Palo Alto Networks Alignment to the UK NCSC Cyber Assessment Framework

In the increasingly interconnected world, improving the security and resilience of critical national infrastructure is essential for protecting the UK’s national security and economic prosperity. There is clear recognition that the disruption or failure of critical services can have a significant impact at a national and regional level, causing significant consequences for businesses, governments and the citizens that rely on those services. As the Government highlighted in the cyber resilience consultation, launched in January 2022, recent “high-profile cyber attacks, such as the December 2020 SolarWinds supply chain compromise, [and] the May 2021 ransomware attack on the US Colonial Pipeline… demonstrate how malicious actors are able to compromise a country’s national security and disrupt activities in the wider economy and society."

In response to the rising threats to critical infrastructure entities, the UK National Cyber Security Centre (NCSC) developed the Cyber Assessment Framework (CAF) – guidance aimed at organisations responsible for vitally important services and activities that can be applied by businesses of any size within any industry. Currently, its application is required in certain sectors of the UK economy, covered under the Network and Information Systems (NIS) regulation of 2018. With the publication of the Government Cyber Security Strategy in January 2022, the UK Government has shown it intends to place greater emphasis on the CAF as a mechanism for critical entities to assess their cyber maturity.

The CAF defines four top-level objectives consisting of 14 principles with guidance on how to apply them. The principles are designed to help organisations make their digital services cyber resilient and demonstrate the level of resilience achieved. Critically, the principles are outcome-focused and describe good cybersecurity practices. Ultimately, the CAF describes the steps organisations need to take to prevent/minimise the impact of incidents through the deployment of appropriate and proportionate technical and organisational measures.

Palo Alto Networks believe the CAF provides a comprehensive framework by which organisations can move to a proactive and effective preventative posture. To support this journey, Palo Alto Networks have identified some key enablers that will assist with this transition and provide an achievable operational delivery:

Have Complete Visibility of Your Assets and Associated Risks — Focus on workflows, devices, locations and services. The capabilities of Palo Alto Networks can help organisations visualise their network, cloud and endpoint dataflows spanning all protected ingress and egress points, while accurately identifying thousands of different applications and services across all of the digital estate.

Reduce the Attack Surface — Define policies to mitigate the identified residual risks. Palo Alto Networks products and services can support this reduction of the attack surface across the complete digital estate, irrespective of location.

Prevent Known and Unknown Exploits — Inspect all remaining dataflows. Palo Alto Networks detection engines use classical signature-based patterns, behavioral analytics, machine learning and artificial intelligence techniques to help ensure that all aspects of your environment have the optimum automated prevention delivered in-depth at all critical points within your digital estate, not just at the network level.

Leverage Threat Intelligence and Visualisation — Ensure no accidental or unplanned changes have been made resulting in exposing weaknesses. Palo Alto Networks products and consulting services include dedicated specialist resources that can provide impact reports to assist with this continual analysis.

Undertake Vulnerability Management — Assist in the identification of operational and development vulnerabilities. Palo Alto Networks technologies will support real-time auditing and vulnerability analysis across the complete DevSecOps cycle. These technologies are suitable from dynamic container-based environments to more traditional server deployments.

Configuration, Management and Operations, Training and Exercises Need to Be Maintained — Support continual service management and improvement. Palo Alto Networks training and education programme has a range of consulting and professional services that can assist an organisation at all levels and stages of its journey.

Palo Alto Networks firmly believe that through partnerships and leveraging automated prevention, AI and machine learning, it is possible to implement the right capabilities and processes to protect against the cyber adversaries aiming to exploit the UK’s critical national infrastructure and operators of essential services.

Details of these enablers and how Palo Alto Networks can partner with your organisation can be found in our white paper. Read The UK National Cyber Security Centre Cyber Assessment Framework: An Approach to Successful Implementation.