GCHQ Unveils Its Cybersecurity Playbook

The National Cyber Security Centre (NCSC) has created four “simple and free measures” that public sector bodies can implement to immediately become safer online. The body is also hoping that, in time, UK businesses will also be able to adopt the initiatives.

In the NCSC’s own self-described lay person’s terms, the four measures comprise: blocking bad stuff from being accessed from government systems; blocking bad emails pretending to be from government; helping public bodies fix bad things on their website; and removing bad things from the internet.

In the former case, the centre, which is part of GCHQ, has created a Domain Name Service (DNS), which it characterises as “the phonebook of the internet”. 

The service will collate data from GCHQ and its partner organisations in the private sector to maintain a register of malicious addresses, which civil servants will be prevented from visiting. The second of the four initiatives relates to the DMARC anti-spoofing protocol, which is designed to confirm the authenticity of an organisation’s communications.  
The protocol, which aims to make email spoofing much more difficult, was trialled by HMRC last year. During the pilot, the department, which NCSC said is “the UK’s single most spoofed brand”, blocked 300 million malevolent emails. 

Alongside the protocol, the NCSC has created a Mail Check service to track adoption of DMARC, ensure that data on malicious communications is shared with NCSC as well as any relevant commercial partners, and analyse trends. 
Some 613 government domains were using DMARC as of the end of March. The permanent secretaries of any departments yet to roll out either DMARC or Mail Check will be contacted by the centre shortly with information on their department’s uptake, and where they are placed “in the league table of adopters”. 

To help “public bodies fix bad things on their website”, the NCSC is offering a free website scanning offering called Web Check. The service will scan bodies’ sites and provide feedback on vulnerabilities and advice on mitigating cybersecurity risks. 

Web Check is due for formal launch, following the completion of an ongoing trial involving 150 users drawn from 114 different organisations covering the breadth of the public sector. This scheme is primarily aimed at the local government space, but central government entities are also free to sign up. 

The final measure is intended to remove “bad things from the Internet”. This initiative has seen NCSC team up with Bath-based anti-phishing and research specialist Netcraft. The company’s services have already been deployed across central government, but departments are encouraged to improve the service by notifying Netcraft if they are targeted by a phishing campaign. 

Public Technology

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

 

« Prices For Stolen NSA Exploits Go Higher
Trump’s Joint Cybersecurity Unit With Russia – It’s Not Happening »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.