NCSC Announces New Standard For Indicators of Compromise

The UK’s National Cyber Security Centre (NCSC) has revealed details of its first RFC for standards body the Internet Engineering Task Force (IETF) – covering indicators of compromise (IoCs).

RFCs are reference documents containing technical specifications and organizational notes for the technical foundations of the internet. RFCs that reach a certain level of maturity can be thought of as akin to standards.

The NCSC’s RFC9424 is the culmination of three years of work, during which time the NCSC collaborated with industry experts including Ollie Whitehouse, now the organization’s CTO.

It is designed to provide an “informative reference” for IoCs, or “observable artefacts associated with an attacker,” according to NCSC senior internet standards researcher, Andrew S.

“In the document, we cover the IoC lifecycle from discovery to deployment, through to end of life, while the ‘pyramid of pain’ shows on a scale how different types of IoC are more or less painful for an attacker to change in order to evade detection,” he explained.

“We also include some real examples of how IoCs were used to respond to threats and cover how IoCs are used as part of a defence-in-depth strategy, and outline some considerations for their use.”

Read more on IoCs: Pro-Russian Hacktivist Group Targets Czech Presidential Election

Although those working in cybersecurity are more than capable of understanding the basics of IoCs, the same cannot be said of everyone working at the IETF and designing the future of the internet, which is why the RFC was written.

“Standards bodies like the IETF are where the design decisions that will define the internet of the future are made,” said Andrew S.

“Getting involved is a great opportunity not only to see these new ideas long before they’re deployed, but, more importantly, a chance to be part of the design process.”

The NCSC is also working on new terminology for post-quantum cryptography (PQP) in internet protocols.