Early in 2022, the National Cyber Security Centre (NCSC) started using a protected version of the UbiOps platform which enables the earlier and easier use of its own data scientists’ models. This means that digital threats can be detected sooner and more efficiently, before they are analysed and announced to the community. Erwin Hazebroek, Head of Data & Analytics, and Mathyn Scheerder, Product Owner Analytics, spoke to us about what the NCSC has achieved with UbiOps and how it’s made their work easier and more efficient.
The National Cyber Security Centre is working towards a digitally secure Netherlands. As a part of the Ministry of Justice and Security, it monitors and analyses any digital threats to the Netherlands to keep the country safe and minimise damage. The NCSC, however, is more than just a data-driven organisation. As Erwin Hazebroek explains, “we are processing an increasingly large amount of data that we then analyse and enhance before sharing anything relevant that we find, to benefit the Netherlands. We aim to process information faster and target it better to a strong, growing and diverse customer base.”
The Port of Rotterdam – An important part of Dutch infrastructure that the NCSC helps protect.
From model to production
These elements all require smart solutions, says Erwin, in which automation plays a pivotal role. “In early 2021, we launched our Data & Analytics Department, which is the home of the NCSC’s data and analysis platform. And this is what we develop our models for. Then to get these models to point of production, we use UbiOps.”
As Mathyn Scheerder explains, this eliminates a universal problem.
The ‘problem’ he is referring to is the gap between data scientists and data engineers. “They speak different languages. A data scientist focuses primarily on the performance of a model whereas the data engineer’s aim is to get the model working as efficiently as possible. This is something a lot of organisations struggle with.”
Analysing large datasets
Thanks to UbiOps, relatively simple models for business logic can be used to automate existing, labour-intensive tasks. Mathyn likens the IP checker to “a sort of advanced Yellow Pages, but for IP addresses. This means, for example, that we can quickly determine the country and domain hosting any given IP address. The end-user no longer has to worry about checking five different sources and can get the answer required by simply pressing a button.”
Furthermore, the platform lends itself to complex models as well, for which the NCSC uses machine learning. This means that larger datasets can be analysed, and patterns and deviations can be detected. “So early warnings can be generated,” Erwin says, “We want to use these models to recognise potential risks early-on and subsequently be in a position to protect our organisations in advance. The notifications need to reach organisations earlier and be more targeted.”
The NCSC works within a protected environment with the highest of security standards – which then brings its own set of challenges into the mix. But at the same time, the data scientists simply want to be able to work with the newest and hottest technologies. So it’s a fine balancing act between what’s possible and what’s permitted.
UbiOps modified its platform so that it can work within the ‘air-gapped’ NCSC confines whilst still retaining all of its functionalities. “So this offers us, as data scientists, enough flexibility to be able to bring a model to production,” says Mathyn. UbiOps has standardised the way in which this happens.
“UbiOps already had a good product, it just wasn’t quite right for working within the confines of the NCSC,” Erwin agrees. “So we worked on a solution for this together, which was a win-win situation for both parties: the continued development of the platform made it perfect for the NCSC and the high security requirements it now meets opened up new opportunities for UbiOps. If it works for the NCSC, surely it can also be tailored to the needs of a great number of different organisations.”
The UbiOps platform used by the NCSC now fits within the security framework that the NCSC wishes to comply with. Mathyn: “This affects, for example, the auditing of events: each modification of the UbiOps system is transparent, whether it’s someone modifying a parameter in an existing model, transitioning to a newer version of said model, or simply just uploading some new code.”
Erwin remarks that the possibilities are applicable across the board. “More data, more models and more colleagues who can work with it all.” Even NCSC staff outside the Data & Analytics Team can develop in the same structure. “This platform allows them to better meet their own data needs,” Mathyn explains. “And this then means we need fewer data engineers. And given their scarcity on the market, this is another bonus point. In addition to this, we can now let our data scientists focus on the development and improvement of our existing models.”
Pride in teamwork
UbiOps was quickly implemented. It kicked off in October 2021 and by early 2022, the first models were already operational.
“I can see how we have achieved increased speed with UbiOps, particularly in the collaboration between data science and data engineering,” says Erwin in conclusion. “We are leading the way in this new approach. And this means we can innovate our services faster.”
“I really am proud that we found the solution we were looking for, that we were able to realise it with a Dutch start-up and that it can be applied outside of the NCSC too. It would be great if other governmental organisations, who have similar security requirements to us, were able to make use of our innovation. We would then be able to see our efforts contributing to the digitally-safer Netherlands.
And perhaps even to the world beyond our borders.”