The National Cyber Security Centre (NCSC) is presenting 4 steps to improve basic cyber security across the public sector.
The measures are part of the Active Cyber Defence (ACD) programme which aims to make infrastructure, products and services automatically safer and easier to use safely by organisations and individuals.
1. Blocking bad things from being accessed from government systems (Protected DNS)
Cyber attacks commonly involve redirecting a user away from the domain that they intended to access and on to a domain or website that contains malware or is fraudulent. The NCSC’s protected domain name server (DNS) service uses GCHQ and commercial partners’ data about known malicious addresses to provide automatic protection for public servants by blocking access.
2. Blocking bad emails pretending to be from government (DMARC anti-spoofing)
Attackers sending fake emails purporting to be from the government has been one of the biggest problems in UK cyber security. The NCSC, together with GDS, have been advocating the use of the DMARC protocol which makes email spoofing much harder.
3. Helping public bodies fix bad things on their website (WebCheck)
The NCSC has built a free service known as WebCheck to scan the websites of public bodies and generate a report on what needs fixing, and how to fix it.
4. Removing bad things from the Internet (phishing and malware mitigation)
Since June 2016, the NCSC has been working with Netcraft, a private sector company, on a phishing and malware countermeasures service to protect the UK, including government brands. This is a protection from which government departments benefit automatically without having to do anything. But departments can help augment the service by notifying Netcraft if they themselves discover they are the target of a phishing campaign, or that there are malicious emails purporting to be from them. Netcraft will then issue takedown notifications to the hosts of the email and phishing sites.