HomeIndustry NewsThe National Cyber Security Centre

The National Cyber Security Centre

Listen to this article

At the February 2024 Rail Partners Rolling Stock Software and Cyber Security event, the work of the National Cyber Security Centre (NCSC) was mentioned.

Launched in October 2016, the NCSC brings together expertise from CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure, which became the National Protective Security Authority (NPSA) in March 2023).

The NCSC provides a single point of contact for SMEs, larger organisations, government agencies, the general public, and departments. It works collaboratively with other law enforcement agencies, defence, the UK’s intelligence and security agencies, and international partners.

The high-level principles of the NCSC are:

  • Understand what’s important. Organisations, government, regulators, and the NCSC should share an up-to-date understanding of risk. This should be based on the criticality of organisations, assets, systems, networks, and projects; the resilience of critical assets, systems, networks, and projects; and the threat faced by organisations including bad actors, methods, capability, and intent.
  • Improve the now. Organisations’ existing assets, systems, networks, and processes should be cyber secure and resilient to a degree commensurate with the level of risk they face. Organisations with the highest potential impact should present a difficult target for even capable cyber adversaries.
  • Secure the future. Organisations’ new assets, systems, networks, and processes should be secure by design and cyber resilient to a degree commensurate with the level of risk they will face over their lifecycle. Projects with the highest potential impact should present a difficult target for even capable cyber adversaries.
  • There are real threats. In its 2023 review, the NCSC said that the UK’s critical sectors face a threat that is ‘enduring and significant’, and it believes it is essential to understand the risks to the UK’s Critical National Infrastructure (CNI) before our adversaries do. But while the UK’s CNI is subject to ever-increasing threats, its operators also face other, especially commercial, pressures.

Ideal approach

The ideal approach requires a variety of tools appropriate to organisational context and risk appetite. The NCSC indicates that organisations should also manage risk through the supply chain and assess the potential for low frequency, but high impact events. Clearly this approach is similar to any other risk assessment/management system. State-sponsored cyber attackers are capable of using the built-in tools on victims’ systems to camouflage their activity.

It is important to establish a system’s context before embarking on its design, and this should include network zoning and supply chain security. Designers should make it hard to compromise the system, by not trusting external input, enforcing one way flow, reducing the attack surface (minimising entry/exit points), and gaining confidence in security controls.

It is clearly good practice to make detection of an attack or a system compromise easier, as well as reducing the impact of compromise together with controls such as duty separation and protecting documentation.

Flat, unsegmented/unsegregated networks, characterised by devices and hosts being able to communicate with other devices and hosts unhindered where they have no legitimate need to do so, are undesirable. These are commonly built using a switch (or several switches) to connect all the devices on the network, without VLAN technology or routers to enforce segregation. The same effect can be seen where firewalls are used without restrictive rules. Thus, all hosts are routable to all other hosts. The NCSC recommends that designers implement network segregation and identify and control network segregation limitations.

There have been more distributed denial-of-service (DDoS) threats and attacks against western critical national infrastructure since Russia invaded Ukraine. They are not necessarily Russian in origin but are state aligned groups sympathetic to Russia and are ideologically motivated rather than rather being aimed at extortion. Clearly poorly protected systems are more at risk.

The NCSC website includes guidance on actions to be taken when the cyber threat is heightened, advice on asset management and on appropriate logging and monitoring techniques. Scan the QR code to visit the online version of this article which includes links to articles and white papers on NCSC’s website relevant to the issues we’ve discussed.

NCSC references

What follows is largely a series of links to the NCSC’s very full and informative website and covering some highlights, references other useful information including white papers.

Image credit: iStockphoto.com

Malcolm Dobell BTech CEng FIMechE
Malcolm Dobell BTech CEng FIMechEhttp://therailengineer.com
SPECIALIST AREAS Rolling stock, depots, systems integration, fleet operations. Malcolm Dobell worked for the whole of his 45-year career with London Underground. He entered the Apprentice Training Centre in Acton Works in 1969 as an engineering trainee, taking a thin sandwich course at Brunel University, graduating with an honours degree in 1973. He then worked as part of the team supervising the designs of all the various items of auxiliary equipment for new trains, which gave him experience in a broad range of disciplines. Later, he became project manager for the Jubilee Line’s first fleet of new trains (displaced when the extension came along), and then helped set up the train refurbishment programme of the 90s, before being appointed Professional Head of Rolling stock in 1997. Malcolm retired as Head of Train Systems Engineering in 2014 following a career during which he had a role in the design of all the passenger trains currently in service - even the oldest - and, particularly, bringing the upgraded Victoria line (rolling stock and signalling) into service. He is a non-executive director of CPC Systems, a systems engineering company that helps train operators improve their performance. A former IMechE Railway Division Chairman and a current board member, he also helps to organise and judge the annual Railway Challenge and is the chair of trustees for a multi academy trust in Milton Keynes.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.