The UK’s National Cyber Security Centre (NCSC) is ‘stepping up support’ for the National Health Service to help protect UK hospitals and other healthcare organisations against cyberattacks.

The NCSC’s Annual Review 2020 reveals that the cyber arm of GCHQ has handled more 200 cyber incidents related to coronavirus during the course of this year – almost a third of the total number of incidents it was called in to help with over that period.

And due to the urgency of securing healthcare during the coronavirus pandemic, the NCSC has been helping the NHS to secure itself against cyberattacks.

That includes performing threat hunting on 1.4 million NHS endpoints in an effort to detect potentially suspicious activity and scanning over one million NHS IP addresses to detect cybersecurity weaknesses.

“The second half of the year for us, as it has for everyone else, has been dominated by the response to COVID,” said Lindy Cameron, CEO of the NCSC.

“What we’ve done as an organisation is really pivot towards the health sector to try and give them the best support we can in thinking about their cyber defence to let them focus on responding to the pandemic,” she added.

The NCSC also helped roll out Active Cyber Defence services, including Web Check, Mail Check and protective DNS, to 235 front-line health bodies across the UK, including NHS Trusts to help protect them against phishing attacks and other threats.

“We’ve taken our active cyber-defence portfolio and pivoted it towards the health sector with 230 health bodies using our active cyber defence. That’s all part of the support we’ve given to NHS Digital to help them help the health sector,” Dr Ian Levy, NCSC technical director, told ZDNet.

“We’re stepping up our support quite significantly,” he continued, adding: “Obviously it’s still for individual trusts to protect themselves along with NHS Digital and ourselves, but we’re really trying to take them the knowledge about the threat and actioning support in the sector at large”.

More than 160 instances of high-risk vulnerabilities have been shared with NHS Trusts during the course of this year while the NCSC has also had to deal with over 200 incidents related to the UK’s coronavirus response – including Russian cyber espionage targeting coronavirus vaccine development.

The 200 coronavirus-related incidents make up a significant chunk of the total number of 723 cyberattacks involving almost 1,200 victims that the NCSC has helped deal with during the course of the past year, a figure up from 658 in the previous year – and the highest number of incidents since the NCSC was set up. It’s also a number that’s likely to continue rising as cybercriminals get more ambitious.

The review also notes that the NCSC has dealt with three times more ransomware attacks than it did last year as attacks become more targeted and more aggressive.

“The expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic,” said Jeremy Fleming, director of GCHQ.

“The years ahead are likely to be just as challenging, but I am confident that in the NCSC we have developed the capabilities, relationships and approaches to keep the UK at the forefront of global cybersecurity,” he added.

Stating there is clear evidence of collusion between Huawei and the Chinese state, the Parliament’s Defence Committee has recommended that Huawei-supplied equipment should be removed from the UK’s 5G networks by 2025 instead of 2027 which is the existing deadline.

The Parliament’s Defence Committee is chaired by Conservative MP Tobias Elwood and other MPs in the committee are Stuart Anderson MP, Sarah Atherton MP, Martin Docherty-Hughes MP, Richard Drax MP, Rt Hon Mr Mark Francois MP, Rt Hon Kevan Jones MP, Mrs Emma Lewell-Buck MP, Gavin Robinson MP, Rt Hon John Spellar MP, and Derek Twigg MP.

On Wednesday, the Defence Committee released its report on The Security of 5G, offering a number of recommendations and advice for the government to find a balance between technological advancement and the UK’s national security, including rushing out Huawei from the country’s 5G networks and introducing the Telecoms Security Bill at the earliest.

Huawei equipment should be replaced by 2025 instead of 2027

The Committee expressed its support for the government’s goal of removing Huawei from the UK’s 5G networks by 2027 but said that in light of recent developments, it is feasible to push forward the deadline to 2025 and the government must compensate operators if the 2027 deadline is moved forward.

The shifting of the deadline must have been prompted due to UK network operators quickly signing long-term contracts with the likes of Nokia, Ericsson, and Samsung after the government announced its decision to remove Huawei-supplied equipment from the UK’s 5G networks by 2027.

In late September, BT selected Nokia as its principal 5G RAN vendor in the UK, allowing the Finnish company to supply its AirScale Single RAN (S-RAN) portfolio for both indoor and outdoor coverage, including 5G RAN, AirScale base stations, and Nokia AirScale radio access products. Aside from offering higher capacity benefits to consumers at ultra-low latencies, Nokia will also reduce complexity, increase cost efficiency, optimize BT’s 2G and 4G networks, and help develop BT’s OpenRAN ecosystem.

In June, Ericsson agreed to a “substantial network modernisation programme” with O2. The deal involved Ericsson deploying its 5G RAN network across the UK and also upgrading O2’s existing 2G/3G/4G sites. “Leading products and solutions from the Ericsson Radio System portfolio will be used in the deployment, which includes new multiband and wide-band 5G radios as well as new 5G-optimized basebands to build sustainable sites in preparation for future increases in 5G coverage and capacity,” the company said.

Indicating that merely forcing Huawei out of the UK is not the final solution but one of the steps the government needs to take to preserve the UK’s national security, the Defence Committee said the government, as well as mobile service operators, should continue investment in OpenRAN technology to move away from the current consolidated vendor environment to one in which operators no longer have to consider which vendor to source from.

The government should also work with mobile network operators to bring in new vendors to the UK and also encourage the development of industrial capability in the UK, the Committee recommended.

“We must not surrender our national security for the sake of short-term technological development. This is a false and wholly unnecessary trade-off. A new D10 alliance, that unites the world’s ten strongest democracies, would provide a viable alternative foundation to the technological might of authoritarian states, whose true motives are, at times, murky.

“Democracies the world over are waking up to the dangers of new technology from overseas, that could inadvertently provide hostile states access to sensitive information through the backdoor,” said Tobias Ellwood MP, Chair of the Defence Committee.

“The West must urgently unite to advance a counterweight to China’s tech dominance. As every aspect of our lives becomes increasingly reliant on access to data movement we must develop a feasible, practical and cost-effective alternative to the cheap, high-tech solutions which can be preyed upon and which come stooped with conditions which ensnare a state into long-term allegiance to China,” he added.

Telecoms Security Bill a must to preserve national security

The Defence Committee also batted for the Telecoms Security Bill, stating that the bill will bring regulations up to date and will allow the government to compel operators to act in the interests of security. Recommending the introduction of the bill no later than 31 December this year, it said the bill will help the government avoid a situation where short-term commercial considerations are placed ahead of those for national security and defence.

The Telecoms Security Bill is slated to be introduced in the Parliament in the coming days and once it is passed, it will make it illegal for network operators to retain Huawei-supplied equipment or to purchase equipment from the company beyond 2027.

“Members sought a commitment from the Government to remove Huawei equipment from our 5G network altogether. That is why we have concluded that it is necessary, and indeed prudent, to commit to a timetable for the removal of Huawei equipment from our 5G network by 2027. Let me be clear: this requirement will be set out in law by the telecoms security Bill. By the time of the next election, we will have implemented in law an irreversible path for the complete removal of Huawei equipment from our 5G networks,” said Oliver Dowden, the Secretary of State for Digital, Culture, Media and Sport in July.

This week, I attended Microsoft Ignite, and one of the sessions that caught my attention involved Microsoft Teams. The video conferencing market has been gravitating to two main offerings of late: Teams and Zoom. Large companies often use Teams, while Zoom is more common with smaller companies, charities and individuals.

Let’s talk about video conferencing, both from the perspective of the latest Microsoft Teams updates and what I expect to come next.

A little video conferencing history

I started covering video conferencing in the late 1980s. Since them, on almost a decade-long cadence, the vendors providing solutions changed, the quality of video improved, but the software pretty much did the same thing. The systems also got more and more expensive, until lately theyve begun getting cheaper and cheaper.

The main problem: getting people to use these systems rather than commuting to an event. Employees didn’t want to give up in-person meetings, and so we never really got to a critical mass of dedicated users that could drive innovation and improvement.

This year’s pandemic changed all that.

Now, people don’t want to go to meetings physically and would instead rather interact virtually. This has led to increased investment in video conferencing platforms and increased competition among vendors. The renewed focus recent innovation have combined to push more advances in a few months than we saw in all the decades I’ve covered this segment.

At Ignite, Microsoft showcased a series of enhancements to Teams that arguably makes it the feature leader – for now. But we aren’t done yet, and I’m expecting more improvements in this segment well into next year. The result of all these trends is that by the end of this pandemic, we may have primarily killed the preference for in-person meetings.

The Microsoft Teams updates

In July, Microsoft unveiled a series of updates that significantly changed how you might do a Teams meeting. One of the most interesting was Together Mode, which, rather than showing a bunch of individual windows for each user, places everyone on the same page – positioned as if they’re in a board meeting (for a small group) or an audience (for larger groups). The latter could help TV shows and political events where entertainers or speakers are used to feeding off an audience and are currently struggling without one. While this might help the conference leader, individual users got exciting enhancements, too.

One of these enhancements is Dynamic View. It allows you to configure your screen in a way that makes the most sense for you. You can choose to see only the folks who are speaking, focus on content, or keep your friends on the screen (and get rid of the jerks).

One other interesting feature is the Reflect Message Extension, which gives teachers and managers a way to check on the safety and health of employees and students.  This extension provides suggested check-in questions to help surface problems users may be having with the pandemic, whether it’s related to many of the natural disasters now occurring or simply from being stuck at home.

Teams is also getting Breakout Rooms, something Zoom had first. One of the near-constant complaints about large virtual events is that people can’t talk – either because too many others are doing so or because everyone is muted. Breakout Rooms allow an organizer to create separate rooms of people (all watching the same presentation) who can chat with each other, and the speaker can visit each room for post-presentation Q&As.

Also new is the ability to provide an automatic post-meeting transcript, along with a recording and shared files. I’ve often been to meetings in person where the notes are sparse, and people who agreed to do things later deny they made any such agreement. So these kinds of transcripts would be a major benefit.

One last feature that caught my interest is Teams’ integration with RealWear wearable devices. This capability allows someone in the field to interact with people in a meeting. Let’s say a board wanted to review a remote site, or view a massive new product, or get feedback from a disaster mitigation team in the field. And, of course, this feature would help with remote support and training, or allow multiple people in the field to coordinate their actions and pool their skills.

This list isn’t exhaustive; I simply focused on those elements that jumped out at me.

Wrapping up: The future

The enhancements I’ve noted should improve remote video conferencing significantly, but I can see some trends emerging. Qualcomm, NVIDIA, and Intel have announced hardware designed to enhance video conferencing; what they’ve talked about points partially to what is coming.

Enhanced Together Mode: The current Together mode creates a visual framework and places meeting attendees in it. But these elements look artificial, just as taking a bunch of heads and placing them on a table wouldn’t look natural. This approach, while better than what we had, isn’t ideal. I expect this to evolve so the entire scene can be rendered real-time, making the result look far more real, and less like someone putting a bunch of screens on chairs.

Automatic Personal Image Enhancement:  Using similar graphics technology could allow you to show up for a virtual meeting without any make-up or personal hygiene and still look \ well dressed and perfectly groomed. I’ve seen several people show up for virtual meetings poorly dressed, lacking make-up, looking like they just got out of bed. This feature would change that.

Automated interaction:  Microsoft has the lead in translation, voice-to-text, text-to-voice and embedded AI. Using these capabilities, along with notes from the speaker and past events, AI should be able to respond to questions on behalf of the speaker at scale while capturing conversations for future follow-up.

Other features likely to emerge: self-centring and auto-panning fixed cameras;  improved noise cancellation; more choices on how to blend a presentation and the speaker into the same frame; and automatic blocking of folks who attempt to disrupt a meeting (Zoom Bombing).

As these systems advance, I expect the need to meet in person to become obsolete, and we’ll finally be able to say goodbye to most business travel. That future we’ve been shooting for since the 1980s maybe soon be here.

More than one in five (21%) UK workers feel more vulnerable to cybercrime since the start of the COVID-19 pandemic, according to a new study by PwC.

Stress or fatigue was the most common factor (35%) cited by those workers, followed by lack of skills and training to stay safe from cybercrime whilst working from home (19%).

Of the 1200 UK workers surveyed last month, nearly a third (32%) said they had observed an increase in speculative criminal activity, such as suspicious emails or malicious adverts and links.

Additionally, 22% revealed they considered themselves to be more vulnerable to a cyber-attack when they shared personal details with hospitality venues such as pubs and restaurants for contact tracing reasons. However, PwC noted the survey was conducted before the introduction of the UK government’s new NHS Test and Trace app, which will “hopefully allay some of the public’s fears.”

Daisy McCartney, cybersecurity culture and behaviour lead at PwC, commented: “Cyber-criminals are above all opportunistic and we are seeing them use the fear, uncertainty and stress around COVID-19 to target their victims and play on their emotions. As COVID-19 continues to dominate the news agenda, messaging related to vaccines, cures and financial relief will likely be used to target people.

“It is therefore understandable that people are feeling vulnerable to cybercrime, and according to our survey, 19% of people working from home during the pandemic do not feel that they have the necessary skills and training to keep safe from a cyber-attack. However, people should not feel helpless, there are simple steps they can take to protect themselves and just gaining an awareness of how criminals might seek to target them is a good start.”

McCartney added that with many workforces continuing to operate remotely amid the ongoing pandemic, it is vital that employers provide additional cybersecurity support and training for their staff at this time.

An increase in cybersecurity incidents has been observed this year, with malicious actors exploiting the major operational challenges faced by organizations. These have included COVID-themed phishing and malware attacks.

Chris Gaines, lead cybersecurity partner, PwC added: “We have seen a spike in cybersecurity incidents this year with criminals exploiting the challenges that people and organizations are facing from COVID-19. Many of these incidents were linked to ransomware attacks and some of them were accompanied by data breaches. Analysis by our Threat Intelligence team has shown that the pace and frequency of ransomware attacks are rising all the time.”