Active Cyber Defence – The Third Year

18th February 2021


David Carroll
MD NTX Cyber

On 19 February, the National Cyber Security Centre (NCSC) published the annual report into the efforts and achievements of their Active Cyber Defence programme, which aims to reduce the impact of cyber attacks on the UK by providing services that protect against a range of threats.

The report, ‘Active Cyber Defence (ACD) – The Third Year’, covers 2019 and includes the incredible progress of Protective DNS (PDNS), which has proudly been delivered by Nominet on behalf of NCSC and the UK Government since 2017.

PDNS prevents public sector users from accessing domains or IPs that are known to contain malicious content and stops malware already on a network from calling home.

The ACD report captures new milestones for the use of PDNS in 2019, when the estimated number of protected UK public sector employees reached 1.4 million. This was a 57% increase on 2018 – and has increased even further recently. PDNS was also deployed by 200 additional organisations over the course of the 12 months, which includes most central Government departments and the majority of local authorities. These achievements have increased the breadth of cyber security Nominet is providing across the UK public sector.

For example, the report estimates that PDNS dealt with 142 billion queries in 2019, more than double the 68.7 billion queries made in 2018. It also highlights common culprits identified by PDNS in 2019, including Emotet, Necurs, Kraken, Sphinx, Neutrino, Cerber, CryptoLocker. GandCrab, Wannacry, NotPetya, BadRabbit, Ramnit, Tiny Banker, Conficker.

The sheer extent of queries and responses demonstrates that PDNS is a genuine force multiplier in cyber defence and the data produced has proved instrumental in identifying and quickly remediating incidents. Once aware of an incident affecting a particular type of infrastructure or service, PDNS data informs analysis to identify affected organisations and to begin the next steps of remediation.

In taking those ‘penultimate steps towards service maturity’, and as active users grow, PDNS is giving the NCSC visibility across the UK public sector that is allowing it to make observations, provide more meaningful metrics and feedback, and identify the areas most needing attention.

The uptake of PDNS would not be possible without a focus on customer support and the PDNS onboarding statistics are testament to the hard work of the team here at Nominet. We firmly believe that it’s not just what you deliver, but how you deliver it. The service wrap that sits alongside PDNS is second-to-none and ensures that end users are both protected and feel supported throughout the process.

In particular, the ACD report calls out the training documents, workshops and webinars that were carried out throughout the year and made available online as part of the PDNS knowledge base.

Ultimately, the report shows that PDNS made incredible headway in 2019 – and for that we’re incredibly proud. Based on the fantastic engagement and utilisation of PDNS from organisations across the public sector, the NCSC took the decision in 2019 to prepare for the future and doubled the capacity of the PDNS. This decision allowed us to increase our support of the public sector throughout 2020.

The NCSC’s Active Cyber Defence programme is pioneering and we look forward to playing our part as it treads new ground in years to come.