In 2020, the NCSC released a white paper titled Preparing for Quantum-Safe Cryptography. This document highlighted the risks posed by future quantum computers, significantly larger and more advanced than current technology, to a vital segment of widely adopted cryptography known as public-key cryptography (PKC). PKC serves as the backbone for secure communication on the internet…
In 2020, the NCSC released an important white paper titled Preparing for Quantum-Safe Cryptography. This document outlined the potential dangers posed by future quantum computers, which could surpass current capabilities and threaten the security of widely used cryptographic methods known as public-key cryptography (PKC). PKC serves as the backbone for secure communications over the internet…
In 2020, the NCSC released a comprehensive white paper titled Preparing for Quantum-Safe Cryptography. This document outlined the potential risks posed by forthcoming quantum computers, which could vastly outstrip current technology in both size and capability, threatening a significant range of cryptographic systems. Among these, public-key cryptography (PKC) is crucial, as it underpins secure communication…
In the year 2020, the NCSC released a comprehensive white paper titled Preparing for Quantum-Safe Cryptography. This document outlined the potential risks posed by future quantum computers, which are expected to be far more advanced than any that currently exist. Such computers could significantly threaten a broad range of existing cryptographic systems, specifically those categorized…
The NCSC’s updated cloud security guidance introduces an important section on configuring and utilizing a Key Management Service (KMS) for secure key management in the cloud. This section outlines how data should be encrypted at rest and the expectations one should have from a KMS. During the preparation of this guidance, we uncovered several prevalent…
The National Cyber Security Centre (NCSC) has recently updated its cloud security guidance, which now features a thorough section on configuring and utilizing a Key Management Service (KMS) for secure key management in the cloud. This guidance outlines essential practices such as data encryption at rest and sets expectations for key management services. During the…
In the early days of the internet, a small group of cyber attackers successfully penetrated targets using basic perimeter attacks, like weak passwords on login services, and exploiting straightforward vulnerabilities in services. At that time, networks had limited telemetry and forensic capabilities, making it easier for attackers to gain access. As more organizations established their…
We are excited to release a set of documents aimed at assisting organizations in safeguarding their customers against various cyber-enabled crimes, including fraud. This updated guidance is applicable to any organization with an online presence, with a particular focus on those offering online customer accounts or those at risk of being impersonated by criminals attempting…
In my role as a security architecture consultant with the National Cyber Security Centre (NCSC), I am privileged to collaborate with critical national infrastructure (CNI) organizations in the public sector. The challenges they encounter in ensuring our safety are always intriguing. From safeguarding the United Kingdom’s energy grids and water supplies to securing transportation, healthcare,…
Notice This blog post is a revised version of a letter originally published in the Times. (opens in a new tab, subscription required) The recent series of significant cyber attacks serves as a crucial reminder of the ongoing threat we face. These incidents are not isolated; they reveal the daily realities encountered by the National…
