Speaking on the concept of a growing gap between attackers and defenders at the SANS Cyber Threat conference in London, former NCSC CEO Ciaran Martin said that this is “not an immature discussion anymore.” 

Commenting that there has been a divide between attackers and defenders for a while, he said “we need to sometimes take stock as to whether any of this is having any impact at all.”

In launching last week’s Annual Report, new NCSC CEO Richard Horne said there is a high-stakes contest for cyberspace - with one side trying to improve our lives online and make the UK a safe and secure place to do business, and "those who will use that dependency on technology to undermine us." 

No Difference Made?

Co-presenting. Paul Chichester, director of operations at the NCSC, said that having been involved in cybersecurity since 1990, it may appear that no difference has been made and “we’re still sort of facing a threat that's out there and we haven't really done anything.”

Admitting that is his “glass almost empty” perspective, Chichester said that is not the reality, but it is more about “are we making the UK a safe place to live and work online, and are we giving the adversaries a harder time, then those two things are true.” He pointed at people in the room and watching online proved ‘this now a global topic’ and we are making a huge difference.

“So with my glass almost full, we are absolutely making a difference,” he said. “Thinking of the gap, don't be complacent, don't think you don't have to change.”

Change and Adapt

Asked by Martin - who serves as director of the SANS CISO Network - if the contest is never going to be won as attackers will not give up, and will change and adapt, but is it because defenders have got better at detection? Chichester pointed at the Salt Typhoon instance, saying “the adversary is going to where we're not, and trying to find ways of doing that and that is certainly something that we're conscious of.”

Martin commented on the gap once again, and whether operational capability or new innovation can solve it, Chichester said “I think it's a bit of all those things.”

Acknowledging the threat, Chichester said the actual risk is about vulnerability and it is about impact, and “we can close the gap by making ourselves more resilient.”

He said: “We can actually close the gap by being better prepared for incidents. When dealing with a lot of incidents, you can really see day in day out that you can actually close that gap by being prepared, by having incident response plans and things like that. That will help you.

“The threat is part of it and actually the gap is only really going to be reduced by continuing to raise our resilience and continue to be prepared for something bad.”

Visibility Versus Threat

Speaking to SC UK, Martin said the Crowdstrike incident from July showed some improvements in resilience, but he fett the UK has done reasonably well in terms of managing harm and also relative to ”cyber calamities” faced by other countries in recent years, the UK has suffered relatively few incidents.

Chichester said that there is a difference between visibility of the threat versus the absolute level of a threat, and “because Salt Typhoon has probably been going on for a while, the threat hasn't gone up this year, we just happened to find it.”

In terms of a widening gap, Chichester said we can talk about not having visibility, but  we can see the capabilities that our adversaries are using, as well as our reliance on technology too.

“I think at the moment, what we're saying very much last week is more of a call to arms to say, look, we want to be more transparent, we want to talk about how we're seeing that threat develop, we want to talk about  how reliant we all are on technology. How do we get after this, and how do we actually manage that gap over time.

“Also being in a position where we can actually see it change over that time and making sure we respond to it.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.