratings yet
Issues in Contemporary Public Administration: Managing Performance Within The National Cyber Security Centre (NCSC) To Strengthen The Cybersecurity Infrastructure of The UK
13 pages
SSWMKJISSWMKJI Cybersecurity
No ratings yet
SSWMKJISSWMKJI Cybersecurity
18 pages
National Cyber Security Ireland
No ratings yet
National Cyber Security Ireland
52 pages
Netherlands Final Position Paper Final
No ratings yet
Netherlands Final Position Paper Final
3 pages
Lecture 3 Country Specific Strategy
No ratings yet
Lecture 3 Country Specific Strategy
21 pages
China Position Papers
No ratings yet
China Position Papers
3 pages
JBC HarropMatteson CyberResiliencePaper
No ratings yet
JBC HarropMatteson CyberResiliencePaper
16 pages
National Cybersecurity Programme
No ratings yet
National Cybersecurity Programme
27 pages
Cyber Framework for Public Services
No ratings yet
Cyber Framework for Public Services
7 pages
14.283 CO National Cyber Strategy Progress Report Web v3
No ratings yet
14.283 CO National Cyber Strategy Progress Report Web v3
41 pages
Government Cyber Resilience
No ratings yet
Government Cyber Resilience
5 pages
Common Cyber Attacks-Reducing The Impact PDF
No ratings yet
Common Cyber Attacks-Reducing The Impact PDF
17 pages
Annual Cyber Threat Report 2023-2024
No ratings yet
Annual Cyber Threat Report 2023-2024
78 pages
Cyber Security in The UK - Houses of Parliament Parliamentary Office of Science & Technology. POST-PN-389
No ratings yet
Cyber Security in The UK - Houses of Parliament Parliamentary Office of Science & Technology. POST-PN-389
4 pages
Introduction
No ratings yet
Introduction
28 pages
Research Essay - Cybersecurity - Final Draft
No ratings yet
Research Essay - Cybersecurity - Final Draft
8 pages
Good Practice Guide Cyber and Information Security
No ratings yet
Good Practice Guide Cyber and Information Security
18 pages
UK Cyber Sec Strategy
No ratings yet
UK Cyber Sec Strategy
32 pages
UK - docxUK 'Must Be Clear-Eyed' On China Tech Ambitions
No ratings yet
UK - docxUK 'Must Be Clear-Eyed' On China Tech Ambitions
24 pages
Discursive - Passage 21
No ratings yet
Discursive - Passage 21
3 pages
Cybersecurity: Society's Role & Challenges
No ratings yet
Cybersecurity: Society's Role & Challenges
3 pages
NSPD-38 - The National Strategy To Secure Cyberspace
No ratings yet
NSPD-38 - The National Strategy To Secure Cyberspace
76 pages
Cyber Security
No ratings yet
Cyber Security
20 pages
UK National Cyber Strategy 2022 1662335256
No ratings yet
UK National Cyber Strategy 2022 1662335256
45 pages
Cybersecurity Threats Update
No ratings yet
Cybersecurity Threats Update
4 pages
Reading Power in UK Cybersecurity
No ratings yet
Reading Power in UK Cybersecurity
85 pages
Cybersecurity Roadmap for Resilience
No ratings yet
Cybersecurity Roadmap for Resilience
17 pages
Issn 2816-9174 Cat D98-4e PDF
No ratings yet
Issn 2816-9174 Cat D98-4e PDF
55 pages
5 Phishing Ransomware Human Factors
No ratings yet
5 Phishing Ransomware Human Factors
57 pages
Approved National Cyber Security Strategy
No ratings yet
Approved National Cyber Security Strategy
23 pages
NIST - SP.800-214 - 2020 Cybersecurity and Privacy Annual Report 2018
No ratings yet
NIST - SP.800-214 - 2020 Cybersecurity and Privacy Annual Report 2018
41 pages
RWS Project
No ratings yet
RWS Project
13 pages
Week 17 (12 - 03) - NCC Group and Careers in Cyber-2
No ratings yet
Week 17 (12 - 03) - NCC Group and Careers in Cyber-2
35 pages
Cybersecurity: The Evolving Nature of Cyber Threats Facing The Private Sector
No ratings yet
Cybersecurity: The Evolving Nature of Cyber Threats Facing The Private Sector
109 pages
UK Phishing Report (En)
No ratings yet
UK Phishing Report (En)
6 pages
Threat of Cyber-Security
No ratings yet
Threat of Cyber-Security
4 pages
EXT 6.13. Technology Cybersecurity and E-Passports
No ratings yet
EXT 6.13. Technology Cybersecurity and E-Passports
38 pages
Security 2
No ratings yet
Security 2
2 pages
2022 Cyber Incident Response Insights
No ratings yet
2022 Cyber Incident Response Insights
52 pages
Cybersecurity's Role in Tech Era
No ratings yet
Cybersecurity's Role in Tech Era
17 pages
Als Project File
No ratings yet
Als Project File
23 pages
Government Cyber Resilience Summary
No ratings yet
Government Cyber Resilience Summary
14 pages
Cyber Resilience
No ratings yet
Cyber Resilience
15 pages
Department of Robotics and Automation Engineering: Recent Trends and Development in Cyber Security
No ratings yet
Department of Robotics and Automation Engineering: Recent Trends and Development in Cyber Security
29 pages
Cybersecurity Essentials for Professionals
No ratings yet
Cybersecurity Essentials for Professionals
33 pages
2011 - The Cyber Threat Landscape Challenges and Future Research Directions
No ratings yet
2011 - The Cyber Threat Landscape Challenges and Future Research Directions
13 pages
New Zeland
No ratings yet
New Zeland
17 pages
Cybersecurity Public Policy - Bradley Fowler Kennedy Maranga
No ratings yet
Cybersecurity Public Policy - Bradley Fowler Kennedy Maranga
201 pages
UNSC
No ratings yet
UNSC
3 pages
2 - 2021 2022 Cyber Threat Report
No ratings yet
2 - 2021 2022 Cyber Threat Report
28 pages
National Cyber Security Framework Manual
100% (7)
National Cyber Security Framework Manual
253 pages
PCSG-SplunkVS Elk-V1 9 2
No ratings yet
PCSG-SplunkVS Elk-V1 9 2
25 pages
How To Create Custom Time Range in Splunk
No ratings yet
How To Create Custom Time Range in Splunk
5 pages
Threatlabz Ransomware Report
No ratings yet
Threatlabz Ransomware Report
36 pages
Tetrane Updated Analysis of PatchGuard On Microsoft Windows 10 RS4
No ratings yet
Tetrane Updated Analysis of PatchGuard On Microsoft Windows 10 RS4
61 pages
X33fcon - Offensive Packer Development
No ratings yet
X33fcon - Offensive Packer Development
24 pages
Eset Apt Activity Report q2 2024 q3 2024
No ratings yet
Eset Apt Activity Report q2 2024 q3 2024
24 pages
IDOR Guide
No ratings yet
IDOR Guide
41 pages
Command Injection
No ratings yet
Command Injection
24 pages
Appsec State 2024
No ratings yet
Appsec State 2024
25 pages
Hacking Web 2.0 Javascript - Reverse Engineering, Discovery and Revelations
No ratings yet
Hacking Web 2.0 Javascript - Reverse Engineering, Discovery and Revelations
10 pages
VDR Configuration Guide
No ratings yet
VDR Configuration Guide
34 pages
Software Metric: 19 Questions
No ratings yet
Software Metric: 19 Questions
38 pages
Computer Careers and Certification
No ratings yet
Computer Careers and Certification
38 pages
Information Security Policy Guide
100% (6)
Information Security Policy Guide
2 pages
You We Will Fulfill: Business Plans Broadband Plans
No ratings yet
You We Will Fulfill: Business Plans Broadband Plans
2 pages
Snort & Firewall Rules Lab Guide
100% (1)
Snort & Firewall Rules Lab Guide
8 pages
The Doctor of The Future Will Use Electronic Prescriptions
No ratings yet
The Doctor of The Future Will Use Electronic Prescriptions
1 page
Common Password Cracking Methods
No ratings yet
Common Password Cracking Methods
3 pages
Chennamadhavuni's Resume
No ratings yet
Chennamadhavuni's Resume
2 pages
Raspberry Pi-Based Encrypted Cloud Storage Gateway (Review 2)
No ratings yet
Raspberry Pi-Based Encrypted Cloud Storage Gateway (Review 2)
42 pages
Oregon Tech Reference Model Guide
No ratings yet
Oregon Tech Reference Model Guide
19 pages
7-Huawei ICT Competition 2021-2022 Exam Outline - Network Track
No ratings yet
7-Huawei ICT Competition 2021-2022 Exam Outline - Network Track
6 pages
The Crackers
No ratings yet
The Crackers
55 pages
NAE Commissioning Guide
No ratings yet
NAE Commissioning Guide
101 pages
Plan
No ratings yet
Plan
13 pages
Azure DevOps for Continuous Delivery
No ratings yet
Azure DevOps for Continuous Delivery
31 pages
IT Security & Disaster Recovery Quiz
100% (2)
IT Security & Disaster Recovery Quiz
10 pages
Computer Hardware Repairing Institute - Computer Hardware Repairing Institute
No ratings yet
Computer Hardware Repairing Institute - Computer Hardware Repairing Institute
4 pages
How To Setup Guide: Abyss Bot
No ratings yet
How To Setup Guide: Abyss Bot
11 pages
Scientech 2400GN
No ratings yet
Scientech 2400GN
178 pages
Module 4 - Comp 312 - Computer Fundamentals and Programming (Assignment)
No ratings yet
Module 4 - Comp 312 - Computer Fundamentals and Programming (Assignment)
5 pages
Raspberry Pi Overview & Uses
No ratings yet
Raspberry Pi Overview & Uses
34 pages
HPE Slingshot A50002546enw
No ratings yet
HPE Slingshot A50002546enw
13 pages
Varonis Data Risk Assessment: Sample Report: Acme
No ratings yet
Varonis Data Risk Assessment: Sample Report: Acme
12 pages
Cyb 150 Week 2 Flash Card Questions and Answers
No ratings yet
Cyb 150 Week 2 Flash Card Questions and Answers
2 pages
Cyber Security UNIT III
No ratings yet
Cyber Security UNIT III
7 pages
HMC Upgrade Guide for IT Professionals
No ratings yet
HMC Upgrade Guide for IT Professionals
7 pages
Paloalto Sourav - PPT (1.2)
No ratings yet
Paloalto Sourav - PPT (1.2)
13 pages
Twofish Crypto
No ratings yet
Twofish Crypto
48 pages