US Spy Chiefs Look For UK Guidance On Cybersecurity

Uploaded on 2018-03-13 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

American spymasters are concerned over the vulnerability of US companies to cyberattack and are turning to the UK for guidance on how to boost protection in the face of a growing threat from hostile state hackers.

A US intelligence official told the Financial Times that US intelligence is braced for the cyber threat to “get worse”, likening the US to a city at the bottom of a dam that is fast developing cracks. 

“Something horrible has to happen to fix it,” said Rick Ledgett, former deputy director of the NSA who left the agency last year after four decades. “The US should follow the UK model.”

One possible solution being weighed by US intelligence officials is to replicate the UK’s National Cyber Security Centre, the public-facing division of Britain’s digital eavesdropping agency GCHQ.

Admiral Michael Rogers, head of the NSA and US Cyber Command, which tackle cyber defence and offence respectively, visited the NCSC’s London headquarters this year, in a sign of the close links between the American and British services.

“The UK example is interesting,” said the US intelligence official, adding America has not been able to address the cyber threat.  The official cited the UK’s effort to develop a national cyber strategy and house its own cyber security protection regime within each of the intelligence agencies, adding the US has “not yet done any of this”.

The official said that countries such as the UK also had more of a tradition of interference in the private sector that probably “wouldn’t be tolerated as much” in the US. “The problem is the US is bigger and more complex and there isn’t a unity of focus,” said Mr Ledgett.

Set up in 2016, the NCSC works closely with companies to manage incidents, protect critical services from attack and provide guidelines for tackling the cyber threat. 

“Every country is grappling with this and trying to work out how to do this coherently,” explained Robert Hannigan, a former director of GCHQ who was instrumental in establishing the NCSC. “There are often too many players in cyber and a lack of clarity over who is responsible for what.”

Although the US boasts some of the world’s most advanced and best resourced cyber capabilities inside government bodies such as the National Security Agency and the Department for Homeland Security, senior American officials are divided over the best way to organise and co-ordinate sprawling cyber defence programmes.

Responsibility for defending the US private sector from cyber-attack rests with the Department for Homeland Security. But US cyber defence operations also sit with the NSA, the FBI, the Department of Defense, the National Guard and the CIA. Fears over US vulnerability come amid growing evidence of cyber hostility from Russia, North Korea and China. US intelligence chiefs describe continuing efforts from Moscow to subvert US democratic institutions, amid allegations that Donald Trump’s campaign colluded with Kremlin to secure his election as president. 

Foreign hackers have also previously stolen classified plans from defence contractors, including for high-tech weapons such as the flagship stealth F35 fighter jet.

The private sector’s lack of enthusiasm for engaging more directly with US spying agencies is partly based on a lingering paranoia among company executives after the 2013 leaks from Edward Snowden revealed the extent of NSA surveillance.

The Hacking News

You Might Also Read: 

UK To Increase National Cyber Defences:

Will NSA & CyberCom Split?:

 

« Further Cyberattacks On German Government Networks
Philosophy Of The Information Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Binarly

Binarly

Binarly has developed an AI-powered platform to protect devices against emerging firmware threats.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.