Analysis: Global risks, threat intelligence and UK legislation

Written by: Katharina Derschewsky

Published in

Keylogged

4 min readFeb 28, 2018

Year on year, there are multiple reports warning us that the gravity of the cyber threat that modern societies face has worsened yet further.

For 2018, by way of example, let us look at the World Economic Forum’s Global Risks Report [1].

The cyber threat in 2018 — “prospect of devastating disruption”

It concludes, in no uncertain terms, both that previously considered “large” cyber attacks have become normal, and that we could see potentially radical and irreversible systemic shocks that could — worst-case scenario — result in a breakdown of the systems that keep societies functioning. Ciaran Martin, the Director of the UK’s National Cyber Security Centre (NCSC) calls it “the prospect of devastating disruption” [2].

So yes:

The threat is serious.
Total protection is impossible.
And still, both public and private sector retain their ambition to “stay ahead” of their (increasingly sophisticated) adversaries.

Knowing thy enemy is … power?

As a cursory look to history reveals, the power of knowledge has long been known. Much quoted, it was Sun Tzu, who in the 5th century BC stipulated that it took “knowing yourself and your enemy” to “win a hundred battles without jeopardy”. And it’s Sir Francis Bacon who is attributed with identifying, in 1597, that “knowledge (in itself) is power”.

With that in mind, it should come as little surprise that a number of surveys and reports find increasing demand for cyber threat intelligence services.

Anecdotal evidence [3] confirms that cyber, or intelligence, expertise is no prerequisite to understanding the value that cyber threat intelligence can provide. Asked what they associate with the term, people concluded that an improved understanding of the threats one faces will allow for a better understanding of one’s own (security) position in the face of these threats, so that one can both react to and, possibly, prevent them.

A growing appetite for threat intelligence

More methodologically sound data confirms that organisations and their CISOs considered improving threat intelligence as a top security and investment priority [4,5], not least in an attempt to counter a (perceived) lack of effective intelligence to detect and action cyber threats [6].

A brief look at Google Trends [7] further illustrates the growth potential for the cyber threat intelligence market:

*Interest over time — Worldwide Google searches for cyber threat intelligence from 1 January 2004 to 30 January 2018*

*Interest by region — Worldwide Google searches for cyber threat intelligence from 1 January 2004 to 30 January 2018*

And it is easy to see why.

Cyber threat intelligence helps organisations understand who their adversaries are — their motivation, capabilities and skillsets, intents and targets. Or, in technical terms, actionable intelligence allows operational teams to understand threat actors’ techniques, tactics and procedures (TTPs). This in turn, helps to better define investment in cyber defences to anticipate, detect and mitigate threats.

A need to ensure demand can be met legally

Growth in the cyber threat intelligence market is driven not just by the evolving threat landscape but also by governmental and regulatory incentives seeking to boost organisations’ cyber resilience.

Yet, ironically, while organisations pay heed to current government policy, it might be past government decisions that hamper the effectiveness of threat intelligence collection in support of today’s cyber defence strategies.

When the UK’s Computer Misuse Act entered into force 28 years ago, nobody could have predicted the conclusions of this year’s World Economic Forum’s Global Risks Report. It is not entirely unsurprising, therefore, that some provisions of the 1990 Act significantly constrain the activities of an industry that, at the time, did not exist, nor was sought after by organisations interested in cyber security.

In 2018, however, the cyber threat intelligence market is maturing, and investment in threat intelligence is becoming a crucial element of organisations’ cyber resilience strategies and their preparedness for known and unknown threats.

As technologies advance, so too do our adversaries’ capabilities. As the world around us changes, our desire to protect and defend ourselves against the evolving threats remains. Ancient principles continue to hold, yet the way in which we implement them necessarily adapt.

It seems only right that the laws and rules of old catch up to today’s realities too, if, at the very least, we want a fighting chance against the looming “devastating disruption”.

NCC Group is leading the dialogue on reviewing and clarifying relevant provisions of the UK’s Computer Misuse Act 1990. We want to ensure the UK cyber threat intelligence sector remains globally competitive and able to contribute to national defence and security strategies against evolving cyber threats in both the public and private sector.