National Cyber Security Centre

The National Cyber Security Centre (NCSC) announced in November 2015[1] as part of the National Cyber Security Plan. [2] which will be home to the UK's "cyber force". It began operations in October 2016[3][4], and its London offices were officially opened in February 2017[5]

Most of the anticipated 700 staff will be based in London[6] at the Nova development near Victoria station[7].

The NCSC will reports to the Director of GCHQ. CESG, which accredits security equipment and provides advice to government, will be incorporated into NCSC. The functions of CERT-UK were moved from the Cabinet Office to the NCSC.[8]

"National firewall" proposal

Prior to operations, the NCSC chef exec Ciaran Martin gave a speech[9] in Washington DC. Two points were reported as a proposal for a "national firewall": the suggestion of a blacklist for preventing routing of attack sources (likely similar to the Spamhaus DROP list), and a DNS filtering scheme (wikipedia: Response policy zone) similar to that used by some ISPs to block adult content.

And we can take concepts of automated defences beyond Government on a voluntary basis. We're currently working with the UK telecommunications industry to stop the well-known abuse of the BGP and SS7 protocols to reroute traffic. If we’re right, this will mean it’s much much more difficult for UK machines to participate in a DDOS attack. And if we’re right then everyone else can do it.

Finally, we're exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses? Now it's crucial that all of these economy-wide initiatives are private sector led. The Government does not own or operate the Internet. Consumers must have a choice. Any DNS filtering would have to be opt out based. So addressing privacy concerns and citizen choice is hardwired into our programme.

These proposals are repeated in the 2016 National Cyber Security Strategy:

the Government will: work with industry, especially Communications Service Providers (CSPs), to make it significantly harder to attack UK internet services and users, and greatly reduce the prospect of attacks having a sustained impact on the UK. This will include tackling phishing, blocking malicious domains and IP addresses, and other steps to disrupt malware attacks. It will also include measures to secure the UK’s telecommunications and internet routing infrastructure;

...working towards the implementation of controls to secure the routing of internet traffic for government departments to ensure that it cannot be illegitimately re-routed by malicious actors; and continue to develop an Internet Protocol (IP) reputation service to protect government digital services (this would allow online services to get information about an IP address connecting to them, helping the service make more informed risk management decisions in real time);

Further details of the Active Cyber Defence programme were published on the NCSC blog following the launch of the Cyber Security Strategy.

See also

Links

References

  1. Chancellor sets out vision to protect Britain against cyber threat in GCHQ speech, GOV.UK, 2015-11-17
  2. Expanding the Cyber First programme: speech by Matt Hancock, GOV.UK, 2016-03-03
  3. The National Cyber Security Centre becomes operational, NCSC, 2016-09-30
  4. Hansard, 2016-06-09
  5. The launch of the National Cyber Security Centre, NCSC, 2017-02-13
  6. New National Cyber Security Centre set to bring UK expertise together, GOV.UK, 2016-03-18
  7. Cyber War to be led from new security HQ in the heart of London, Standard, 2016-09-30
  8. Hansard, 2016-03-24
  9. A new approach for cyber security in the UK, NCSC, 2016-09-30