The United Kingdom (UK) National Cyber Security Centre (NCSC) has released its Annual Review 2020, which focuses on its response to evolving and challenging cyber threats. Recognizing cybersecurity as a “team sport,” the publication includes highlights of NCSC’s collaboration with many partners, including the Cybersecurity and Infrastructure Security Agency (CISA). A few examples:
- Joint Advisory AA20-126A: APT Groups Target Healthcare and Essential Services, which warned of observed “large-scale ‘password spraying’ campaigns against healthcare bodies and medical research organizations” and provided mitigation advice for this threat.
- Joint Advisory AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity, which NCSC calls “an incident response playbook … applicable to the widest set of countries and situations possible.”
- The NCSC’s Secure Design Principles blog and CISA’s Cybersecurity Best Practices for Industrial Control Systems (ICS) guide. As stated by NCSC, these publications represent a CISA-NCSC “joint venture [to] set out risks faced by ICS owners and operators … to help them design and secure ICS, mitigate risks, and protect against the ever-evolving threats.”