The government announced the creation of a new security agency, the National Protective Security Authority (NPSA), to help organisations defend themselves against potential national security threats, which include state-backed cyber espionage.
The NPSA absorbs the responsibilities of the Centre for the Protection of National Infrastructure (CPNI), but with a broader extent since state-backed threats now extend to organisations such as science and technology firms and research organisations that are not classified as critical national infrastructure (CNI).
In the announcement, the government said the NPSA will be overseen by MI5, and will work closely alongside existing bodies including GCHQ’s National Cyber Security Centre (the NCSC), and National Counter Terrorism Security Offices to provide holistic advice on security.
Tom Tugendhat, the security minister, said: “Science, technology and academia are as much on the front lines of national security as the UK’s critical national infrastructure.
“We know that hostile actors are trying to steal intellectual property from UK institutions to harm our country. The National Protective Security Authority will play a crucial role in helping businesses and universities better protect themselves and maintain their competitive advantage.”
MI5 director general Ken McCallum has previously spoken of the growing threat to organisations posed by espionage, particularly that emanating from China, which has a long history of such activity, including intellectual property theft, targeting and exploiting academic researchers, and acquiring sensitive information through exploiting professional networking websites such as LinkedIn.
The Russian state is also known to be highly active in this area, using similar methods to compromise persons of interest to its intelligence goals, as has Iran.
The NPSA said its advice would be provided in an “accessible and informative” way and could be understood and used by a broad range of organisations, from two-person start-ups to top universities.
Ultimately, its goal is to provide training and advice on the measures organisations should be putting in place to help address the problem, and it has already launched guidance covering subject areas such as the security of visual surveillance equipment, incident management, cyber assurance for physical security systems, and deploying perimeter intrusion detection systems.
It has also produced a mobile app, Think Before You Link, which will help users of social media platforms such as Facebook and LinkedIn to better identify some of the traits of fake profiles used by malicious actors to lure their victims into a compromise. The app was launched last year by the NPSA’s predecessor, the CPNI.
ESET global cyber security adviser Jake Moore commented: “Industrial espionage has shifted up a gear in the last few years, so it is a positive and bold step forward to see the government focus on this growing area of attack. From large organisations like Huawei and TikTok to small companies trading with the UK, advice is vital when there are so many questions surrounding interactions with Chinese firms.
“Specifically creating an agency in this particular area also suggests the prevalence in modern day espionage, nation state attacks and the fear of international data surveillance – so it is excellent to see it being taken seriously by the government in a timely manner.
“The NCSC has been a tremendous success and hopefully this new agency will follow in its footsteps offering the right support to protect UK businesses from inevitable attacks.”
(Source: Computer Weekly)
