GCHQ Unveils Its Cybersecurity Playbook

Uploaded on 2017-07-10 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

The National Cyber Security Centre (NCSC) has created four “simple and free measures” that public sector bodies can implement to immediately become safer online. The body is also hoping that, in time, UK businesses will also be able to adopt the initiatives.

In the NCSC’s own self-described lay person’s terms, the four measures comprise: blocking bad stuff from being accessed from government systems; blocking bad emails pretending to be from government; helping public bodies fix bad things on their website; and removing bad things from the internet.

In the former case, the centre, which is part of GCHQ, has created a Domain Name Service (DNS), which it characterises as “the phonebook of the internet”. 

The service will collate data from GCHQ and its partner organisations in the private sector to maintain a register of malicious addresses, which civil servants will be prevented from visiting. The second of the four initiatives relates to the DMARC anti-spoofing protocol, which is designed to confirm the authenticity of an organisation’s communications.  
The protocol, which aims to make email spoofing much more difficult, was trialled by HMRC last year. During the pilot, the department, which NCSC said is “the UK’s single most spoofed brand”, blocked 300 million malevolent emails. 

Alongside the protocol, the NCSC has created a Mail Check service to track adoption of DMARC, ensure that data on malicious communications is shared with NCSC as well as any relevant commercial partners, and analyse trends. 
Some 613 government domains were using DMARC as of the end of March. The permanent secretaries of any departments yet to roll out either DMARC or Mail Check will be contacted by the centre shortly with information on their department’s uptake, and where they are placed “in the league table of adopters”. 

To help “public bodies fix bad things on their website”, the NCSC is offering a free website scanning offering called Web Check. The service will scan bodies’ sites and provide feedback on vulnerabilities and advice on mitigating cybersecurity risks. 

Web Check is due for formal launch, following the completion of an ongoing trial involving 150 users drawn from 114 different organisations covering the breadth of the public sector. This scheme is primarily aimed at the local government space, but central government entities are also free to sign up. 

The final measure is intended to remove “bad things from the Internet”. This initiative has seen NCSC team up with Bath-based anti-phishing and research specialist Netcraft. The company’s services have already been deployed across central government, but departments are encouraged to improve the service by notifying Netcraft if they are targeted by a phishing campaign. 

Public Technology

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

 

« Prices For Stolen NSA Exploits Go Higher
Trump’s Joint Cybersecurity Unit With Russia – It’s Not Happening »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.