ACD 2.0 – what you need to know
An initiative of the National Cyber Security Centre (NCSC) since 2017, the Active Cyber Defence (ACD) programme has provided a range of free cyber security tools and services to enable eligible public sector organisations to address high-volume commodity attacks.
Following on from its success, the NCSC has announced plans to launch a new version of ACD, aimed at extending its benefits to businesses. In this article, we outline ACD, the key principles of ACD 2.0 and how the NCSC intends to progress towards the updated version of the initiative.
What is ACD?
The NCSC developed the ACD programme to provide free services to UK government departments to help enhance their basic level of cyber security. Over time, it has extended these tools and services to other sectors, such as education. ACD’s overarching goal is to “Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber-attacks the majority of the time.”
Its services fall into four key areas:
- Self-service checks, including early warning
- Detections deployed by organisations, such as a Protective Domain Name Service (DNS) filtering and Vulnerability Disclosure
- Disrupt and defend, such as a Suspicious Email Reporting Service (SERS) and Share and Defend Capability
- Enablers, providing common platforms underpinning multiple ACD services
Examples of the specific types of services provided through ACD include MailCheck, which helps organisations to assess and improve email security compliance to prevent criminals spoofing email domains, and Early Warning, a free service that notifies members about potential attacks, compromises, vulnerabilities or open ports on their networks. The NCSC’s sixth annual ACD report in July 2023 outlined some of the
initiative’s successes, such as a record-breaking 7.1 million reports of potentially malicious emails.
Why is ACD changing?
The NCSC is planning to update the ACD to create ACD 2.0 in response to evolving threats and the emergence of new types of services in the cyber security market. Set to be available to all sectors, ACD 2.0 will develop a “next generation” suite of cyber security tools and services that aim to address gaps in the commercial market.
The NCSC has set out the following principles for ACD 2.0:
- The NCSC will only deliver solutions where the market is not able to, whether this is due to its unique position in government, scaling abilities, capabilities or authorities.
- The NCSC will look to divest most of its new successful services within three years. This will be to another part of government or the private sector and will be on an “enduring” basis.
How will ACD 2.0 be developed?
The NCSC will run a series of experiments to ensure that the services which make up ACD 2.0 are able to provide the relevant level of support. This process will involve assessing its attack surface management suite and running experiments alongside industry providers. As part of this, the NCSC is looking for organisations in government, industry and academia to approach it on any attack surface management product, or to provide ideas for other experiments it could run in the future.
How Kroll can help
The proposed changes to ACD highlight the importance of ensuring a consistent approach to security. Kroll enables organisations to achieve this through Kroll Responder, our award-winning Managed Detection & Response (MDR) solution, helping organisations to more easily and effectively identify, manage and mitigate cyber threats. Our services are informed by our status as the world’s incident response leader, and our experience of responding to over 3,000 security events every year. This unique track record means that companies from all over the world also count on us for proactive cyber security planning and mitigation strategies.
Kroll has identified 10 essential security controls that every organisation can implement to help enhance their cyber resilience. Developed by Kroll’s security experts, this list of essential controls can help to significantly improve your security posture. For more details, including hands-on support, Kroll’s global team of elite experts are here to help with comprehensive cyber risk solutions available worldwide.
