The Deputy Director of the United Kingdom’s National Cyber Security Centre (NCSC) held a presentation at the Ministry of Defence at the end of September. The event was organized by the Defence Policy Directorate and the Independent Sector for Information and Communications and was attended by the employees of the Ministry of the Defence and the Croatian Armed Forces as well as other ministries, agencies, bureaus and national institutions.

Peter Yapp is a Certified Information Systems Security Professional (CISSP) with over 25 years of experience in cyber security and computer forensics. He has been the Deputy Director of Incident Management at the NCSC since 2016. Prior to that, he was the Deputy Director of Operations at CERT-UK (Computer Emergency Response Team – United Kingdom) and worked at Accenture, where he managed a team of 50 people spread out in 5 locations around the world.

The NCSC is a part of Government Communications Headquearters (GCHQ), an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance to the government and armed forces of the United Kingdom. It is a government institution with the primary task of providing counsel and support to the public and private sector with the aim of strengthening cyber security. The NCSC helps protect critical services and infrastructure from cyber-attacks, manage big cyber incidents and improve the safety of the Internet in the UK. Its vision is to assist the UK in becoming the safest place to live in and conduct business online. Currently, it employs approximately 1000 people.

In his presentation, Yapp described some of the most important areas of operation of the NCSC, such as publishing expert, reliable and independent guides for improving cyber security of the UK’s industry, government departments, critical national infrastructure and private small and middle-sized companies. Further, it spreads warnings about cyber threats and gives counsel regarding cyber-attacks uncovered in the UK and the ways of alleviating their consequences. It also plays a key role in securing the conditions for the UK to function safely in the cyberspace by collaborating with the industry, the government and the academic community, supporting new generations of students and researchers in the field of cyber security and encouraging the development of innovations in the field.

There was a lot of interest for the UK’s experience and the speaker was asked many questions about the organization, the procedures, the education, the provision of experts, the development of consciousness about cyber security, etc.

Such an event is of great importance for the Ministry of Defence and the Croatian Armed Forces as they go through the process of developing capabilities for cyber defence and forging partnerships with other countries; the field of cyber defence is very complex and is developing at a quick pace, so an exchange of experiences and knowledge among experts in this field is very useful.

The Ministry of Defence and the Croatian Armed Forces have begun with a systematic development of cyber defence capabilities by setting up bodies responsible for cyber defence. In April 2012, CERT MO and OSRH (Computer Emergency Response Team – the Ministry of Defence and the Croatian Armed Forces) was founded by a ministerial decree and given the basic task of providing support in the co-ordination of prevention of cyber attacks and responding to computer and security-related incidents happening to employees and organizational units within the Ministry of Defence and the Croatian Armed Forces. CERT was set up as a functional body, not as a permanent organizational unit. Its employees meet up occasionally, when needed. Their task is to prevent and respond to computer and security-related incidents in information systems managed by the Ministry of Defence and the Croatian Armed Forces. They coordinate their work with other CERT teams in the Republic of Croatia, NATO bodies for cyber defence and NATO member countries. The collaboration is particularly strong in the domain of exchanging information on threats to information systems, sharing information on cyber-attacks, etc.

The Ministry of Defence and the Croatian Armed Forces have been developing their cyber defence capabilities through the adjustment of internal organization, international military co-operation, participation on expert seminars, symposiums and conferences, the conduct of national cyber exercises and participation in international cyber exercises.

In the field of military cooperation, it is particularly important to mention the collaboration with the Minnesota National Guard from the USA, with whom the Ministry of Defence and the Croatian Armed Forces have organized a string of workshops, seminars and exercises related to cyber security. Currently, great efforts are being invested into finding optimal organizational solutions which would enable a faster development of necessary cyber capabilities.

The employees of the Ministry of Defence and the Croatian Armed Forces have organized or participated in the following exercises:

• Cyber Coalition – leading NATO cyber exercise the aim of which is to test and train employees responsible for the defence of NATO and national networks. The Ministry of Defence and the Croatian Armed Forces have been active participants of this exercise since 2013.
• Cyber Europe – the largest exercise in the EU organized by the European Agency for Network and Information Security (ENISA). Cyber Europe is an exercise which simulates large cyber incidents that escalate into cyber crises. The exercise offers the possibility of analysing advanced cyber incidents as well as solving problems related to securing business continuity and crisis management. The Ministry of Defence and the Croatian Armed Forces have been active participants of this exercise since 2016.
• Spider’s Web 2017 – national military cyber exercise the aim of which is to train the employees of the Ministry of Defence and the Croatian Armed Forces in decision-making processes, tactical and operative procedures and the exchange of information on cyber threats and attacks on a tactical level.
• Cyber Shield 2018 – a simulation exercise in which the key decision makers on the national level, gathered in the Homeland Security System Coordination, had a chance to test the functioning of the cyber crisis management system.