GCHQ Unveils Its Cybersecurity Playbook

Uploaded on 2017-07-10 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

The National Cyber Security Centre (NCSC) has created four “simple and free measures” that public sector bodies can implement to immediately become safer online. The body is also hoping that, in time, UK businesses will also be able to adopt the initiatives.

In the NCSC’s own self-described lay person’s terms, the four measures comprise: blocking bad stuff from being accessed from government systems; blocking bad emails pretending to be from government; helping public bodies fix bad things on their website; and removing bad things from the internet.

In the former case, the centre, which is part of GCHQ, has created a Domain Name Service (DNS), which it characterises as “the phonebook of the internet”. 

The service will collate data from GCHQ and its partner organisations in the private sector to maintain a register of malicious addresses, which civil servants will be prevented from visiting. The second of the four initiatives relates to the DMARC anti-spoofing protocol, which is designed to confirm the authenticity of an organisation’s communications.  
The protocol, which aims to make email spoofing much more difficult, was trialled by HMRC last year. During the pilot, the department, which NCSC said is “the UK’s single most spoofed brand”, blocked 300 million malevolent emails. 

Alongside the protocol, the NCSC has created a Mail Check service to track adoption of DMARC, ensure that data on malicious communications is shared with NCSC as well as any relevant commercial partners, and analyse trends. 
Some 613 government domains were using DMARC as of the end of March. The permanent secretaries of any departments yet to roll out either DMARC or Mail Check will be contacted by the centre shortly with information on their department’s uptake, and where they are placed “in the league table of adopters”. 

To help “public bodies fix bad things on their website”, the NCSC is offering a free website scanning offering called Web Check. The service will scan bodies’ sites and provide feedback on vulnerabilities and advice on mitigating cybersecurity risks. 

Web Check is due for formal launch, following the completion of an ongoing trial involving 150 users drawn from 114 different organisations covering the breadth of the public sector. This scheme is primarily aimed at the local government space, but central government entities are also free to sign up. 

The final measure is intended to remove “bad things from the Internet”. This initiative has seen NCSC team up with Bath-based anti-phishing and research specialist Netcraft. The company’s services have already been deployed across central government, but departments are encouraged to improve the service by notifying Netcraft if they are targeted by a phishing campaign. 

Public Technology

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

 

« Prices For Stolen NSA Exploits Go Higher
Trump’s Joint Cybersecurity Unit With Russia – It’s Not Happening »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.