The National Cyber Security Centre (NCSC) has claimed that its Active Cyber Defence (ACD) programme is paying dividends in protecting public sector IT systems.
It has published the second annual report on the programme, saying it has demonstrated the value of the approach, and that it is beginning to encourage other government cyber security agencies around the world to consider implementing similar services.
The programme was launched two years ago to provide services for a more proactive approach to cyber security and to generate data for analysis. It is part of the wider strategy behind the creation of the NCSC in 2016, reflects the principles of making decisions based on evidence and consists of a number of services.
These include the Takedown Service for removing malicious content, Web Check to point out security issues to government websites’ owners, and Protective Domain Name Service (PDNS) for protecting the public sector at scale from harmful internet content.
The report points to a reduction in the number of takedowns, from 219,992 in 2017 to 192,256 in 2018, accompanied by sharp reductions in the number of related campaigns and IP addresses hosting malicious content. It suggests this is because criminals are using less infrastructure and hosting more individual attacks on each instance as part of a campaign.
In turn, this could suggest it is becoming harder to host attacks and the UK is become less attractive for cyber crime - although the NCSC acknowledges there could be other explanations of which it is not aware.
There has been a big increase in activity under the Web Check service, with the number of unique URLs being scanned rising almost fourfold to 30,813, a similar increase in the number of advisory notices issued to 111,853, and a tenfold rise in urgent advisories to 43,510.
The report also says the number of public sector employees covered by the Protective DNS service reached an estimated 1.4 million and that during 2018 it answered 68.7 billion queries.
Another section highlights the Supplier Check service, which involves analytics to identify possible risks in the IT supply chain to government, declares an intention to provide suppliers with a report highlighting key areas for improvement.
In an accompanying blogpost, NCSC technical director Dr Ian Levy says: “In some cases, we haven't managed to do as much as we hoped, but work will continue to scale these services and more importantly the effects they have, both in the UK and internationally.”
He adds: “We continue to believe that the ACD programme - by providing real services and generating real data and analysis - has to be a first step in demystifying cyber security, and beginning to tackle the impacts of cyber attacks at scale.”
In April of this year the director of GCHQ pointed to plans to extend the reach of the ACD programme and make cyber security more central to policy-making.