National Cyber Security Centre to fight hackers with DNS filtering

A padlock against a golden background to represent cyber security

Britain's cyber security is set to get more "active" - and may include GCHQ sharing its DNS-level attacker blocking system with private companies.

The new National Cyber Security Centre (NCSC) is set to open in October, and will be the UK's central body for fighting cybercrime.

And one tactic on the cards is automating defences against low-level, but high-volume, attacks, said the NCSC's head, Ciaran Martin.

Martin told the BBC that about 200 "national-security-level" attacks are spotted each month, but they're not always particularly sophisticated - the TalkTalk attack, for example, used well-known techniques. The government's initial plans for a central cyber fighting organisation believed the private market could handle lower end threats, but that doesn't appear to be the case, so the NCSC will be hoping to target them with help from automation.

"Far too many of these basic attacks are getting through," Martin told the BBC. "And they are doing a lot of damage."

To fight back, the NCSC is turning to "active cyber-defence". That doesn't mean actively pursuing and arresting hackers, but taking proactive measures to limit the damage of existing cyber criminals.

For example, Martin said the government has stopped its own email from being spoofed. "We trialled it, and whoever was sending 58,000 malicious emails per day from isn't doing it anymore," Martin said.

It's also turning to DNS filtering, in which malware or attacks seen by GCHQ are blocked at the network level, stopping the routes known criminals use to target Brits.

NCSC has evolved out of GCHQ, but the intelligence agency is apparently keen to share its DNS filtering with the public and private businesses, including ISPs. Reports suggest the filters would be opt out, so you could turn off the GCHQ filter if your ISP does sign up for the program - which may help calm concerns from digital rights campaigners that this is a Chinese-style "great firewall", but then again it hasn't yet been made clear who or how sites will be listed for blocking.