"My job is not to stop cybercrime. It is to send it to France ": it can be said that Ian Levy, the technical director of the NCSC has the sense of the formula. As reported by ZDNet.com, he was speaking yesterday at a keynote hosted by the Australian Cybersecurity Association. He spoke in particular about his role in the NCSC, the British equivalent of Anssi under the control of the GCHQ, and the evolution of the plans put in place to protect British citizens from attacks.
The quote is deliberately provocative, but sums up the NCSC's approach: their goal is to protect British citizens from computer attacks and mechanically push cybercriminals to take an interest in neighboring countries rather than in Britain. To achieve this, the NCSC began to implement a network monitoring tool called "Active Cyber Defense" for two years. "
The plan includes several distinct components: NCSC first implemented a Border Gateway Protocol (BGP) message monitoring tool, a protocol essential for routing Internet traffic. In close surveillance, the agency is able to identify attacks that exploit the weaknesses of this protocol and to warn potential victims to prevent them from causing too much damage. NCSC has also implemented a DNS routing system of its own, which is used by all websites and services that have been using .gov.uk domain names since August 2018. Data Analysis collected through this tool allowed the NCSC to block "about a million queries, for about 21,000 different reasons" explains Levy.Automatize to better rule
The tool is also used to identify ddos attacks targeting these services before they cause too much damage. The compiled data is integrated into a Threat-o-matic threat intelligence tool that quickly alerts service providers to take the necessary steps to limit the scope of the attack. before she reaches her target. The system makes it possible to quickly relay to operators and Internet access providers "compromise indicators" (domain names or IP addresses) which can then be easily blocked to limit attacks. "It's a real break. That's how you can use top-secret information to protect the country, "he summed up.
The NCSC does not neglect the passage to reinforce its defenses since Ian Levy also took advantage of the keynote to announce that more than 879 domain names in .gov.uk have implemented the security standard DMARC, a tool which makes it possible to fight against the spam and malicious email campaigns.
Does the approach remind you of something? It is broadly similar to that demanded by French Anssi in the new military programming law 2019-2025. The text was promulgated by the President of the Republic during the summer. In France, the Agency can now also collaborate more closely with telecom operators and hosting companies in order to block "upstream" computer attacks. If everyone can play the game of cybersecurity race, the latest arrivals may taste.