UK government potentially skimps on senior cyber role salary as the NCSC calls for more investment in people, Microsoft talks up the potential for ChatGPT and the US moves to ban spyware. 

By Joe Fay 

U.K. Treasury Tries to Drive Down Inflation with Paltry Cybersecurity Salary  

The U.K.’s Treasury department is looking for an “experienced” Head of Cyber Security willing to work for £55,500. The successful candidate will be “working at the heart of Government in a time of momentous change and offering a level of exposure and challenge that is hard to find anywhere else”. Amongst other things, they will supervise specialist security processes and the provision of device security throughout the organization. Commentators have lambasted the proposed salary, saying that at the very least it is around £100,000 short. On the other hand, a closer read of the advert reveals the role involves managing “two cyber apprentices”. So, perhaps it’s actually a case of an over-inflated job title and unduly-enthusiastic description, rather than an under-inflated pay packet. 

NCSC Advises Business Chiefs to Get a Grip on Cyber Security  

The U.K. Treasury’s bargain basement ad came as its fellow government agency, the National Cyber Security Centre (NCSC), urged boards to “get to grips” with cyber risks and start investing in people. The call came as it launched a Cyber Security Board Toolkit to help leaders have “essential discussions” about cyber security with their organizations’ technical experts and key stakeholders. The toolkit includes documentation, podcasts and videos, including “an account of a ransomware attack on an industrial business from the eyes of its C-level team”. Amongst other things, the kit advises boards on the importance of an established and experienced workforce and encourages them to invest in their people. 

Whistleblower Lays Bare Russia’s Vulkan Hacking and Misinformation Operation  

A massive data leak has apparently exposed the workings of the St Petersburg-based NTC Vulkan. The Guardian newspaper reports that the “cybersecurity consultancy” is intimately connected to Russia’s domestic spy agency, the FSB, foreign intelligence organization the SVR, as well as the military intelligence arms GOU and GRU. Documents detail the organization’s tooling and its involvement in attacks on national infrastructure, disinformation, and malware attacks, including NotPetya. The documents were released by a whistleblower angered by the war in Ukraine. The Guardian said Western intelligence agencies said the files appear to be authentic and added that the Kremlin did not respond to requests for comment. 

Microsoft Launches Security Copilot – Your ChatGPT-Powered Wingman  

Microsoft has released Security Copilot, which it says will integrate “advanced OpenAI” models into its security tooling to help cyber security teams make sense of a deluge of information. In other words, ChatGPT will be supporting cyber defenders even as threat actors use the generative AI tech to finesse their own code and phishing lures. Microsoft said Copilot will “simplify complexity and amplify the capabilities of security teams by summarizing and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity.” And, it added, it will help address cyber skills shortages. The technology will initially be available as a private preview. 

Governments Pledge to Protect Civil Society In Cyberspace  

A group of democratic governments have committed to a joint statement on Cybersecurity of Civil Society Under Threat of Transnational Repression. The text recognizes the importance of civil rights and free speech, and the role of dissidents, journalists, human rights advocates and others, while noting “authoritarian governments” use of cyber means” to target them. The governments of Australia, Canada, Denmark, Estonia, France, Japan, New Zealand, Norway, the U.K., and the U.S. have all committed to “identifying actions” they can take to defend these groups and have launched a forum to share information and find ways to collaborate on and advance “cybersecurity for civil society around the world. 

White House Prohibits Spyware – At Least For Other Countries’ Spies  

U.S. President Biden has signed an executive order limiting the use of “commercial spyware” by the U.S. government. A statement on the order noted that such tooling was used by repressive governments, while “Democratic governments also have confronted revelations that actors within their systems have used commercial spyware to target citizens”. The order will prohibit “operational” use of such tools by the U.S. government. A closer reading of the order doesn’t seem to completely rule out U.S. use of such tools. Rather, the aim seems to be preventing commercial variants falling into the hands of hostile nations who will use them to silence critics and attack the U.S.