Active Cyber Defence – The Fourth Year
The cyber threat faced by governments around the world is growing in severity and intensity. While the overriding theme we heard at CYBERUK this week was about optimism in the face of cyber adversity, there was also a clear warning that sophisticated attacks such as SolarWinds are likely to become more commoditised.
This week we’ve also seen continued fallout from the Colonial Pipeline attack in the US after it was forced to shut down due to a ransomware attack. There have been consequences on the oil supply chain and financial markets, and it was notable that the US government invoked emergency powers to mitigate the damage.
As the cyber world heats up, defence in depth and breadth is fundamental. Dr Ian Levy, Technical Director at the National Cyber Security Centre (NCSC), mentioned the need for a ‘systematic’ approach to security, one that we can certainly see taking shape through the Active Cyber Defence capabilities.
The recently published Active Cyber Defence – The Fourth Year report demonstrates the significant strides the NCSC has made in protecting the UK from cyber threats. Focus is placed on how the services scaled up and protected the NHS at a time of immense pressure even extending protection to the vaccine supply chain and bringing private sector organisations under Protective Domain Name Service (PDNS) protection for the first time. This has involved a great amount of work from the Nominet Cyber team and my thanks really goes out to the efforts of my colleagues.
It is no small feat that the majority of organisations within the NHS are now actively using PDNS. The process started with an initial onboarding that was accelerated when COVID-19 hit. This was followed by a 24-hour onboard project for the Health & Social Care Network (HSCN) after the US government agency, CISA, issued a warning that threat actors were targeting US healthcare organisations. The NCSC moved fast to protect key services in turbulent times.
Also centre stage at CYBERUK and in the Active Cyber Defence – The Fourth Year report was the response to SolarWinds. In the technical session delivered by Harry W, Tech Director for Incident Response at NCSC, he said that “DNS logs are great”, outlining how the PDNS logs allowed the NCSC to understand the full impact of SolarWinds, identify the areas in need of urgent attention, and take the next steps in remediation rapidly. For anyone who wasn’t aware of the true value and power of DNS logs in the world of cybersecurity, it was made clear: DNS is a critical weapon in our armoury.
Reflecting on PDNS in 2020 is, for the Nominet team delivering it, a proud moment. The service handled over 237 billion queries, nearly 100 billion more than in 2019. We also brought 302 additional organisations on to PDNS, not including the 1,000+ that come under the HSCN umbrella. We also trod new ground with the launch of PDNS Digital Roaming, bringing more secure connections to remote workers – a valuable introduction in a year when employees were forced to work from home.
Above all, seeing PDNS come to the fore, helping to protect our national infrastructure at a time when it was most needed is hugely rewarding to see. In the past year, PDNS has scaled new heights, proved its effectiveness above and beyond, as well as underlined its importance to our national defence. With the intention of ACD to be replicated across other industries and foreign governments, the next year is set to be even more exciting than the last and we’re thrilled to be able to support this global effort. What is more, as the UK becomes an international digital leader, PDNS will do its part in enabling the UK to stay resilient and secure, in the face of escalating threats. A worthy cause, without doubt.