NCSC develops service to scan for website threats

Webcheck one of the four measures for public authorities to improve cyber security

Central government’s cyber security body is planning to launch a service named WebCheck to help public sector organisations fix website threats.

National Cyber Security Centre logoThe National Cyber Security Centre (NCSC) announced the move in publishing a series of four steps, named Active Cyber Defence programmes, for organisations to take to tighten their security arrangements.

It said the move should immediately help to improve basic cyber security across the public sector, and will reinforce implementation of the National Cyber Security Strategy, published in November 2016.

The soon-to-be-launched WebCheck service will be freely available to the public sector and enable organisations to scan their websites and generate a report on what needs fixing and how to do so.

It is currently running as a prototype with 150 users from 114 different public sector organisations, and will be launched formally later this month.

Big focus

“As we prepare for formal launch a big focus is on signing up local government customers because our pilots have shown them to be the most likely immediate beneficiaries,” the NCSC said. 

“We are already looking at additions to the WebCheck service and, at the end of last year, the NCSC funded an internal discovery project to understand the extent of the public sector’s web ‘real estate’. Centrally held statistics indicated that there were over 2,500 such websites, but our project has identified at least 10 times as many which belong to public sector organisations. 

“Many of these have not been used or updated for some time and potentially provide an easy way in for cyber criminals and others with hostile intent. We have secured investment this year to develop this work and tie it explicitly to WebCheck so that we can inform public sector organisations of the websites they own so that they can either close them down or ensure that they are secure.”

It added that it will issue further guidance “in due course”.

Bad things blocker

The first of the other three measures – all outlined in everyday language – is blocking bad things from being accessed from government systems by using the Protected DNS. This takes data from GCHQ and commercial partners about known malicious addresses and blocks the user from going there, thereby protecting users from visiting infected sites while on work systems.

Second is blocking bad emails pretending to be from government by using DMARC anti-spoofing (domain based message authentication, reporting and conformance). This helps to authenticate an organisation’s communications as genuine and ensures that dangerous emails do not arrive in a user’s inbox.

The other is removing bad things such as phishing and malware mitigation from the internet.

Since June 2016, the NCSC has been working with anti-phishing specialist Netcraft on a countermeasures service to protect government brands. It said departments can augment the service by notifying the company if they discover they are the target of a phishing campaign, or that there are malicious emails purporting to be from them.

Netcraft will then issue takedown notifications to the hosts of the email and phishing sites.

The service is due to be expanded over the coming months to cover deceptive domains and malware apparently delivered by government.

Image from NCSC, Open Government Licence v3.0