UK National Cyber Security Centre.
UK National Cyber Security Centre Feed This includes feeds from report, guidance and blog-post
- New guidance on securing HTTP-based APIson April 3, 2025 at 6:28 am
Why it’s essential to secure your APIs to build trust with your customers and partners.
- Protective DNS for the private sectoron April 1, 2025 at 8:25 am
Advice on the selection and deployment of Protective Domain Name Systems (DNS).
- Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectorson March 31, 2025 at 3:53 pm
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
- CyberFirst Girls Competition: a proud milestone and exciting futureon March 24, 2025 at 3:12 pm
The future of the CyberFirst Girls Competition and reflecting on brilliant progress.
- Privileged access workstations: introducing our new set of principleson March 24, 2025 at 12:46 pm
Principles-based guidance for organisations setting up a PAW solution.
- Passkeys: they’re not perfect but they’re getting betteron March 24, 2025 at 7:55 am
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
- Passkeys: the promise of a simpler and safer alternative to passwordson March 24, 2025 at 7:39 am
The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this
- Timelines for migration to post-quantum cryptographyon March 20, 2025 at 3:31 pm
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
- Setting direction for the UK’s migration to post-quantum cryptographyon March 20, 2025 at 8:00 am
Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.
- A different future for telecoms in the UKon March 20, 2025 at 7:44 am
NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.
- Security, complexity and Huawei; protecting the UK’s telecoms networkson March 20, 2025 at 7:42 am
With 5G set to transform mobile services, Ian Levy explains how the UK has approached telecoms security, and what that means for the future.
- Use of Russian technology products and services following the invasion of Ukraineon March 20, 2025 at 7:41 am
Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC’s Technical Director, explains why.
- The future of telecoms in the UKon March 20, 2025 at 7:40 am
NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK’s telecoms networks are secure – regardless of the vendors used.
- So long and thanks for all the bitson March 20, 2025 at 7:39 am
Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.
- TLS 1.3: better for individuals – harder for enterpriseson March 20, 2025 at 7:38 am
The NCSC’s technical director outlines the challenges that TLS 1.3 presents for enterprise security.
- Thinking about the security of AI systemson March 13, 2025 at 12:05 pm
Why established cyber security principles are still important when developing or implementing machine learning models.
- There’s a hole in my bucketon March 13, 2025 at 12:02 pm
…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’
- The problems with patchingon March 13, 2025 at 12:00 pm
Applying patches may be a basic security principle, but that doesn’t mean it’s always easy to do in practice.
- The strength of the ICS COI is the teamon March 13, 2025 at 11:57 am
Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK.
- The security benefits of modern collaboration in the cloudon March 13, 2025 at 11:53 am
By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’.
- The problems with forcing regular password expiryon March 13, 2025 at 11:50 am
Why the NCSC decided to advise against this long-established security guideline.
- The logic behind three random wordson March 13, 2025 at 11:50 am
Whilst not a password panacea, using ‘three random words’ is still better than enforcing arbitrary complexity requirements.
- The future of Technology Assurance in the UKon March 13, 2025 at 11:43 am
Chris Ensor highlights some important elements of the NCSC’s new Technology Assurance strategy.
- The Cyber Assessment Framework 3.1on March 13, 2025 at 11:30 am
Latest version of the CAF focusses on clarification and consistency between areas of the CAF.
- Thanking the vulnerability research community with NCSC Challenge Coinson March 13, 2025 at 11:29 am
Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.
- Terminology: it’s not black and whiteon March 13, 2025 at 11:24 am
The NCSC now uses ‘allow list’ and ‘deny list’ in place of ‘whitelist’ and ‘blacklist’. Emma W explains why…
- Telling users to ‘avoid clicking bad links’ still isn’t workingon March 13, 2025 at 11:22 am
Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing.
- Tackling the ‘human factor’ to transform cyber security behaviourson March 13, 2025 at 11:22 am
ThinkCyber’s CEO Tim Ward reflects on the challenges that startups face when developing innovative products.
- Supplier assurance: having confidence in your supplierson March 13, 2025 at 8:36 am
Questions to ask your suppliers that will help you gain confidence in their cyber security.
- Studies in secure system designon March 13, 2025 at 8:36 am
Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles