Beyond Firewalls: NCSC Explores Cyber Deception’s Potential
The United Kingdom’s National Cyber Security Centre (NCSC) has called upon organizations across the country to extensively implement cyber deception technologies as part of a national strategy for cyber defense.
At the heart of the NCSC’s initiative lies the belief that cyber deception technologies can significantly enhance the effectiveness of cybersecurity in specific scenarios. The agency aims to build a robust evidence base that will confirm the efficacy of these technologies and enable their widespread deployment on a national scale within the framework of the Active Cyber Defence 2.0 program.
Two key areas for the application of cyber deception technologies include:
- Low-interaction solutions, such as digital traps and honeytokens, which detect unauthorized access to systems and are particularly effective when employed universally across organizations.
- Both low and high-interaction solutions: Honeypots that gather intelligence on cyber threats at both the internet scale and within individual instances. These solutions are designed for organizations with advanced security systems and for cybersecurity MSP providers.
The key tools in this context include:
- Tripwires—systems that engage with attackers and reveal their presence in the network.
- Honeypots—decoys created to lure hackers into interacting with them, enabling the observation of cybercriminal activities and the collection of intelligence.
- Breadcrumbs—digital artifacts distributed throughout a system that entice attackers to engage with the traps.
There was also discussion of synthetic methods that could undermine the effectiveness of adversarial actions; however, such approaches extend beyond the current objectives of the NCSC’s cyber defense tasks.
Shortly, thousands of cyber deception solutions are planned to be deployed across the British internet and cloud environments:
- 5,000 instances on the UK internet of low and high interaction solutions across IPv4 and IPv6
- 20,000 instances within internal networks of low-interaction solutions
- 200,000 assets within cloud environments of low interaction solutions
- 2,000,000 tokens deployed
The primary goal of these studies is to answer several key questions: How effective are cyber deception technologies in detecting hidden and novel breaches? Does the awareness of such technologies influence the behavior of attackers? These and other questions are set to be explored as part of the new initiative.
Furthermore, the objective of Active Cyber Defence 2.0 is to transfer the management of the next generation of tools to government institutions or private organizations, ultimately fostering a more resilient and robust system of defense against cyber threats.