The UKCSC

When tasked with naming the UK Cyber Security Council – the newly minted crack cyber council from the government. It seems some blindingly obvious errors were overlooked by the committee.

The first, which is simply inexcusable after the lengthy planning stages is the initial press release. They have been planning a March 2021 release since 2018. So you might be thinking they have already secured some email addresses and the much-needed infrastructure that an independent council of this size will need. Well, kind of…

The press release from the UKCSC asked the media to email [email protected] but one internet sharpshooter noticed https://ukcybersecurity.org.uk wasn’t registered and promptly registered it:

So you’re quickly into an awkward position, seeing as these organisations are supposed to somehow fix our problems with all things digital.

Why wouldn’t they just register ukcsc.co.uk and keep it simple? A few taps into a browser later and it’s obvious why. In fact, for such a lengthy organisation title it becomes apparent why you never see UK Cyber Security Council as an acronym anywhere official. They did actually register UKCSC as a trademark, but they seem to be hesitant on using it.

The real UKCSC

Well if the first error was somewhat hazardous, the second one borders on comical.

The UKCSC is a fairly well-established organisation, advocating for adult use of cannabis to be legalised. They have a network of members-only clubs lobbying where they can. Check them out here. Considering they have been operating since 2011, I am scratching my head how the security council registered that ‘UKCSC’ trademark, especially as it covers some overlapping classes.

Maybe an obvious difference to someone looking for services the UK Cyber Security Council do offer, such as “Thought Leadership and Influence”. But it does make me think of the future hashtags and mentions in social media and how the two will undoubtedly be mixed at some point. #UKCSC if you are curious.

Can we stop the scams now?

Whilst this blog post is having a joke at the UK Cyber Security Council, I do dream of a world where these committees would actually listen to humble geniuses like @TheRealRevK and we can all laugh with the nerds in London together. Actually preempt issues and make the internet better.

Domain impersonations, brand hijacking and frauds are plaguing the UK at the moment. We see the likes of Royal Mail, DVLA and HMRC dragged through the mud by criminals that have stopped fearing arrest.

The most common by far are phishing attacks (for 83% and 79% respectively), followed by impersonation (for 27% and 23%). Broadly, these patterns around frequency and threat vectors are in line with the 2020 and 2019 results.

NCSC – Cyber Security Breaches Survey 2021

You might not know that the penalty for stealing an item of post from Royal Mail is a 3-year minimum sentence. But if you do that online you’ve got to shout like a mad man to domain registrars on Twitter for help. You tell people that should care and it’s just ignored. It doesn’t need an other tea and biscuits meeting, it needs people that care.

The UK needs sharp changes in this arena and I’m not convinced this is going to come from another panel of appointed experts. The solutions are blisteringly simple, but will their desire to make money and ignore the less glossy key issues get the best of them?! I would love to be proved wrong and hopefully some Ipsos MORI survey in a few years shows this cynical blog was incorrect and scams are in decline in the UK. I would like that.

EDIT: If you want ukcybersecurity.org back, just ask and we will hand it over. We registered it to stop it being used for scams.

EDIT 2: The official website is supposedly ukcybecuritycouncil.org.uk but the website is down 3 days after the press release.