Two years of Active Cyber Defence: DNS is still cool

19th July 2019

Cath Goulding

Cath Goulding

For those of us involved with Active Cyber Defence (ACD), the National Cyber Security Centre’s (NCSC) strategy that seeks to reduce harm from commodity cyber attacks against the UK, we welcomed the release of Director Ian Levy’s new report this week. As the service passes the two-year mark, this report offers an interesting insight into the progress of this pivotal programme over the past year and reminds us how well prepared our country is for the range and size of cyber threats that are now a norm of our digital age.

In ‘Two Years On’, Levy has delivered a thorough assessment of a programme that has already demonstrated its focus on delivering real changes and improvements to our country’s security, in collaboration with industry. This second year has seen the introduction of some new services, and the evolution of the existing services to ensure they offer robust protections and better serve users in line with an evolving threat landscape.

Nominet is proud to be one of the cogs in the machine of ACD, and one of the services of the ACD programme that continues to refine and improve. For the past two years, we have been delivering a Protective DNS service to help protect staff across the public sector when online. This report has given us some great insight into how PDNS has contributed to the overall aims of ACD over the past year, and also highlighted some impressive statistics.

By the end of 2018, approximately 1.4 million employees across the UK public sector were being protected. This was a twelve-fold increase during the year, and the service answered 68.7 billion queries in that time, with 57.4 million of these blocked for 118,527 unique reasons. At peak levels last November, the service was dealing with 27,109 queries per second.

Importantly, the service we offer continues to evolve and improve, and it’s encouraging to see its impact. Levy said in the report that “the PDNS service has proven its value already, providing a real protective effect at scale.”

We work continually to improve the service we offer, and our recent focus on threat feeds had a noticeable impact, as did our efforts on reducing false positives. The latter is particularly crucial as false positives can have a detrimental impact on business. This is something we have prioritised over the year, working closely with providers to improve their intelligence, which in turns improves the service we deliver.

Over the reporting period, the PDNS service withstood five different DDoS attacks, and while we maintained 100% service availability, it is a reminder that the PDNS infrastructure must evolve to remain resilient under increasing pressure.

Crucially, Levy makes a point of echoing our own thoughts: “DNS is cool.” The whole service we run for NCSC works at the DNS level, monitoring activity and blocking malicious domains based on an analysis of the traffic. Our in-house expertise in this area is a result of the work we have done for over 20 years as the registry keeping the .UK Domain secure, some of which was noted in this new report.

Two of our ongoing campaigns, Domain Watch and Domain Health, were cited, as was our work on criminal domain suspension that we undertake continually to rid the .UK namespace of illegal and unlawful activity. Domain Watch is particularly important as this is a campaign which works to thwart phishing attempts in the .UK Domain. We identify suspicious domains at the point of registration, using a mixture of manual and automated processes. Currently, we’re detecting and suspending around 130 domains per week (the figures have risen since the ACD reporting period). This takes them straight out of the ecosystem and removes any ability to do harm. Considering the speed and reach of phishing scams, this is significant, and we hope this work might serve to inspire the wider DNS ecosystem to consider similar operations to improve online safety for all.

It’s clear that keeping ‘digital’ UK safe and secure is a team game – across critical national infrastructure and beyond, every organisation has a part to play.  But leadership is crucial, and the ambition of NCSC’s programme is forging a strong path ahead.

Like this? Try these...