GCHQ planning UK-wide DNS ‘firewall’
Wed 14 Sep 2016
UK surveillance agency GCHQ is exploring the use of a national ‘firewall’ in its fight against cybercrime, according to the organisation’s head of cybersecurity.
Alongside BT, Talk Talk and Virgin Media, GCHQ will work to filter out websites and email campaigns which are known to contain malicious content. The intelligence organisation believes that the best to way to set up such a blockade would be to build a national domain name system (DNS).
In a speech delivered at the Billington Cyber Security Summit in Washington DC, director general for cyber security at GCHQ, Ciaran Martin, said: ‘We’re exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?’
The DNS plans, which will be private sector led, are said to be in the early stages, with no official announcement expected soon. Martin’s speech suggested that the filtering would be on an opt-out basis, to allow users to disable the settings – addressing inevitable concerns over privacy.
Martin also added that GCHQ has recently implemented a trial of the DMARC protocol to help prevent malicious emails purporting to be from government officials and spoofing the .gov.uk domain. As an example, he explained that since DMARC’s trial rollout in government, a cybercrime operation which had been sending 58,000 malicious emails per day from ‘[email protected]’ has been stopped.
Martin noted a further cybercrime initiative which is looking at tackling commodity attacks by sending automated takedown requests to hosting providers and registrars. He said that the median time a phishing site targeting the UK government remains live has since dropped from 49 hours to five hours.
The strategies are reported to come under the new London-based National Cyber Security Centre (NCSC), of which Martin will become the first CEO when it opens this October. The facility hopes to bring together national expertise from the world of cybersecurity, including officials from MI5 and GCHQ, as well as partnerships with law firms and the private sector. The experts will share best practices and explore ways to better protect business and national infrastructure from attack.