Active Cyber Defence Should Be Rolled Out UK-Wide: Report

Written by

The UK government’s highly successful Active Cyber Defence (ACD) program should be rolled out across other sectors to improve national cybersecurity, and could even be spurred by the government naming and shaming laggards, according to a new report.

The Cyber Security Research Group at King’s College London (KCL) argued that the ACD has done well in reducing low-level cybercrime against government services.

“There are no significant technical obstacles to extending these protections beyond the public sector and no fundamental reasons why ACD tools and techniques should not be tested and deployed as appropriate,” it claimed.

The report urged stakeholders to actively engage with the government via the National Cyber Security Centre (NCSC) to make this a reality.

It could also be a competitive differentiator for organizations in the future, the report claimed, adding that greater transparency in this area would help consumers decide which ones to trust, while incentivizing firms to improve.

“There will need to be careful calibration of ‘sticks and carrots’ to encourage industry and others to adopt ACD where possible but the existing buy-in of major companies and industry bodies will assist greatly in this process,” the report claimed.

“NCSC has no legal power to mandate ACD in any circumstance, nor does it seek it, so all progress in this area must be based on high standards of transparency, partnership and public reporting, particularly given NCSC’s status as part of GCHQ.”

ACD could even be exported abroad, helping to enhance the UK’s reputation and build out international partnerships, KCL claimed.

Launched in 2016, ACD includes several complementary elements: a takedown service designed to remove malicious content spoofing government domains; DMARC implementation to improve email security; Web Check to test government websites for vulnerabilities; and a Public Sector DNS service to prevent employees being directed to malicious sites.

After just a year of operation the program had enabled the removal of 121,479 unique phishing sites across 20,763 attack groups physically hosted in the UK, and 18,000 more sites internationally. Government domains supporting DMARC rose from just over a quarter to nearly 39%, while Web Check produced 4,108 advisories for customers, covering a total of 6,218 different issues.

During 2017, 3TB of DNS data was analysed for security threats, with over 134,000 unique queries blocked.

“The Active Cyber Defence program has been a huge success in protecting government agencies — and those who use them — from cyber threats. Our research finds that it could be legally, cheaply and efficiently rolled out beyond the public sector, to further protect people online,” said Tim Stevens, convenor of KCL’s Cyber Security Research Group.

“Greater transparency around the level of cybersecurity employed by businesses and other organisations will motivate them to adopt ACD measures that will keep users and their data safe.”

What’s hot on Infosecurity Magazine?