Cyber Agencies Unveil Global Standards for Network Device Security – But Are They Missing the Bigger Picture?

The UK’s National Cyber Security Centre (NCSC), in collaboration with international partners including CISA (US), ASD (Australia), CSE (Canada), FBI (US), and NCSC-NZ (New Zealand), has issued new guidelines on digital forensics and protective monitoring. These guidelines set minimum requirements for forensic visibility, aiming to help network defenders secure organisational networks both before and after a compromise.

At InsightBull, we recognise the importance of these measures. However, forensic visibility and protective monitoring are not enough. The industry must go further—beyond detection, into active prevention.

What the New Guidance Gets Right

The NCSC’s framework makes several critical improvements to network security:

• Mandatory Logging and Forensic Visibility – Manufacturers are urged to include detailed, tamper-proof forensic logging in network devices, allowing security teams to detect and investigate attacks.

• Standardised Protective Monitoring – Remote, encrypted log transfers and real-time alerts will improve threat detection and forensic analysis.

• Unified Security Expectations – By creating a consistent baseline for forensic readiness, this guidance reduces variability in security implementations, making it harder for attackers to exploit weak points.

This guidance represents a shift toward accountability, compelling device manufacturers to stop treating security as an afterthought.

Securing the Digital Edge: Why the NCSC’s New Cybersecurity Guidance Is Not Enough

Forensic visibility and logging do not prevent an attack from happening in the first place.

The biggest flaw in the NCSC’s approach is that it remains reactive. It focuses on recording security incidents rather than eliminating the opportunity for them to occur.

The key issues are:

• No Requirement for Physical Disconnection – The guidance prioritises forensic logging but does not address the need to physically disconnect devices when not in use. Firewalls, VPNs, and zero-trust architectures can be bypassed by sophisticated attackers. The only effective method to prevent persistent threats is through hardware-enforced physical disconnection.

• Insufficient Focus on Network Segmentation – Edge devices remain a key target because they are always connected and often lack segmentation from critical infrastructure. If attackers gain access, they can move laterally across networks with little resistance.

• Detection Alone is Not a Defence – Even with forensic monitoring, attackers can still cause irreversible damage before they are detected. Security teams are often playing catch-up, reacting to threats rather than preventing them.

If network devices are always exposed, forensic monitoring only tells you how you were breached, not how to stop it happening again.

Security Needs to Move Beyond Software-Based Defences

The future of cybersecurity is not just about knowing when an attack happens—it’s about preventing it from ever occurring.

The industry must embrace a proactive approach, combining forensic readiness with active defence mechanisms such as:

• Physical Disconnection & Air-Gapped Security – Devices should be physically severed from networks when not in use, removing the attack surface entirely.

• Dynamic Network Segmentation – Networks should be structured to prevent lateral movement, even if an edge device is compromised.

• Automated Threat Containment – Instead of just logging an attack, systems should respond by automatically isolating compromised devices.

A Necessary Step, But Not the Final One

The NCSC’s guidance is a step in the right direction, but cyber threats are evolving faster than the industry’s response.

Regulations must go beyond logging and monitoring. Security-by-design must include hardware-enforced protections that eliminate attack vectors altogether.

At InsightBull, we are not waiting for the next cyber attack to be logged. We are focused on solutions that prevent it from happening in the first place.