With the number of cyber attacks against UK businesses and infrastructure increasing GCHQ lays down plans for a Great British Firewall
Ambitious new plans are being drawn up by GCHQ to create a “Great British Firewall” to block malicious websites countrywide and combat a doubling of serious cyber attacks threatening national security over the past year.
Though still in its infancy, the scheme is intended to be a flagship project for the new National Cyber Security Centre (NCSC), a public-facing arm of GCHQ which will open next month to better co-ordinate the UK’s digital defence efforts against increasingly aggressive and skilled adversaries who are employing a range of new techniques and technologies.
The NCSC plan envisions private-sector internet service providers, such as BT, Sky or Virgin Media, voluntarily complying with its proposals, circumventing any need for specific government legislation and consumers will be able to opt out of the censorship should they wish in order to allay concerns over civil liberties, such as those seen over the NSA mass surveillance furore that lit up the world last year.
Malicious websites which automatically infect visitors’ computers with malware, often disguised as legitimate domains, are one of the most common methods of cyber attack and they are widely used by states such as China, Iran or Russia in efforts to penetrate sensitive government networks, steal commercial information or compromise national infrastructure. They are also a common means for cyber criminals to target individuals.
Ciaran Martin, GCHQ’s director-general for cyber security, and the incoming head of the NCSC, told a US audience of security experts and government officials at a conference in Washington on Tuesday that steps were now being taken to combat such websites.
“It’s possible to filter unwanted content or spam. It’s possible to filter offensive content. It’s technically possible to block malicious content,” he said.
“So, the question becomes why aren’t we, or the cyber security community, using this more widely? Well, we, in the UK now are.”
“We’re exploring a flagship project on scaling up DNS filtering – what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?” Martin said.
Because of its strategic interests and digital development, the UK is one of the most vulnerable economies in the world to cyber attack, Mr Martin added, making the need for more robust government action to protect businesses and civilians urgent.
“Behind the necessarily closed doors of our cyber defence operations centre, last year we detected twice as many national security level cyber incidents — 200 per month — than the year before,” he said.
Efforts by GCHQ and the government to try to boost the UK economy’s cyber defences have so far had a patchy effect. Even large companies, such as the Telecoms provider TalkTalk, have fallen victim to attacks in recent months.
Plans for a national DNS filtering regime are nevertheless likely to raise concerns among civil liberties campaigners because it relies on the same technical principles that lie behind China’s “Great Firewall” which allows the government effectively to control what its citizens have access to online and what not. And it’s not yet clear who will decide which websites are blocked and by what criteria.
GCHQ hopes to demonstrate the security benefits of the proposals to ISPs by example and it’s already testing a number of automated features across government networks and domains to clampdown on spoofing and attempts by hackers to mimic government services.
For example, it’s now far harder for hackers to mask malicious emails with fake “@gov.uk” suffixes. Only emails claiming to be from gov.uk addresses that contain specific keys known to the email domain owner — the government — can now be sent to UK internet users.
“Whoever was sending 68,000 malicious emails per day from taxrefund@gov.uk isn’t doing it any more,” noted Martin.
GCHQ has also rolled out automated detection and response systems which identify mass commodity attacks where hundreds of thousands, or even millions, of spam emails are sent out indiscriminately. Internet companies receive automatic takedown requests from the systems as soon as spam campaigns which masquerade as government services are identified. The average lifespan of such attacks has dropped from 49 hours to 5 hours as a result, Martin said.
“Faced with a problem of this importance and scale, we believe it is worth trying something new, unleashing innovation in the hope and expectation we can achieve a very significant breakthrough in the coming years.”