National Cyber Security Centre

The National Cyber Security Centre (NCSC) announced in November 2015[1] as part of the National Cyber Security Plan. [2] which will be home to the UK's "cyber force". It began operations in October 2016[3][4], and its London offices were officially opened in February 2017[5]

Most of the approximately 850 staff[6] are based in London[7] at the Nova development near Victoria station[8]. NCSC roles include a number of members of the armed forces[9].

The NCSC will reports to the Director of GCHQ. CESG, which accredits security equipment and provides advice to government, will be incorporated into NCSC. The functions of CERT-UK were moved from the Cabinet Office to the NCSC.[10]

NCSC includes the "UK Key Production Authority" which produces devices for use in military communication.[11]

"National firewall" proposal

Prior to operations, the NCSC chef exec Ciaran Martin gave a speech[12] in Washington DC. Two points were reported as a proposal for a "national firewall": the suggestion of a blacklist for preventing routing of attack sources (likely similar to the Spamhaus DROP list), and a DNS filtering scheme (wikipedia: Response policy zone) similar to that used by some ISPs to block adult content.

And we can take concepts of automated defences beyond Government on a voluntary basis. We're currently working with the UK telecommunications industry to stop the well-known abuse of the BGP and SS7 protocols to reroute traffic. If we’re right, this will mean it’s much much more difficult for UK machines to participate in a DDOS attack. And if we’re right then everyone else can do it.

Finally, we're exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses? Now it's crucial that all of these economy-wide initiatives are private sector led. The Government does not own or operate the Internet. Consumers must have a choice. Any DNS filtering would have to be opt out based. So addressing privacy concerns and citizen choice is hardwired into our programme.

These proposals are repeated in the 2016 National Cyber Security Strategy:

the Government will: work with industry, especially Communications Service Providers (CSPs), to make it significantly harder to attack UK internet services and users, and greatly reduce the prospect of attacks having a sustained impact on the UK. This will include tackling phishing, blocking malicious domains and IP addresses, and other steps to disrupt malware attacks. It will also include measures to secure the UK’s telecommunications and internet routing infrastructure;

...working towards the implementation of controls to secure the routing of internet traffic for government departments to ensure that it cannot be illegitimately re-routed by malicious actors; and continue to develop an Internet Protocol (IP) reputation service to protect government digital services (this would allow online services to get information about an IP address connecting to them, helping the service make more informed risk management decisions in real time);

Further details of the Active Cyber Defence programme were published on the NCSC blog following the launch of the Cyber Security Strategy.

See also