GCHQ Unveils Its Cybersecurity Playbook

Uploaded on 2017-07-10 in NEWS-News Analysis, INTELLIGENCE--Europe, FREE TO VIEW

The National Cyber Security Centre (NCSC) has created four “simple and free measures” that public sector bodies can implement to immediately become safer online. The body is also hoping that, in time, UK businesses will also be able to adopt the initiatives.

In the NCSC’s own self-described lay person’s terms, the four measures comprise: blocking bad stuff from being accessed from government systems; blocking bad emails pretending to be from government; helping public bodies fix bad things on their website; and removing bad things from the internet.

In the former case, the centre, which is part of GCHQ, has created a Domain Name Service (DNS), which it characterises as “the phonebook of the internet”. 

The service will collate data from GCHQ and its partner organisations in the private sector to maintain a register of malicious addresses, which civil servants will be prevented from visiting. The second of the four initiatives relates to the DMARC anti-spoofing protocol, which is designed to confirm the authenticity of an organisation’s communications.  
The protocol, which aims to make email spoofing much more difficult, was trialled by HMRC last year. During the pilot, the department, which NCSC said is “the UK’s single most spoofed brand”, blocked 300 million malevolent emails. 

Alongside the protocol, the NCSC has created a Mail Check service to track adoption of DMARC, ensure that data on malicious communications is shared with NCSC as well as any relevant commercial partners, and analyse trends. 
Some 613 government domains were using DMARC as of the end of March. The permanent secretaries of any departments yet to roll out either DMARC or Mail Check will be contacted by the centre shortly with information on their department’s uptake, and where they are placed “in the league table of adopters”. 

To help “public bodies fix bad things on their website”, the NCSC is offering a free website scanning offering called Web Check. The service will scan bodies’ sites and provide feedback on vulnerabilities and advice on mitigating cybersecurity risks. 

Web Check is due for formal launch, following the completion of an ongoing trial involving 150 users drawn from 114 different organisations covering the breadth of the public sector. This scheme is primarily aimed at the local government space, but central government entities are also free to sign up. 

The final measure is intended to remove “bad things from the Internet”. This initiative has seen NCSC team up with Bath-based anti-phishing and research specialist Netcraft. The company’s services have already been deployed across central government, but departments are encouraged to improve the service by notifying Netcraft if they are targeted by a phishing campaign. 

Public Technology

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

 

« Prices For Stolen NSA Exploits Go Higher
Trump’s Joint Cybersecurity Unit With Russia – It’s Not Happening »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

Proofpoint

Proofpoint

Proofpoint provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, social media and mobile messaging.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

CyberSecJobs.com

CyberSecJobs.com

CyberSecJobs.com is a career site and job fair company providing services and resources to the cyber security community.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.