The Home Office has published a series of recommendations for cyber security within a trio of guides on what it has learned from a research programme on relevant threats.
They cover threat intelligence, threat hunting and digital risk and intelligence, deriving from a series of conversations with stakeholders in government and industry around their current capabilities.
Robert Flanders (pictured), the Home Office cyber programme technical lead, said it is sharing the documents to help the public and private sector tackle the issues, and that it collaborated with the Cabinet Office and National Cyber Security Centre (NCSC) in their creation.
Detecting the Unknown – A Guide to Threat Hunting, comes up with a recommendation to use a security operations centre to reduce risk, along with investing in the development of people involved in the effort and ensuring essential data is visible.
Along with this there is a need for more collaboration inside government and for common standards on threat hunting for departments and suppliers.
The document on threat intelligence emphasises that it should not replace a dedicated monitoring capability, and that departments should bring their relevant operations to the NCSC’s Minimum Cyber Security Standard before investing in a cyber threat intelligence (CTI) capability.
It also points to a need for a CTI strategy to avoid wasteful spending and open source tools to better inform requirements, and to bring in people with non-technical backgrounds to develop diverse teams in the field.
Need for DR&I
Controlling Your Exposure – A Guide to Digital Risk and Intelligence (DR&I) makes a series of recommendations, which should be preceded by a self-assessment of current capabilities.
They include appointing a DR&I team, adopting a series of publicly available tools to manage the organisation’s digital footprint, commissioning external assessments of risk exposure, and liaising with the appropriate law enforcement agency.
For the long term it says the Cabinet Office, NCSC, National Crime Agency and Government Legal Profession should provide clear legal guidance for monitoring public domains, and that the Crown Commercial Service should develop procurement frameworks to help authorities carry out vendor trials.
Flanders commented: “Through these engagements, we have formed and enhanced pivotal relationships with key partners across government and industry, with whom we will continue to work collaboratively in the future.”
Image from GOV.UK, Open Government Licence v3.0