Defence Security

NCSC publishes Annual Review

Posted 17 November 2021

The National Cyber Security Centre (NCSC) - a part of GCHQ and the UK’s technical authority for cyber security - has published its Annual Review, which outlines its efforts to protect the UK over the past 12 months, support for 777 cyber incidents, attacks on coronavirus vaccine research, distribution and supply chains, plus the damaging effect of growing ransomware attacks, including against UK councils and Ireland’s healthcare system.

Since the NCSC was created in 2016 as part of the Government’s National Cyber Security Strategy, it has worked to make the UK the safest place to live and work online.

This review of its fifth year looks at some of the key developments and highlights between 1st September 2020 and 31st August 2021.

As part of a national security agency not all of its work can be disclosed publicly but the review seeks to describe the year with insights and facts from colleagues inside and outside of the organisation.

This year's review has a focus on five distinct areas of cyber security with each chapter highlighting key achievements and developments.

The Threat
How the NCSC assesses, responds to, disrupts and deters cyber threats.
Resilience
How the NCSC is building a cyber resilient UK.
Technology
How the NCSC is spearheading research and analysis to find new ways to secure the UK's digital systems.
Ecosystem
How the NCSC is strengthening and growing the UK’s cyber security ecosystem.
Global Leadership
How the NCSC is advancing UK leadership in support of a free, open, peaceful and secure cyberspace.
To download the NCSC Annual Review, click here
Courtesy NCSC

The NCSC expanded its online defence of the UK by managing an unprecedented 777 incidents over the last 12 months – up from 723 the previous year – with around 20% of organisations supported linked to the health sector and vaccines.

The growth in the number of incidents handled by the NCSC this year is partially reflected in the organisation’s ongoing work to proactively identify threats through the work of its Threat Operations and Assessment teams.

The health sector and in particular the vaccine rollout was a major focus for the NCSC, with the organisation’s world-leading services protecting NHS, healthcare, and vaccine supplier IT systems from malicious domains billions of times.

Over the past 12 months the NCSC also responded to a rise in ransomware attacks, and a range of services have been provided to businesses over the past year to help protect them from ransomware. These include the Early Warning Service alerting organisations to emerging threats through to cyber security advice for those working in education.

These efforts have come against a backdrop of responding to significant global incidents, including the attack on the SolarWinds IT management platform by Russia’s Foreign Intelligence Service – one of the most serious cyber intrusions of recent times – and a major ransomware attack on the American software firm Kaseya.

Lindy Cameron, CEO of the NCSC, said: “I’m proud of the way the NCSC has responded to what has been another hugely challenging year for the country as we all continue to navigate our way through the pandemic.

“The support and expertise we have provided for stakeholders from government all the way through to the general public during the pandemic has been vital to keeping the country safe online.

“Undoubtedly there are challenges ahead, but the upcoming National Cyber Strategy combined with the continued engagement from businesses and the public provides a solid foundation for us to continue reducing the impact of online threats.”

In 2020 the NCSC surged its efforts towards protecting healthcare in the wake of the pandemic outbreak, and since then it has channelled further resources towards those involved in the rollout of the vaccine by providing the necessary intelligence and tools to respond to the threats they faced.

This included the extension of the organisation’s Protective Domain Name System (PDNS) service to over 1000 additional organisations within the Health and Social Care sector to support of vaccine development and supply chain organisations.

This extension represented protection of an additional 3 million employees in the sector, from essential workers providing and supporting front line care to those working to develop and deliver vaccines to citizens across the country.

Jeremy Fleming, Director of GCHQ, said: “This year we have seen countless examples of cyber security threats: from state sponsored activity to criminal ransomware attacks. It all serves to remind us that what happens online doesn’t stay online – there are real consequences of virtual activity.

“In the face of rising cyber attacks and an evolving threat, this year’s NCSC’s Annual Review shows that world class cyber security, enabled by the expertise of the NCSC as part of GCHQ, continues to be vital to the UK’s safety and prosperity.”

Steve Barclay, The Chancellor of the Duchy of Lancaster said: “The National Cyber Security Centre’s Annual Review illustrates the incredible effort of our security service in keeping the public safe over the last year, foiling more cyber attacks than ever before. It also makes clear that cyber crime is taking place on an unprecedented scale with criminals seeking to take advantage of people as they move more of their lives online as a result of the pandemic.

"The Government and its agencies will continue to throw every resource at its disposal to stamp out cyber crime and take down cybercriminals but there are things that we can all do to keep us and those in our communities safe. We want to make sure that everyone knows how to avoid threats online, spot scams and where to report wrongdoing.”

The organisation has also played a major role in protecting the public from scams as they continue to rely on technology through the pandemic. This year, the NCSC’s pioneering Suspicious Email Reporting Service (SERS) received nearly 6m reports, leading to the removal of more than 53,000 scams. Since launching in April 2020, the SERS has received more than 8 million reports, with more than 67,000 scams taken down as a result.

Some of the key statistics from the NCSC Annual Review 2021 include:

Handling an unprecedented 777 incidents in the last year – a rise from 723 last year and an average of 643 since launching in 2016.
5.9 million reports of malicious content to the Suspicious Email Reporting Service over the last 12 months – leading to the removal of more than 53,000 scams and 96,500 URLs
Engagement with around 5,000 organisations providing an essential service during the pandemic, from well-known brands through to small businesses
Issued guidance and threat assessments to over 80 companies and 14 universities
The Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding, and 80 illegitimate NHS apps hosted and available to download outside of official app stores.

Support for academic institutions conducting vaccine research was one of the key interventions for the NCSC during the pandemic response. As a result of implementing the NCSC’s services, the University of Oxford protected itself from an attempted ransomware attempt with the potential to cause significant disruption.

The organisation also offered support to the devolved administrations, for example providing technical advice to the home nations on their vaccination booking systems.

Elsewhere, the review details the NCSC’s continued drive to increase cyber security skills and diversity in the industry, including through the pioneering CyberFirst programme. The programme, now in its fourth year, has introduced over 56,000 11- to 17-year-olds to the world of tech and cyber security.

That includes more than 6,500 pupils from 600 schools who entered the NCSC’s pioneering CyberFirst Girls Competition this year. The competition, which was set up in 2017 to help address gender diversity in the sector, has seen more than 43,000 pupils from across the UK take part since its inception.