Last week, I attended CyberUK at the NEC in Birmingham, as I have done ever since 2018, when I was working for The White House. The event is always a great one to catch up with old friends, network, and learn about the latest technologies and happenings in and around the world of cybersecurity. This year was no different.
One notable (and widely reported) talk was given by GCHQ Director Anne Keast-Butler, who turned her attention to the “genuine and increasing” cybersecurity threat posed by China. She noted that the “irresponsible actions” of Chinese state-backed hackers are a “top priority” for the intelligence agency, for which they dedicate “more resource[s] to China than any other single mission.” But this mission is not one the UK government is taking on alone. They’re working with the Five Eyes intelligence allies - the US, Canada, Australia, and New Zealand - on these challenges to secure the future.
It is not the first time that the Five Eyes have worked together to face global cybersecurity issues. In May last year, members of the US, UK, Canadian, and Australian cyber defence and intelligence agencies jointly released a report on the activities of Chinese State-sponsored cyber groups and how their techniques are changing. In the report, they described a shift of attention away from conventional espionage targets to companies and systems involved in critical infrastructure.
Over the past few years, Western countries have increasingly used this form of public attribution of malicious activities by state-sponsored cyber groups—a naming and shaming, so to speak—to unmask the previously shadowy work of foreign intelligence and military agencies. This is a kind of statecraft that is being used by the Five Eyes countries and others to effectively draw lines around unacceptable behaviour.
This coordinated approach is notable. Just a few weeks ago at RSAC, Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), spoke to attendees about China's cyber threat in a speech similar to the one given by Keast-Butler at CyberUK.
Notably, both talks highlighted the risk of a specific threat actor: Vault Typhoon. Vault Typhoon is unique because it does not gather intelligence; rather, it aims to cause significant disruption. The tactics, techniques, and procedures (TTPs) used by this APT are unusual, too, as it often relies on deploying strategic (and lengthy) living-off-the-land attacks to evade detection. This is just one of the many sophisticated threats affecting organisations, both public and private, in today’s world.
The increase in threats has heightened the focus on initiatives to circumvent such attacks, including the CISA and NCSC’s joint Secure by Design Pledge. This pledge is focused on enterprise software products and services in the US. It involves achieving seven key security goals, including increasing multi-factor authentication (MFA), reducing default passwords, and enhancing security patch installation.
One of the greatest strengths of the cybersecurity community is that we often come together for the greater good of the world in the name of a secure future. Proudly, we at ACDS announced last week that we have become one of the first 100 companies, alongside AWS, Microsoft, Cisco, Google, and IBM, to sign the pledge and commit to enhancing product security within a year.