US Spy Chiefs Look For UK Guidance On Cybersecurity

American spymasters are concerned over the vulnerability of US companies to cyberattack and are turning to the UK for guidance on how to boost protection in the face of a growing threat from hostile state hackers.

A US intelligence official told the Financial Times that US intelligence is braced for the cyber threat to “get worse”, likening the US to a city at the bottom of a dam that is fast developing cracks. 

“Something horrible has to happen to fix it,” said Rick Ledgett, former deputy director of the NSA who left the agency last year after four decades. “The US should follow the UK model.”

One possible solution being weighed by US intelligence officials is to replicate the UK’s National Cyber Security Centre, the public-facing division of Britain’s digital eavesdropping agency GCHQ.

Admiral Michael Rogers, head of the NSA and US Cyber Command, which tackle cyber defence and offence respectively, visited the NCSC’s London headquarters this year, in a sign of the close links between the American and British services.

“The UK example is interesting,” said the US intelligence official, adding America has not been able to address the cyber threat.  The official cited the UK’s effort to develop a national cyber strategy and house its own cyber security protection regime within each of the intelligence agencies, adding the US has “not yet done any of this”.

The official said that countries such as the UK also had more of a tradition of interference in the private sector that probably “wouldn’t be tolerated as much” in the US. “The problem is the US is bigger and more complex and there isn’t a unity of focus,” said Mr Ledgett.

Set up in 2016, the NCSC works closely with companies to manage incidents, protect critical services from attack and provide guidelines for tackling the cyber threat. 

“Every country is grappling with this and trying to work out how to do this coherently,” explained Robert Hannigan, a former director of GCHQ who was instrumental in establishing the NCSC. “There are often too many players in cyber and a lack of clarity over who is responsible for what.”

Although the US boasts some of the world’s most advanced and best resourced cyber capabilities inside government bodies such as the National Security Agency and the Department for Homeland Security, senior American officials are divided over the best way to organise and co-ordinate sprawling cyber defence programmes.

Responsibility for defending the US private sector from cyber-attack rests with the Department for Homeland Security. But US cyber defence operations also sit with the NSA, the FBI, the Department of Defense, the National Guard and the CIA. Fears over US vulnerability come amid growing evidence of cyber hostility from Russia, North Korea and China. US intelligence chiefs describe continuing efforts from Moscow to subvert US democratic institutions, amid allegations that Donald Trump’s campaign colluded with Kremlin to secure his election as president. 

Foreign hackers have also previously stolen classified plans from defence contractors, including for high-tech weapons such as the flagship stealth F35 fighter jet.

The private sector’s lack of enthusiasm for engaging more directly with US spying agencies is partly based on a lingering paranoia among company executives after the 2013 leaks from Edward Snowden revealed the extent of NSA surveillance.

The Hacking News

You Might Also Read: 

UK To Increase National Cyber Defences:

Will NSA & CyberCom Split?:

 

« Further Cyberattacks On German Government Networks
Philosophy Of The Information Age »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.