LloydBunday Internet, Lloyd Bunday Consultants for all Information Communication and Technology

HOME
Support
News & Weather
- ITN
- BBC News
- Sky News
- Weather

css menu by Css3Menu.com

GET BROADBAND HERE




'NCSC Cyber Series' podcast now available Listen to all five episodes now, covering a wide range of cyber security topics. Ever wondered how a cyber crime gang operates? NCSC publishes new report on criminal online activity. Securing Office 365 with better configuration How our Office 365 advisory and new security guidance from Microsoft can help protect your cloud services. Cyber Assessment Framework 3.2 Latest version of the CAF reflects the increased threat to critical national infrastructure Watch all the plenaries from CYBERUK 2024 live, and for free Key talks from the UK government’s flagship cyber security event will be livestreamed from Birmingham’s ICC. Interactive administration in the cloud: managing the risks Tips to help you secure and reduce interactive access to your cloud infrastructure. Training for small organisations and charities now available New online learning helps small organisations get to grips with cyber security. NCSC's cyber security training for staff now available The NCSC’s e-learning package 'Top Tips For Staff' can be completed online, or built into your own training platform. Funded cyber certification helps small charities to provide legal aid to vulnerable citizens How the funded Cyber Essentials Programme helped the ‘Law Centres Network’ protect its IT estate - and client data - from cyber attacks. SCADA 'in the cloud': new guidance for OT organisations If migrating SCADA solutions to the cloud, cyber security must be a key consideration for operational technology organisations. Offline backups in an online world How to protect your backups that are stored in the public cloud. Check your email security, and protect your customers Free online tool from the NCSC prevents cyber criminals using your email to conduct cyber attacks. New 'Connected Places' infographic published A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’. Products on your perimeter considered harmful (until proven otherwise) As attackers' tactics change, so must network defenders'. Market incentives in the pursuit of resilient software and hardware A new paper from the ONCD explores how metrics can influence markets to improve the cyber security ecosystem. Cyber security governance: the role of the board As cyber threats evolve, boards must remain vigilant in cyber security governance. Revolutionising identity services using AI The ‘NCSC for Startups’ alumnus giving identity verification the 'Trust Stamp' Protecting PBX from cyber attacks Why small organisations need to manage their private branch exchange (PBX) telephone networks. From the cyber proliferation threat all the way to Pall Mall The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it. Unleashing the power of cloud with containerisation New NCSC guidance describes how organisations can make the most of containerisation. QR Codes - what's the real risk? How safe is it to scan that QR code in the pub? Or in that email? NCSC for Startups: Playing cyber criminals at their own game CounterCraft's co-founder, Dan Brett, explains how they turn the tables so that social engineering can be used to protect organisations from attackers. Cyber Essentials: are there any alternative standards? Can an equivalent cyber security standard deliver the same outcomes as the NCSC’s Cyber Essentials scheme? Landing at the NCSC (glad I brought my towel) Ollie Whitehouse, the NCSC’s new Chief Technology Officer, outlines the cyber security challenges he’ll be prioritising. New guidance to help small organisations use online services more securely How to set up online (or 'cloud') services so they're protected against common cyber attacks. The logic behind three random words Whilst not a password panacea, using 'three random words' is still better than enforcing arbitrary complexity requirements. Researching the hard problems in hardware security Introducing the next chapter of the NCSC research problem book, which aims to inspire research on the biggest impact topics in hardware cyber security. Announcing IASME as our second Delivery Partner for Cyber Incident Response Level 2 Both CIR Delivery Partners are now accepting enquiries and applications. New cloud guidance: how to 'lift and shift' successfully Henry O discusses the pitfalls of performing a basic ‘lift and shift’ cloud migration. Introducing the guidelines for secure AI New guidelines will help developers make informed decisions about the design, development, deployment and operation of their AI systems. Cyber Advisor – the first 6 months The Cyber Advisor scheme has been gaining momentum since its launch six months ago – what happens next? Thanking the vulnerability research community with NCSC Challenge Coins Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors. An RFC on IoCs – playing our part in international standards The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design - and hopes to encourage more cyber defenders to engage with international standards. Migrating to post-quantum cryptography New guidance from the NCSC helps system and risk owners plan their migration to post-quantum cryptography (PQC). AIT fraud: what you need to know SMS and telephone guidance updated to address the rise in Artificial Inflation of Traffic (AIT). Trusted Research - protecting your research Trusted Research provides advice on how international collaboration and research can be undertaken securely Logging Made Easy with CISA The US Cybersecurity and Infrastructure Security Agency have relaunched an updated version of LME. NCSC to retire Logging Made Easy The NCSC is retiring Logging Made Easy (LME). After 31 March 2023, we will no longer support LME, and the GitHub page will close shortly after. Introducing PDNS for Schools Launching the first phase rollout of a protective DNS service for schools. Our new principles to help make cloud backups more resilient Introducing a new set of NCSC principles to strengthen the resilience of organisations' cloud backups from ransomware attackers. New cyber security training packages launched to manage supply chain risk NCSC publishes free e-learning to help organisations manage the cyber security risks across their supply chains. Mastering your supply chain A new collection of resources from the NCSC can help take your supply chain knowledge to the next level Data-driven cyber: empowering government security with focused insights from data How 'small but actionable' insights can improve behaviours and decision making. New scheme ready for Cyber Incident Exercising providers A new Cyber Incident Exercising scheme is now open for organisations to apply to be Assured Providers, with IASME and CREST as our delivery partners. New interactive video - and related downloads - to help secondary school kids stay safe online A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life. Building on our history of cryptographic research The NCSC has published new cryptographic research on robust cryptography – we explain its significance and how the ideas could support research to inform future global standards. Getting started with cyber incident management Harry W introduces the NCSC's new Cyber Incident management (IM) guidance Ransomware and the cyber crime ecosystem A new white paper examines the rise of 'ransomware as a service' and extortion attacks. Thinking about the security of AI systems Why established cyber security principles are still important when developing or implementing machine learning models. Exercise caution when building off LLMs Large Language Models are an exciting technology, but our understanding of them is still 'in beta'. A problem shared is . . . in the research problem book Introducing the new NCSC research problem book and find out how you can get involved. ChatGPT and large language models: what's the risk? Do loose prompts* sink ships? Exploring the cyber security issues of ChatGPT and LLMs. Expanding the scope of Cyber Incident Response (CIR) Announcing CREST as our first delivery partner and the scheme's readiness for incident response providers to join. How CyberFish's founder got hooked on Cheltenham Berta Pappenheim, CEO and co-founder of CyberFish, explains how the NCSC For Startups programme has transformed her professional and personal life. Tackling the 'human factor' to transform cyber security behaviours ThinkCyber's CEO Tim Ward reflects on the challenges that startups face when developing innovative products. Spotlight on shadow IT New guidance to help organisations manage rogue devices and services within the enterprise. To SOC or not to SOC ? For environments that are secure by design, a 'full-fat SOC' is not always required. Active Cyber Defence: Sixth annual report now available New ACD services developed to help protect SMEs from the harms caused by cyber attacks. New techniques added to the NCSC’s ‘risk management toolbox’ Refreshed guidance published to help practitioners manage cyber risk. Threats and key takeaways for the legal sector New NCSC report outlines the growing threat to the legal sector, with recommendations to improve cyber resilience. Protecting how you administer cloud services New advice on implementing high-risk and ‘break-glass’ accesses in cloud services. Early Warning is joining MyNCSC Early Warning, one of the NCSC’s flagship ACD services, will be soon be migrated to the MyNCSC platform. Here we explain the background and what users can expect. Leveraging NCSC’s national insight to strengthen the fight against mobile threats Traced Mobile Security co-founder Benedict Jones describes how 'NCSC for Startups' helped evolve his business. New cloud security guidance: it's all about the config Jamie H explains why ensuring a robust cloud configuration is a critical investment. A Cyber Accelerator success story How cyber security start-up Trust Stamp capitalised on the CA programme. Accessibility as a cyber security priority Want security that works better for people? Make it accessible. Building cyber skills and roles from CyBOK foundations NCSC Deputy Director for Cyber Growth Chris Ensor explains how we have used the Cyber Security Body of Knowledge to build the early foundations for professional standards – and what it is we are building. i100 industry team and NCSC collaborate on refreshed guidance for boards NCSC’s cyber security Board Toolkit draws on industry expertise in a major update to the guidance. Why more transparency around cyber attacks is a good thing for everyone Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissioner’s Office (ICO), reflect on why it’s so concerning when cyber attacks go unreported – and look at some of the misconceptions about how organisations respond to them. Data-driven cyber: transforming cyber security through an evidence-based approach Using data and scientific methods to make more evidence-based decisions about cyber security. Putting the consultancy community at its heart Catherine H reflects on how the changes to the refreshed Assured Cyber Security Consultancy scheme go deeper than just a new name - and welcomes two new consultancies to the scheme. Introducing Cyber Advisors... Launching a new Industry Assurance scheme aimed at helping the UK’s small organisations. Refreshed 'cyber security toolkit' helps board members to govern online risk Lindy Cameron, CEO, introduces changes to the NCSC’s cyber security resources specifically designed for board members. The new route for cyber security professional recognition What the UK Cyber Security Council's Chartership programme means for the CCP scheme and the organisations who use CCP for recruitment and development. Protect your management interfaces Why it's important to protect the interfaces used to manage your infrastructure, and some recommendations on how you might do this. What if a service changes your 2-step verification options? Reflecting on the choices available for 2-step verification and reiterating the NCSC guidance. Zero trust migration: How will I know if I can remove my VPN? In our third blog about migrating to a zero trust architecture, we consider the security properties of an Always On VPN, and the factors to consider when deciding if you no longer need one. New ‘supply chain mapping’ guidance The latest addition to the NCSC’s suite of supply chain guidance is now available. Supply chain cyber security: new guidance from the NCSC Guidance describes practical steps to help organisations assess cyber security in their supply chains. NCSC for Startups: an ecosystem-based approach to cyber security Andrew Roughan, CEO of the NCSC’s innovation partner Plexal, explains why a whole-of-society approach is vital for cyber security innovation. Phishing and ransomware amongst biggest threats to charity sector New report outlines the growing threat that charities face, and how they can become resilient to cyber attacks. UK schools build cyber resilience Awareness and training programmes help schools prepare for cyber attacks. Industry 100 women can do it! The Industry 100 scheme is just one of the NCSC's initiatives that encourage women to work in cyber security. Using MSPs to administer your cloud services Andrew A explains what you must check before giving Managed Service Providers (MSPs) the keys to your kingdom. Secure home working on personal IT Useful tips and resources for people using personal IT to work from home. Telling users to ‘avoid clicking bad links’ still isn’t working Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing. How the NCSC thinks about security architecture Richard C explains how an understanding of vulnerabilities - and their exploitation - informs how the NCSC assesses the security of computer systems. Making Principles Based Assurance a reality An update on the work to make Principles Based Assurance (PBA) usable in practice. Code of practice for app store operators and app developers Nick B explains how a new code of practice will protect consumers from malicious actors and vulnerable apps Principles and how they can help us with assurance Explaining the forthcoming NCSC Technology Assurance Principles. NCSC For Startups: Vistalworks cracking down on illicit trade Vicky Brock of Vistalworks describes how the 'NCSC For Startups' programme has helped her organisation develop solutions to tackle illicit online trade. CyberFirst Girls: Falling into coding We speak to Charlene Hunter, CEO of Coding Black Females, about how she got into the industry and why a range of backgrounds is so important to cyber security. CyberFirst Girls: From Top Gun to tech We speak to Anna Brailsford, CEO of Code First Girls, about her path into the industry and why she thinks now is the best time for women to consider a career in cyber security. Personnel security in the cloud Making sure you minimise your cloud provider’s access to your data. CYBERUK 2023 Technical Masterclass: call for abstracts now open We're inviting all security professionals to share their expertise with delegates at next year's CYBERUK. Scanning the internet for fun and profit Ian Levy explains how the NCSC's new internet scanning capability will help us understand the UK's vulnerability to cyber attack. So long and thanks for all the bits Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything. Early Warning: What's new, and what's in it for you Free service helps thousands of organisations spot suspicious activity on their networks and a new feature will now help users even more. Nine months on from the Cyber Essentials update - debunking some myths Anne W takes stock of where we are following the changes to Cyber Essentials in early 2022, discussing some of the feedback received and clarifying some common misconceptions. What's been happening with CISP then? The CISP team provides some background on where things have got to on the project to deliver the new version of CISP and what we can expect to see in the future. Cyber Essentials Plus is for charities too! Sara Ward, the CEO of Black Country Women's Aid, discusses her organisation's experience of gaining Cyber Essentials Plus certification. NCSC for Startups: the case for collaboration Saj Huq of Plexal explains why collaboration with the NCSC brings opportunities to the cyber security sector. "Winning trust, and making powerful connections" Chris Wallis, CEO of Intruder, explains how completing the NCSC's Startup Programme was a turning point for his organisation. Protect your customers to protect your brand New guidance to protect your brand from being exploited online, and to help you choose alternate authentication models. Introducing our new machine learning security principles Why the security of artificial intelligence (AI) and machine learning (ML) is important, how it's different to standard cyber security, and why the NCSC has developed specific security principles. The security benefits of modern collaboration in the cloud By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’. Information Security: best practice for the construction sector New guidance for businesses of all sizes planning to take part in Joint Ventures. Securing the cloud (by design and by default) To reduce data breaches from cloud services, seek out providers who ensure functionality is ‘secure by default’ Passwords, passwords everywhere How password deny lists can help your users to make sensible password choices. We're trying to cure cancer, why would anyone attack us? The NCSC launches its first guidance for charities, helping them to protect their valuable data - quickly, easily and at low cost. Not perfect, but better: improving security one step at a time Why striving for better (rather than perfect) security will help more people stay safer online. Living with password re-use In a perfect world we'd use unique passwords for every online service. But the world isn't perfect... Even Jedi can't achieve Password Perfection Emma W on why supporting users to do the right things is better then telling them what to do. What does the NCSC think of password managers? Emma W discusses the question everyone keeps asking us. Let them paste passwords Allow your website to accept pasted passwords - it makes your site more secure, not less. Three random words or #thinkrandom Ian M discusses what makes a good password Spending our users' security budgets wisely If your organisation's security depends on the strength of your users' passwords... ...you've got bigger problems. The problems with forcing regular password expiry Why the NCSC decided to advise against this long-established security guideline. Log4j vulnerability: what should boards be asking? Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability. The rise of ransomware Toby L, Technical Lead for Incident Management, explains how modern-day ransomware attacks are evolving. Introducing Host Based Capability (HBC) HBC is an NCSC IT monitoring and analysis service for government departments. Malware & ransomware guidance: the reboot! Using knowledge from the 'cyber frontline' to improve our 'Mitigating malware and ransomware' guidance. Moving your small business from the physical to the digital Cyber security advice for small businesses adapting to new ways of working How Rebellion Defence used NCSC For Startups to accelerate product development Unparalleled access to skilled users transformed Rebellion Defence’s product roadmap. Serve websites over HTTPS (always) You should be serving web pages over HTTPS. Are you? TLS 1.3: better for individuals - harder for enterprises The NCSC's technical director outlines the challenges that TLS 1.3 presents for enterprise security. A day in the life of an NCSC vulnerability researcher Have you ever wondered what it's like to work in the NCSC Vulnerability Research team, and how it compares to working in industry? Time to KRACK the security patches out again Andrew A puts some context around the recently published KRACK guidance and explains why patching - once again - is the answer. 'WannaCry' ransomware: guidance updates Jon L provides an update on the NCSC's guidance on the 'WannaCry' ransomware. Finding the kill switch to stop the spread of ransomware MalwareTech's blog post on coming across a kill switch to stop the spread of the recent ransomware incident. Open sourcing MailCheck The NCSC has open sourced the code behind MailCheck - one of our Active Cyber Defence projects. Making email mean something again How the NCSC is helping public sector organisations to adopt important anti-phishing protocols. Mobile Device Guidance updates: Chrome OS and Ubuntu Two new platform-specific guides and an OEMConfig update for Android. NHS COVID-19 app: improving its security posture Stuart H explains security improvements within the NHS COVID-19 app since its launch NHS Test and Trace: securing the NHS COVID-19 app Stuart H outlines the evolving work on the security of the new NHS COVID-19 app. Firmware updates on Linux, and using data to influence procurement decisions Focused on automating UEFI firmware updates on Windows devices. Spray you, spray me: defending against password spraying attacks Andy P summarises how organisations can protect users' accounts from password spraying. What's new in Windows Fall Creators Update (1709)? An introduction to the updated Windows 10 guidance following the 1709 “Fall Creators Update”. NCSC IT: Installing software updates without breaking things Andy P explains how the NCSC rolls out software updates without delays. NCSC IT: Don't leave your Windows open this Christmas The latest blog on NCSC's own IT, this time how we protect our Windows end user devices from malware. Firmware bugs are like buses Intel's report this week of security vulnerabilities emphasises the importance of automating firmware updates. Automating UEFI Firmware Updates Discussing the state of UEFI firmware running on Windows laptops. Modernising Windows 10 Management Introducing our new Windows 10 with MDM guidance. NCSC IT: MDM products - which one is best? In part 3, we discuss why there is no one right answer to "What is the best MDM product?", as we found when building our own IT system. What's new with Windows 10? New device security guidance and some timely reminders NCSC IT: The architecture behind NCSC's IT system A look at the high-level design of the NCSC's new IT system, including the single sign-on architecture, our initial end user device choices, and how we tackled the captive portal problem. Which smartphone is the most secure? A straight answer to a difficult question Firmware II: Status check Initial research shows firmware frequently out of date. Getting a grip on firmware Investigating the security of firmware and why this often overlooked component should not be ignored. What exactly should we be logging? A structured look at what data to collect for security purposes and when to collect it. Cyber Schools Hub: local success, national impact Work from schools and companies paying dividends in the number and diversity of pupils taking up computer science. CyberFirst industries support CyberTV for students Cyber security-themed videos, blogs and interviews from industry experts are supporting students and teachers. Home learning technology: securing tools for remote education Guidance to help schools provide secure remote learning tools for pupils, students and staff. Cyber security for schools New NCSC training package to help schools improve their cyber security. Reaching out to the next generation of Cyber Sprinters The NCSC's first 'Outreach' event welcomes pupils from Carlton Primary School. Knockevin school is the first special school to achieve CyberFirst status Sara Liddell, Principal of Knockevin Special School, explains the opportunities for pupils and staff following their CyberFirst award. EmPower Cyber Week at the NCSC in London In November the NCSC hosted students from four schools at our London headquarters to mark EmPower Cyber Week. Hacker games and trojan tales: new CyberSprinters activities now available to download Glitch, Nano and the rest of the CyberSprinters gang are back in a new set of cyber security puzzles for kids. Cyber tools for UK schools! The NCSC's free Web Check and Mail Check services can help protect schools from cyber attacks. Bring Your Own Device: How to do it well Updated NCSC guidance on enabling your staff to use their own devices for work. CNI system design: Secure Remote Access A Critical National Infrastructure (CNI)-specific look at NCSC guidance on remote access architecture design Bring Your Own Device - the new normal The NCSC view on BYOD and the rise in home working Using secure messaging, voice and collaboration apps What organisations should think about before choosing apps for secure communications and collaboration... Preparing for the long haul: the cyber threat from Russia Although the UK has not experienced severe cyber attacks in relation to Russia’s invasion of Ukraine, now is not the time for complacency. NCSC For Startups: the feedback loop How startups can make the most of their time when pitching to cyber security experts. i100 insider: The cyber security advocate Jenny, information and compliance security manager at a large European law firm and i100 member, explains how the legal sector is working with the NCSC to keep the law profession cyber secure. ACD the 5th Year: report now available to download Active Cyber Defence extends its services to organisations beyond the public sector. New SOC guidance 101 Explaining the rationale behind the NCSC's updated Security Operations Centres guidance. Mythbusting cloud key management services Why trying to avoid trusting the KMS doesn't make sense (and other common misconceptions). Avoiding crisis mismanagement New guidance for cyber attack victims focuses on the welfare of staff responding to (and affected by) the crisis. Relaunching the NCSC's Cloud security guidance collection Andrew A explains what's new in a significant update to the NCSC's flagship cloud guidance. The Technology Assurance principles Covering the ‘Product development', 'Design and functionality' and ‘Though-life’ aspects of product assurance. Laying the new foundations for enterprise device security As the beta version of the new device security principles for manufacturers is released, Luna R explains the thinking behind them, how manufacturers can use them and invites feedback. CCP scheme to be run by the UK Cyber Security Council The NCSC hands over administration of the Certified Cyber Professional scheme, with details to be announced at CYBERUK 2022. Cyber Security in the Built Environment - considering security throughout a buildings lifecycle Updated IET code of practice explains current best practice for building-related systems and interconnections with the wider cyber environment. Inside Industry 100 - the on-loan CTO By day, Ollie W is Chief Technology Officer for a multinational cyber security company. For the past four years he has also moonlighted at the NCSC as an i100 integree. In this blog, he reflects on his experiences so far and considers the opportunities for others to be part of i100 too. CYBERUK 2022: Taming the dragon Awen Collective tells us how they got the most from their winning appearance in Cyber Den. The Cyber Assessment Framework 3.1 Latest version of the CAF focusses on clarification and consistency between areas of the CAF. CISP 2.0 - development update With the spring clean almost complete, we’re about to begin pruning CISP content. Use of Russian technology products and services following the invasion of Ukraine Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why. Motivating developers to write secure code The 'Motivating Jenny' project is helping to change the conversation about security in software development. Five years of i100 Reflecting on five years of Industry 100 and looking ahead to an even brighter future. 'Transaction monitoring' & 'Building and operating a secure online service' guidance published Two new pieces of NCSC guidance replace Good Practice Guides 43 and 53. Construction businesses: understanding the cyber threat New guidance to help small-to-medium construction businesses protect themselves from common cyber attacks. NCSC For Startups: taking on malvertising Can your startup help counter the rise of malicious advertising? Introducing Scanning Made Easy Trial project makes vulnerability scanning easier. We think Cyber Essentials is, well, still essential ... ...and that's why we are making some changes. Anne W summarises what they are, and explains the thinking behind them. SMS and telephone best practice: new guidance for organisations The fight against scams is a team sport; our new guidance explains how your organisation can help. Terminology: it's not black and white The NCSC now uses 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist'. Emma W explains why... New guidance for practitioners supporting victims of 'domestic cyber crime' The NCSC produces advice for practitioners working with victims who are being tracked, stalked, or virtually monitored. Zero Trust migration: where do I start? How to start the journey to zero trust architecture once you have decided it meets your business requirements. Why vulnerabilities are like buses How organisations can address the growing trend in which multiple vulnerabilities within a single product are exploited over a short period. I'll make you an offer you can't refuse... How to prevent malicious advertisements from ruining your day. To AV, or not to AV? Do you need antivirus (AV) products on smartphones and tablets? Protecting internet-facing services on public service CNI How operators of critical national infrastructure (CNI) can use NCSC guidance and blogs to secure their internet-facing services. NCSC For Startups diaries: PORGiESOFT We caught up with George Brown, founder of PORGiESOFT, about his first few weeks in NCSC For Startups... Are you hungry? A two-part blog about risk appetites Risk appetites; what are they, what’s their purpose, how do organisations go about defining them? The future of Technology Assurance in the UK Chris Ensor highlights some important elements of the NCSC's new Technology Assurance strategy. Zero Trust: Is it right for me? The first in a series of blogs to ease your journey towards a zero trust architecture. Zero trust 1.0 Zero trust architecture design principles 1.0 launched. Brightening the outlook for security in the cloud The NCSC's Cloud Security Research Lead suggests some approaches to help you get confidence in cloud services. Cloudy with a chance of transparency In part 2 of his Cloud Blog Trilogy, Andrew explains why it's better for everyone if cloud providers are willing to be open about how they run their services. Time to shed Python 2 Don’t constrict yourself, Python 2 slithers off into the sunset in 2020 Comparing configurations in Windows 10 1809 Introducing some notable changes to our new EUD guidance for Windows 10 1809 Serving up some server advice Highlighting guidance which will help you secure your servers Zero trust architecture design principles Alpha release for the ZTA principles on GitHub. Fresh call for next generation cyber security solutions Call opens for the fourth NCSC Cyber Accelerator programme Assuring Smart Meters How we made our commercial assurance business react to the demand of the Smart Meter programme, and how we can use this as a catalyst for future improvement. Connected Places: new NCSC security principles for 'Smart Cities' NCSC Technical Director warns that 'Connected Places' will likely be a target for malicious actors. Ransomware Taskforce (RTF) announce framework to combat ransomware A new framework published by the RTF highlights the power of collaboration to address widespread cyber threats. Exhausted, energised and overwhelmed - but in a good way! Start-up companies reflect in a packed first week on the NCSC's Cyber Accelerator programme. Getting the most from Cyber Accelerator Adam H catches up with past graduate of the Cyber Accelerator programme, Aquilai CTO, Jack Chapman. A view from the experts' side The NCSC's security specialists who help run Cyber Accelerator explain what they get out of the programme. The first Certified Cyber Professional (CCP) Specialism is now live! 'Risk Management' is the first certifiable specialism under the NCSC's revised CCP scheme. Securing your devices - the future Our relaunched device guidance makes it easier for you to configure the security of your devices. Asset management for cyber security Help understanding what good asset management looks like from a cyber security perspective and some of the challenges it presents. Is blockchain the right tool for you? Our new white paper will help you weigh up the benefits and drawbacks of distributed ledger technology. Get ready for CiSP 2.0 The NCSC's online portal for threat intelligence sharing is being upgraded. Identifying suspicious credential usage How NCSC guidance can help organisations detect and protect themselves from credential abuse. What is OT malware? How malware works on Operational Technology (OT) and how to stop it. Erasing data from donated devices How charities can erase personal data from donated laptops, phones and tablets, before passing them on. Better device configuration shouldn’t be like herding cats Hunting for common security weaknesses using Microsoft Defender for Endpoint. The strength of the ICS COI is the team Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK. Introducing the protocol design principles Guidance on development and deployment of secure communications protocols in connected systems. Defending software build pipelines from malicious attack Compromise of your software build pipeline can have wide-reaching impact; here's how to tackle the problem. Coming soon to ACD users...the 'MyNCSC' platform MyNCSC brings together a range of NCSC cyber security services within a single, accessible platform. Introducing data breach guidance for individuals and families Unpicking the NCSC's new data breach guidance released to coincide with International Data Privacy Day. RITICS: Securing cyber-physical systems Discover the Research Institute in Trustworthy Inter-connected Cyber-physical Systems. Cross domain security How to safely exchange information between systems and organisations. Vulnerability Scanning: Keeping on top of the most common threats Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues. Erasing personal data from second-hand devices Introducing our new guidance: essential steps to follow when you're buying (or selling) used electronic devices Supplier assurance: having confidence in your suppliers Questions to ask your suppliers that will help you gain confidence in their cyber security. New brochure published to support academic researchers Everything you need to know about the 19 Academic Centres of Excellence in Cyber Security Research (ACE-CSR) in one place The elephant in the data centre A new white paper from the NCSC explains the potential benefits of adopting a cloud-system. Designing and building a privately hosted PKI Public Key Infrastructure - what it is and how to build your own Bugs happen, so make sure you're ready to fix them How a Vulnerability Disclosure Process ensured a bug in the NHS COVID-19 app was fixed quickly and responsibly Moving to a cloud, not a storm Avoiding common problems when moving to the cloud. Transforming the way we work, with 'missions' Stuart T discusses a new approach to delivering improvement to NCSC website users. Import data, not malware Richard C introduces new guidance on safe, malware-free data import. The leaky pipe of secure coding Helen L discusses how security can be woven more seamlessly into the development process. Helping organisations - and researchers - to manage vulnerability disclosure Ollie N explains the thinking behind the NCSC’s new Vulnerability Disclosure Toolkit, which is now available to download. NHS Test and Trace app security redux NCSC Technical Director Dr Ian Levy and the NHS Test and Trace App acting CISO Stuart H explain how security and privacy have been approached in the new version of the app. Is cyber insurance right for you? Our new guidance will help you ask the right questions if considering cyber insurance for your organisation. Connecting your smart devices with confidence Kirsty P and Dan U look at new measures designed to improve the security of connected devices. A different future for telecoms in the UK NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK. Why cloud first is not a security problem Using the cloud securely should be your primary concern - not the underlying security of the public cloud. Return of the living phishing guidance A guide to what's changed (and what hasn't) in the updated NCSC phishing guidance. Windows 10 in S mode, and other updates Recent additions to the End User Device (EUD) security collection. Malicious macros are still causing problems! Andrew A explains the updated guidance for Microsoft Office macros Security, complexity and Huawei; protecting the UK's telecoms networks With 5G set to transform mobile services, Ian Levy explains how the UK has approached telecoms security, and what that means for the future. Studies in secure system design Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles NHS Covid-19 app security: two weeks on In this blog post, Ian Levy explains how security researchers are helping make the NHS COVID-19 App better. Drawing good architecture diagrams Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it. Video conferencing: new guidance for individuals and for organisations Whether you're using it to work from home, or just catching up with friends and family, new guidance from the NCSC will help you to use video conferencing, such as Zoom and Skype, securely. The security behind the NHS contact tracing app In this blog post, Ian Levy explains how the new NHS COVID-19 app will help us fight the coronavirus while protecting your privacy and security (and not draining your phone battery). Industry 100: a project in data driven security Alex M explains why she joined the i100 scheme and talks about one of the projects she has been working on. NCSC IT: There's confidence and then there's SaaS Raising a cheer for SaaS vendors who respond to our cloud security principles. Phishing - still a problem, despite all the work Free NCSC webinar explains how to protect your organisation from scam email campaigns. The future of telecoms in the UK NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK’s telecoms networks are secure – regardless of the vendors used. Building Web Check using PaaS How Platform as a Service (PaaS) can make good security easier to achieve. NCSC website accessibility is key On World Sight Day, Stuart T discusses how accessibility is a key element in the NCSC website's development. NCSC vulnerability disclosure co-ordination There has been a lot happening with vulnerability co-ordination and I wanted to update you with the NCSC thinking and approach. Getting back to business An easy-to-use guide that helps small businesses prepare their response to (and plan their recovery from) a cyber incident. Cloud security made easier with Serverless Our research shows that using Serverless components makes it easier to get good security in the cloud Intelligent security tools: are they a smart choice for you? What you need to know before buying artificially intelligent security products The problems with patching Applying patches may be a basic security principle, but that doesn't mean it's always easy to do in practice. Equities process Publication of the UK’s process for how we handle vulnerabilities. Protecting parked domains for the UK public sector Non-email sending (parked) domains can be used to generate spam email, but they're easy to protect. NCSC IT: how the NCSC chose its cloud services Why the NCSC spends more effort getting confidence in the security of some cloud services than in others. Applying the Cloud Security Principles in practice: a case study Using the Cloud Security Principles to evaluate the suitability of a cloud service. Secure systems design: new guidance and security paper now available We've published updated security architecture design principles, and a new set of 'anti-patterns' Active Cyber Defence - tackling cyber attacks on the UK The NCSC's Technical Director outlines how the Active Cyber Defence programme will help the UK defend itself from cyber attacks. Growing positive security cultures If your security culture isn't improving naturally, here's what you can do about it. Maturity models in cyber security: what's happening to the IAMM? Here we explain a bit about maturity models, look at how they've been used for cyber security, and explain why the NCSC is no longer supporting the IA Maturity Model (IAMM) introduced in 2008. Of mice and cyber Why recognising and understanding the complexity of systems is necessary if we want to make more informed security decisions. NCSC IT: How the NCSC built its own IT system The first in a series of blogs about how we built an OFFICIAL IT system to meet the needs of the NCSC. Ready, Set... Android Go? Is Android Go suitable for enterprise? SaaS security - surely it's simple? A draft framework from the NCSC designed to simplify security decisions about using SaaS services. 'The cyber experts of tomorrow' - Royal Masonic School win 2019 CyberFirst Girls Competition Girls from Hertfordshire school triumph in NCSC's annual cyber security competition Mind the gap: creating an inclusive environment How the NCSC is attracting newcomers - and helping existing staff to thrive - in the cyber security domain. "Do what I mean!" - time to focus on developer intent In this post I propose that the software development community should work on developing and then standardising security-related libraries that focus on what the developer is trying to achieve. Are security questions leaving a gap in your security? Even the best authentication can't help you if there is an easy way to bypass it. People: the unsung heroes of cyber security You've read the blogs, now watch the video... Cyber resilience - nothing to sneeze at David K introduces the concept of cyber resilience, and the benefits it brings. Please stop saying 'it depends'! Why I'm trying desperately to stop saying 'it depends' when it comes to simple cyber security questions... Protecting system administration with PAM Remote system administration provides powerful and flexible access to systems and services. Security and usability: you CAN have it all! This blog post explains how making security more usable can help to make an organisation more secure. Rating hackers, rating defences Why we need a more coherent approach in the language we use to describe cyber security attacks. Protective DNS service for the public sector is now live Ian Levy explains why the NCSC asked Nominet to build this critical service. Keeping your security monitoring effective We’ve been exploring the challenges faced by security monitoring teams. Industry 100: FS-ISAC in NCSC and it's XLNT Lucie discusses her role as FS-ISAC Industry 100 integree in the NCSC. Developing the cyber security profession – have your say! Chris Ensor discusses the government's proposal to develop the cyber security profession in the UK. Debunking cloud security myths What Jon got up to at the Technology Leaders Network. BT's proactive protection: Supporting the NCSC to make our customers safer Dave Harcourt, chief security advisor at BT, talks about how they are leading the way in building a community for ISPs to share data in real time to better protect UK customers. Establishing a council for the cyber security profession Get involved in the next step for the cyber security profession. There's a hole in my bucket ...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?' The serious side of pranking The National Cyber Security Centre's Technical Director, Ian Levy, was recently targeted for a prank. Stepping up to multi-factor authentication New guidance on implementing MFA to better secure online services Security breaches as communication: what are your users telling you? When your security policies conflict with business requirements, staff's willingness to break the rules may be the only way to get work done. Phishing, spear phishing and whaling; does it change the price of phish? Regardless of the type of phish, you'll still need multiple layers of defence to protect your organisation. NCSC IT: Networking in the cloud In the fourth blog about the NCSC’s IT system, we look at how the networking topologies and practices differ from traditional approaches. My cloud isn't a castle Moving to the cloud from closed-off data centres means we’re exposing more of our services to the Internet than we ever have done before. Andrew A talks through his thoughts on why this sometimes results in accidental data leakage and how to reduce the risk of that happening. Managing supply chain risk in cloud-enabled products NCSC Technical Director Ian Levy explains why new guidance on cloud-enabled products (including AV) requires a nuanced approach. Making the UK the safest place to live and do business online The NCSC's Chief Executive Ciaran Martin outlines why the UK needs a National Cyber Security Centre. Industry 100 inspiring collaboration Steve M from Sopra Steria discusses his experience of Industry 100, working with the NCSC and the importance of collaboration. Improving government, one bit at a time How data from the Active Cyber Defence projects is helping the NCSC to improve government IT. I'm gonna stop you, little phishie... Why foiling phishing attacks means much more than just punishing users for falling for them. Developers need help too How developer-centric approaches can encourage software professionals to make better security decisions. Building the Cyber Security Body of Knowledge Chris Ensor talks about the project to build the Cyber Security Body of Knowledge (CyBOK), and how you can help to lay the foundations.

Current News From the BBC

Sunak vows to hit 2.5% defence spend target by 2030
The PM says billions of extra spending will put the UK's defence industry on a "war footing".

BBC sees people struggling on migrant boat before five died
The BBCâs Andrew Harding witnessed a vessel leave the French coast in which five people later died.

Husband of ex-Post Office boss advised on IT 'bug'
A decision to use "less emotive" words for problems with Horizon is called "Orwellian", inquiry hears.

Camilla, William and Kate receive royal honours
The King awards historic honours to senior royals, in a year that has seen pressures of ill health.

Petrol prices on UK forecourts hit 150p a litre
Rising oil prices have lifted the cost of filling up but it may prove short-term, claim experts.

Burying Trump stories was 'agreement among friends'
Former National Enquirer publisher David Pecker testified about relationship with Trump and Cohen for hours.

Haiti situation 'catastrophic' and growing worse, says UN
As gang violence continues to rage, two-thirds of children are now in need of aid, the UN warns.

Air traffic meltdown boss defends staff working from home
Air traffic control boss says last summer's outage would have been worse if staff had not worked remotely.

Off-duty PCs catch suspected thief while on stag do
The Met officers say they gave chase after a man tried to steal items from a restaurant in Barcelona.

UN 'horrified' by Gaza hospital mass grave reports
Palestinian officials say more than 300 bodies have been found at Nasser and al-Shifa hospitals.

Ukraine tightens pressure on fighting age men abroad
Ukraine suspends consular services for men aged 18 to 60 as it aims to boost numbers in the military.

Arrests at St George's Day event in London
Six people are arrested following the event in central London.

A wine a mile: Marathon runner tastes 25 glasses
Tom Gilbey sampled 25 wines in a blind taste test challenge correctly identifying 21.

What is the UK's plan to send asylum seekers to Rwanda?
The UK government has passed new legislation to let it send some asylum seekers to Rwanda.

Why a plane to Rwanda won't be taking off any time soon
The Rwanda bill has finally been approved - but planes won't be taking off imminently.

Chris Mason: Measure draws election dividing line
Ministers believe the novel deportation scheme is worth a try, but Labour plans to get rid of it.

Hope Hostel in Rwanda says it's ready for first migrants from UK
Rwanda is gearing up to welcome deported asylum seekers now the landmark UK bill has passed.

Bruises and broken ribs â Palestinian deaths in Israeli prisons
The prison service did not directly address reports 13 prisoners had died since last October.

Could House of the Dragon star change the face of gaming?
Abubakar Salim set up his own studio to tell a personal tale of grief inspired by his Kenyan heritage.

How robots are taking over warehouse work
At Ocado's newest warehouse robotic arms are helping to pack customer orders.

How does government borrowing work?
How does government borrowing work, and how and when is the money paid back?

Booing your own anthem - Hong Kong and a dilemma
Beijing's increasing influence has led to speculation that Hong Kong's days of an independent football scene are numbered.

Drag queen Lady Bushra on life, laughs and Bradford
Lady Bushra, one of the UK's best-known British Asian drag queens, opens up about his first UK tour.

Olly Alexander to bring Eurovision magic to EastEnders
This year's UK Eurovision entrant will make a surprise visit to Walford next month.

NYC campus extends remote classes amid Gaza protests
The hybrid learning comes amid reports of antisemitic harassment around Columbia University.

Male hippo in Japanese zoo found to be female
A DNA test was carried out because Gen-chan did not display typical male hippo behaviour.

New Prince Louis birthday photo taken by Kate
A new photograph has been released to mark the sixth birthday of Prince Louis.

'Seagull Boy', nine, wins European competition with uncanny impression
Cooper, from Derbyshire, travelled to Belgium to take part in the competition.

Richard Gadd asks viewers to stop Baby Reindeer speculation
The Netflix series depicts the true story of a stalker who harassed Gadd over a number of years.

Sausage dog eats woman's cheek after attack
Kelly Allen has been left with a facial scar after the small dog bit her at a friend's house.

Harewood says actors should be allowed to use blackface
The Homeland star says any actor should be able to play any character, in an interview with the Guardian.

Two for Havertz and White as Arsenal thrash Chelsea
Arsenal move three points clear at the top of the Premier League with a crushing victory over Chelsea at Emirates Stadium.

Slot a leading candidate to succeed Klopp
Feyenoord's Arne Slot is a leading candidate to take over as Liverpool manager at the end of the season.

Reaction to FA Cup semi win a disgrace - Ten Hag
The reaction to Manchester United's FA Cup semi-final win over Coventry City has been "embarrassing" and "a disgrace", says manager Erik ten Hag.

Dart joins Raducanu and Boulter in Madrid Open
Harriet Dart joins fellow Britons Emma Raducanu and Katie Boulter in the main draw of the Madrid Open.

Download now
Top stories, breaking news, live reporting, and follow news topics that match your interests

Rishi Sunak goes on the defensive
And, Huw Edwards resigns from the BBC on medical advice

Rare Dumbo octopus captured on camera
A rare Dumbo octopus is spotted deep in the Pacific Ocean.

Who gets 15 hours of free childcare and how do I apply?
Parents in England can now access 15 hours of free weekly childcare for their two-year-olds.

Childcare shortage worsens as costs rise â report
Fewer than a third of councils in all areas have enough spaces for children under two, a charity finds.

Can you afford to take your children on days out?
Parents and a play centre owner say they are feeling the squeeze when it comes to costs.

Mum wishing son's life away in free childcare wait
Alex McGinn is waiting for her son to turn three so he qualifies for 30 hours of free childcare.

GP fears NHS career over after he's let go by text
Dr John Cosgrove, 49, says his agency told him he was no longer needed by text message.

Alliance South Down MLA Patrick Brown resigns
The party said Mr Brown, first elected in 2022, was quitting due to "personal reasons".

Two airlifted to hospital after light aircraft crashes
Police Scotland confirm two people were on board when the crash happened near Prestwick Airport.

Wales' 20mph overhaul to start in September
Process to revert some roads from 20mph to 30 to begin in the autumn, minister says.

This content is from multiple sources including BBC News and BBC Sport