GCHQ Unveils Its Cybersecurity Playbook

The National Cyber Security Centre (NCSC) has created four “simple and free measures” that public sector bodies can implement to immediately become safer online. The body is also hoping that, in time, UK businesses will also be able to adopt the initiatives.

In the NCSC’s own self-described lay person’s terms, the four measures comprise: blocking bad stuff from being accessed from government systems; blocking bad emails pretending to be from government; helping public bodies fix bad things on their website; and removing bad things from the internet.

In the former case, the centre, which is part of GCHQ, has created a Domain Name Service (DNS), which it characterises as “the phonebook of the internet”. 

The service will collate data from GCHQ and its partner organisations in the private sector to maintain a register of malicious addresses, which civil servants will be prevented from visiting. The second of the four initiatives relates to the DMARC anti-spoofing protocol, which is designed to confirm the authenticity of an organisation’s communications.  
The protocol, which aims to make email spoofing much more difficult, was trialled by HMRC last year. During the pilot, the department, which NCSC said is “the UK’s single most spoofed brand”, blocked 300 million malevolent emails. 

Alongside the protocol, the NCSC has created a Mail Check service to track adoption of DMARC, ensure that data on malicious communications is shared with NCSC as well as any relevant commercial partners, and analyse trends. 
Some 613 government domains were using DMARC as of the end of March. The permanent secretaries of any departments yet to roll out either DMARC or Mail Check will be contacted by the centre shortly with information on their department’s uptake, and where they are placed “in the league table of adopters”. 

To help “public bodies fix bad things on their website”, the NCSC is offering a free website scanning offering called Web Check. The service will scan bodies’ sites and provide feedback on vulnerabilities and advice on mitigating cybersecurity risks. 

Web Check is due for formal launch, following the completion of an ongoing trial involving 150 users drawn from 114 different organisations covering the breadth of the public sector. This scheme is primarily aimed at the local government space, but central government entities are also free to sign up. 

The final measure is intended to remove “bad things from the Internet”. This initiative has seen NCSC team up with Bath-based anti-phishing and research specialist Netcraft. The company’s services have already been deployed across central government, but departments are encouraged to improve the service by notifying Netcraft if they are targeted by a phishing campaign. 

Public Technology

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

 

« Prices For Stolen NSA Exploits Go Higher
Trump’s Joint Cybersecurity Unit With Russia – It’s Not Happening »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Antigen Security

Antigen Security

Antigen Security is a Digital Forensics, Incident Response and Recovery Engineering firm helping businesses and service providers prepare for, respond to, and recover from cyber threats.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.