The UK’s leading cybersecurity agency has called on the country’s organizations to deploy cyber-deception technologies at scale, in a bid to assess their efficacy.
National Cyber Security Centre (NCSC) CTO, Ollie Whitehouse, said in a blog post this week that the aim is to “establish an evidence base for use cases” of cyber-deception at a national scale, to see how the technology might be adopted as part of its Active Cyber Defence 2.0 initiative.
He claimed there are two main uses cases that currently stand out:
- Low-interaction solutions like “digital tripwires” and “honeytokens” which alert organizations to unauthorized access
- Low-interaction and high-interaction honeypots designed to collect threat intelligence both at internet scale and in single organizations. These can also be deployed by managed cybersecurity service providers
The plan is an ambitious one. It aims to deploy a minimum of 5000 low- and high-interaction solutions on the UK internet, across IPv4 and IPv6, plus 20,000 low-interaction solutions inside internal networks.
In addition, Whitehouse wants to deploy 200,000 low-interaction solutions in cloud environments and two million honeytokens – fake IT resources designed to detect criminal activity.
He said the research aims to answer several key questions: how good are cyber-deception technologies at helping to detect latent and new compromises, and does knowledge of the presence of such technologies change threat actor behavior?
“We recognize the potential value of using cyber-deception technologies and techniques to support cyber defence, in certain situations,” said Whitehouse. “We are keen to work with public and private sector organizations in the UK who have deployed solutions as described above. If this is you, we would like you to get in touch.”
The initiative follows a “first-of-its-kind” conference of international and UK government partners and industry representatives at the NCSC’s headquarters.
The NCSC set out its plans for Active Cyber Defence 2.0 earlier this month, claiming it will usher in a new generation of cybersecurity tools and services to fill gaps in the commercial market.
The aim is for government departments or private sector organizations to take over the running of these services in time.
Read more on cyber deception: Insurer’s UK Honeypots Attacked 17 Million Times Per Day