UK’s cybersecurity centre seeks contributions to build comprehensive cyber deception evidence base

The UK’s National Cyber Security Centre (NCSC) recently brought together international and UK government partners, as well as industry leaders, to discuss the role of cyber deception in cyber defense. The event hosted by the NCSC in London underscored the potential of cyber deception technologies, such as digital tripwires, honeytokens, and honeypots, to enhance national cyber defense strategies. The NCSC aims to establish a comprehensive evidence base on the efficacy of these technologies by promoting their widespread deployment across the country. To achieve this, the NCSC invites public and private sector organisations to contribute to this initiative by sharing their experiences and outcomes from deploying these technologies (as defined by the UK NCSC):

• Tripwires: Systems designed to detect unauthorised access by interacting with threat actors, such as honeytokens, to disclose their presence within a network.
• Honeypots: Systems that allow threat actors to engage with them, providing opportunities to observe and collect data on their tactics, techniques, procedures, capabilities, and infrastructure for threat intelligence purposes.
• Breadcrumbs: Digital artifacts strategically placed within a system to lure threat actors into interacting with tripwires or honeypots, aiding in their detection and study.

To build a comprehensive evidence base on the effectiveness of these tools, the NCSC announced several objectives for this large-scale deployment :

• 5,000 instances of both low and high interaction solutions across the UK internet, covering both IPv4 and IPv6.
• 20,000 instances of low interaction solutions within internal networks.
• 200,000 assets of low interaction solutions deployed within cloud environments.
• 2,000,000 tokens deployed to bolster detection and intelligence-gathering efforts.

To contribute and participate in this consultation, you contact the UK NCSC at thfcd@ncsc.gov.uk.