The most critical of these is determining how to build a national cyber situational awareness capability to obtain a real time intelligence picture of the threat at both a granular and a national level. By being able to see where threats may emerge, from anywhere, and understanding how those threats may affect each nation, cyber authorities can make informed, prioritised decisions concerning how and where to deploy limited resources to best effect.
Building scalable capabilities for national cyber defence
One of the most valuable sources of data for national cyber defence is the traffic that transits the networks of Communications Service Providers (CSPs). However, accessing this data and transforming it into actionable intelligence is not simple; it requires a deep understanding of both CSP architecture and the cyber security domain, not to mention the issues around data volumes, quality and regulatory concerns. Simply scaling up enterprise cyber monitoring tools just doesn’t work.
BAE Systems has the relevant domain expertise and engineering skills to deliver a solution that can meet this challenge. Our National Network Cyber Centre (NNCC) solution is already deployed around the world, helping support customers improve their national cyber defence. With a range of cutting edge hardware and analysis capabilities, much of which can be hosted on virtual infrastructure, including cloud, our NNCC solution automatically scans all CSP data for indicators of compromise, as well as detects behavioural patterns that may be associated with emerging threats.
This empowers national authorities with critical intelligence that allows them to shape and prioritise an appropriate response with a high degree of confidence in their actions.
Automatic enrichment of all metadata and alerts
As alerts are generated, they are automatically enriched with reference data of use to cyber analysts. For alerts this includes the valuable insights provided by our Threat Intelligence service, which forms part of the NNCC solution and provides detailed, quality intelligence about the threat behind the alert.
This additional reference data gives alerts valuable context and insight, and aids analysts in rapidly triaging alerts and establishing what is important.
A Blueprint for National Cyber Defence Success
Through a rich heritage of working with partners in the cyber domain, BAE Systems has developed a blueprint for building an effective, highly automated and fully integrated NNCC. This incorporates a mix of technology including proprietary probes, machine learning, analytics, automation and enrichment of data from threat intelligence, a standard operating model, and a set of best practices and processes that can accelerate delivery. Much of this is specialised proprietary technology, born out of many years of experience, research and investment in this field.
Whilst we recommend building out such a capability in stages to incrementally mature the people, processes and technology, initial operational capability is typically in the hands of analysts inside three months.
Training and Support
Key to the BAE Systems NNCC blueprint, however, is understanding that technology alone is not enough: it requires appropriately skilled staff with the correct training to operate the equipment and resources at their disposal.
Where required, BAE Systems can facilitate knowledge transfer, with both formal courses and mentoring. This can include tradecraft on national cyber threat handling, which includes NNCC expertise and wider techniques. If required, we can also supply people for the specialist roles of the NNCC – such as data scientists – while a host nation builds their own team. During the NNCC’s operation, BAE Systems can support a long term capability through skills academies, threat briefings, and capability upgrades.
A trusted partner
With a heritage in both understanding CSP network data, as well as the cyber threat landscape, BAE Systems is a trusted partner for many at the forefront of providing national cyber defence.
Our NNCC solution is part of a suite of capabilities that can be deployed to support this mission, which also includes our capabilities around Advanced Security Operations Centres and advising on or building a national cyber security agency.
To learn more or to discuss trialling our four-week long BAE Systems NNCC demonstrator, please contact us and request a National Cyber Defence information pack