This year has certainly been difficult for many – except perhaps the cyber criminals. The onset of the pandemic provided yet another opportunity for exploitation, with the latest figures from the National Cyber Security Centre (NCSC) demonstrating just how enthusiastically this has been taken up. There have been 723 serious cyber security incidents in the past year, an almost 10% rise on last year. Of these, more than 200 were Covid-related – and too often launched against front-line health bodies.
This is the headline that most news outlets are leading with to mark the release of The NCSC Annual Review 2020. It’s certainly an attention-grabbing and timely stat, but arguably distracts from what has, in fact, been a tremendous year for the NCSC. When we consider the scale of the threats and the unprecedented nature of the challenges faced by our nation’s cyber security service, in addition to the ‘normal’ intensity of shoring up national digital defences, these past 12 months have been impressive.
Like many organisations, the NCSC reacted quickly and proactively as the health crisis took hold, swiftly introducing preventative measures to bolster resilience; for example, rolling out Active Cyber Defence (ACD) services to 235 front-line health bodies across the UK, including NHS Trusts, ahead of the pandemic peak. They were well aware that cyber attackers would be looking to exploit.
Nominet’s cyber security expertise plays a part in these cyber defence efforts. We help to keep the UK secure as part of the ACD programme by running the Protective Domain Name Service (PDNS) on behalf of NCSC for UK Government, which this year protected an estimated 2.8 million public sector internet users. The Review demonstrates that the role of PDNS in national defence continued to grow this past year: a total of 290 organisations were added to the Service, resulting in over 760 organisations not being protected by it. PDNS blocks about 18,000 unique domains at a rate of 7.2 million times per month. In total, 201 billion PDNS queries were successfully resolved over the past year.
By preventing access to malicious domains and restricting malware communications on compromised networks, the PDNS will have been a key part of ACD as the NCSC faced an influx of ransomware attacks this year. We look forward to more details about the programme in the forthcoming report that focuses on ACD specifically.
As CEO of Nominet I have first-hand insight into how hard our team works to deliver the PDNS to the high standard we are known for, as protectors of the national namespace for almost 25 years. We are also well aware of the ongoing challenge of responding to a changing situation. For example, this year at Nominet we continue to observe, via our Domain Watch initiative, an influx of Covid-related domains. This initiative allows us to identify, at the point of registration, domains that are likely to be used for criminal activity; the number of Covid-related domains suspended and awaiting due diligence (to prove honest purposes) number almost 4,000. Reducing criminality in the namespace is one of the many ways Nominet is working to serve the nation. That said, the role we play for NCSC, running the PDNS, is certainly the one that make me most proud. It’s an honour to be protecting Government services.
But we are, it must be stressed, just one part of the team – cyber security is a ‘team sport’, as the Annual Review underlines, noting how the nation’s strength and resilience is built on partnerships. National cyber defence draws on the best across academia and the private sector, with the support of the British public. This collaboration is increasingly extending beyond our borders too. The Review makes clear that NCSC is looking to further establish international partnerships and continue to build our nation’s reputation as a cyber power abroad. For example, this past year has seen ACD services being shared with strategic partners overseas. Considering the geo-political turmoil of our current times, this activity is applauded and will no doubt continue to build in the coming years.
Other forward-looking plans from NCSC that I wholly support is the increase focus on our national capabilities in terms of skills. Cyber security as a discipline requires a plethora of skills and abilities, not to mention people from a range of backgrounds and experience. Plans to increase skill-training opportunities – something Nominet is supporting in its own way with new cyber security apprenticeships – and attract a more diverse pool are crucial steps that will safeguard the long term resilience of our nation’s cyber security.
For my part, this Annual Review has served up encouraging news in a time of uncertainty and anxiety. Not only does it remind us all of the world-leading capabilities of the UK’s cyber defences, it also sets the ambitions – and indicates the roadmap – as we look to build on our international reputation and rise to the challenges of cyber security in the years ahead.
Download The NCSC Annual Review 2020 on the website.