Janet Broadband Policy Watch

Last updated: 
2 weeks 6 days ago
Blog Manager
Log in to request membershipHide blog description
This blog monitors and reports on broadband policy and marketplace developments in the UK, Europe and worldwide that are likely to be of interest to the Janet community. Posts here may also reference my Broadband Policy Watch blog and you can also find me on Twitter.

Group administrators:

Recent members:

Cyber security news roundup October 2016

Thursday, October 27, 2016 - 14:19

Policy developments:

The UK National Cyber Security Centre (NCSC) became operational this month: “It is part of GCHQ and will bring together CESG – the Information Security arm of GCHQ – the Centre for the Protection of National Infrastructure, CERT-UK and the Centre for Cyber Assessment, to form one organisation that will simplify the current cyber security landscape.” The centre will be based in a new office development in Victoria. See commentary from PublicTechnology, which also reported that the NCSC plans to publish rankings of government departments’ email security measures and to work with both local and central government.

Computing reported that the Cabinet Office plans to establish clusters of resources and expertise across Whitehall to improve cyber security, following Protecting Information Across Government, a report published by the National Audit Office (NAO) last month. This found that “too many bodies with overlapping responsibilities operate in the centre of government, confusing departments about where to go for advice. As at April 2016, at least 12 separate teams or organisations in the centre of government had a role in protecting information, many of whom produce guidance. While the new National Cyber Security Centre (NCSC) will bring together much of government’s cyber expertise, in the NAO’s view, wider reforms will be necessary to further enhance the protection of information.” Also see commentary from Out-Law.

Also this month:

  • The Government commenced its 2016 survey of business action on cyber security and the costs and impacts of cyber breaches and attacks.
  • The Government published its response to a report by the House of Commons Culture, Media and Sport Committee into protecting personal data online: “The Government is currently exploring whether we have the regulatory framework and incentives needed to drive effective cyber risk management across the UK economy. Organisational responsibilities are part of these considerations. We expect this work to conclude in the autumn.” Also see commentary from Out-Law.

New research and analysis:

  • A new study from the National Institute of Standards and Technology (NIST) found that many typical computer users experience security fatigue (defined as a weariness of or reluctance to deal with computer security) that can lead to risky computing behaviour at work and in their personal lives. Also see commentary from BBC News.
  • ITPro and Computer Business Review reported on research by BAE Systems which showed that over half of UK businesses have suffered a cyber attack over the course of the past year, with the average cost of each incident at £330,000. The study surveyed 100 business leaders from private sector firms with more than 1,000 employees. Twenty per cent of respondents said they either didn't know if or weren't confident that they could achieve 'business as usual' within 48 hours of an incident occurring, with 10% saying a breach could cost them £1 million.
  • In a blog post Citrix reported that, based on a Freedom of Information (FoI) request responses from 109 local authorities, an average of £27,818 is now spent on health and safety training, compared to an average of £3,378 on data protection and IT security training courses. Also see commentary from SC Magazine.

New advice and guidance:

  • In a blog post and podcast Jisc’s Steve Kennett discussed cyber security threats and issues and the mechanisms in place to protect the Janet network and support its community.
  • Jisc’s Andrew Cormack published a blog post on the Higher Education Funding Council for England’s updated Prevent guidance.
  • The National Cyber Security Centre (NSCS) published new advice on protecting against ransomware and on macro security for Microsoft Office.
  • US-CERT published an alert highlighting the increased risk of distributed denial of service (DDoS) attacks as a result of the Mirai source code used in last month’s attack on the Krebs on Security blog being made available online. Also see the UK National Cyber Security Centre’s weekly threat alerts for 10th October and 24th October.

Cyber security awareness month:

October 2016 is Cyber Security Awareness month, an annual campaign to raise awareness about cybersecurity. See announcements from the European Commission, US-CERT, StaySafeOnline and ENISA, the European Union Agency for Network and Information Security. Guidance and advice promoted this month included:

  • The European Cyber Security Month website provides a range of information, resources and advice on cyber security.
  • EDUCAUSE’s Cyber Security initiative offers advice and guidance for higher education institutions.
  • LockDownYourLogin aims to promote the rapid adoption of strong authentication and secure login tools and technologies.
  • Stop.Think.Connect. is a national public awareness campaign by the US Department of Homeland Security to increase the understanding of cyber threats and empower the public to be safer and more secure online (also see this related toolkit).
  • The US Federal Trade Commission’s OnGuardOnline portal provides news, tips, resources and videos to help people stay safer and more secure online and its Start with Security advice provides guidance for businesses.
  • The National Cyber Security Alliance (NCSA) Technology Checklist for Businesses identifies the range of technologies businesses need to consider to stay safe and secure.

Other cyber security news:

  • Computing and PublicTechnology reported on the increasing number of ransomware attacks on NHS trusts, with at least 28 being hit in the past year.
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo