Our blog

The NCSS and BT’s fight against the cyber criminals


01 November 2016

Ruth Davis

Blogs by author: Ruth Davis, Head of Cyber Security Strategy, BT Security


The National Cyber Security Strategy (NCSS) marks a new era of cyber security in the UK. And BT’s proud to be at the forefront, leading the fight against cyber crime.

Moving to war footing.

You need nerves of steel to be a CISO. Earlier this year BT successfully fought off one of the biggest Distributed Denial of Service (DDoS) attacks it had ever seen, where criminals attempted to take down a part of the BT network. When I became aware of the attack, I fought the urge to run round the office shouting that well-known refrain: “Don’t panic! Don’t panic!” Meanwhile, our CISO said calmly into his headset: “We move to a war footing, please.” As you can see, there’s a reason I’m not in operational response. Our success in foiling the cyber criminals was the result of BT’s investment in a significant upgrade to the technologies which defend against such attacks. This is helping to protect not only our own company network and brand, but also our customer’s networks around the world.

Big DDoS attacks, designed to bring down internet sites by flooding them with bogus traffic requests, have now become par for the course. The other week, Dyn, a site that directs users’ internet requests to websites was the victim of the biggest known DDoS attack ever. It involved an eye-watering 1.2 TBPS, which knocked some of the world’s most popular websites, including Twitter and Netflix, offline.

The personal cost of phishing and scams.

While this cyber attack against big business made headlines around the world, it’s important to remember that cyber crime comes in all shapes and sizes. It doesn’t discriminate between big businesses and individuals trying to log into their bank accounts. And as this story shows, we’re all vulnerable — no matter how savvy you are about cyber attacks and online security.

We need to up our game if we are going to protect the internet and the people who use it from cyber criminals, and that’s why the NCSS, published today, is so important. Its move to strengthen automated defences — making it more difficult for criminals to exploit the internet to their advantage — is one of the key shifts in focus from the previous strategy.

Our leading security strategy.

At BT, we’re leading the way with the work we do in cyber security. And we’ll be stepping up and doing even more in future, including:

  • strengthening internet protocols to make it more difficult for UK machines to participate in a DDoS attack
  • blocking malware sites to protect our customers
  • making it more difficult for hackers to spoof email addresses and con victims into thinking they’ve been contacted by a legitimate organisation
  • notifying our customers when they are connecting to our site with software that is out of date.

The fight over filtering.

Of course, there have been some objections to the measures we’re taking to keep people safe — particularly with regard to filtering malware. But those who believe that this will cause content to be blocked miss the point. Malware filtering isn’t interested in content (i.e. what is written on a website), it’s interested in malicious code. So it’s essentially a massive spam filter, blocking access to websites that contain the kind of software that will infect our customers’ computers and take their money or data, or even see a botnet requisition their computer.

Of course, there need to be safeguards. And of course customers need to be able to opt out if they want to. But not filtering malware is not an option.

The cyber security challenge continues.

Cyber criminals are an entrepreneurial bunch, they chop and change their business models quickly — and 2015 alone saw a shocking 431 million new variants of malware. They are motivated by power, profit or propaganda and will exploit your digital business model to achieve their ends. This is why we are investing so heavily in cyber security, including the future generation of cyber security experts who will tackle the cyber criminals head on.

As BT Security CEO, Mark Hughes, said of the NCSS:

“This funding will help equip the next generation with the skills needed to keep pace with the constantly evolving tactics of cyber criminals and hacktivists. Continued innovation is needed to make sure the UK stays ahead of cyber security threats and the new Government strategy provides a solid framework to achieve that.

“BT will support the Government in delivering this new strategy through our continued focus on educating the next generation of cyber experts. We’re investing in the teaching of cyber skills in schools and are training 900 of our own experts this year, including apprentices and graduates.”

So while the cyber criminals continue with their schemes, we’re confident that our systems will be safer than ever, now, and into the future. Read the full NCSS here.