NCSC is monitoring the internet to block DDoS and other cyber attacks

Technical director Ian Levy says it will be "awesome if it works"

The technical director of the National Cyber Security Centre has outlined the agency's plans to secure the UK through enforcement of network protocols while speaking at the Australia Cyber Conference in Melbourne, reports ZDNet.

The NCSC has been running the ‘Active Cyber Defence' strategy for more than a year and a half now, said Ian Levy. The platform provides a view of the entire state of internet routing in the UK, with the intent that the agency can spot incoming attacks by monitoring the Border Gateway Protocol (BGP) messages that control routing.

In addition, the NCSC is collecting stats on DNS usage across the gov.uk domain. Levy said that he is trying to build a single anycast DNS for the entire UK public sector, which more than 200 government agencies are already using. He intends to "force everyone" to use it.

The DNS work can help to block DDoS attacks, among other things, up to an hour before they start. The NCSC's threat intelligence messaging system (the Threat-o-Matic) analyses the DNS stats and, using its knowledge of the state of BGP as context, can predict where the attack traffic will come from. It can also notify ISPs so that they can take action.

"That's got to be awesome if it works," Levy said.

He added, "It might fall flat on it's arse for some reason. Don't know. But we're going to try it, and we're going to publish the results of it."

The agency, which was established in 2017, already boasts a proven success in the DMARC (Domain Message Authentication Reporting & Conformance) system, which blocks malicious email campaigns. It blocked about 80 million spam messages last year.

"We want people to implement DMARC, because if you make cybercrime harder, they'll go somewhere else," said Levy. "My job is not to beat cybercrime. It's to send it to France."

Levy spoke about the need to make security a more easily-understood issue with regards to the IoT. Consumers often fail to change passwords or update software, and he proposed a system to label devices based on three elements:

• The product's use-by date (when support would run out);
• Whether it can be securely updated; and
• Whether the manufacturer has published a security disclosure policy.

It is important to give people more information to help them to make better decisions, he said.

Levy also took a moment to address the diversity challenge facing the technology - and especially security - industry today. He said that companies will not be able to out-manoeuvre cybercriminals if everyone working there has the same background and thinks in the same way.

"One of the things want to do - and I haven't got the legal OK yet, but if I say it, it's more likely to happen - [is] I want to tie our certifications to a company having a [published] diversity and inclusion policy.

"I don't care how good your products or service or magic amulet is, it's not getting a gold star from us. That's the sort of thing where I think you can change the global industry. It doesn't take much. It takes a few people trying to do the right thing."