NCSC launches public sector internet protection service

Protective Domain Name System service is aimed at keeping public authority employees away from internet sources of malware

The National Cyber Security Centre (NCSC) has launched the UK Public Sector DNS service with the aim of ensuring organisations’ employees do not stumble on malicious internet domains.

Ghostly hands on laptop keyboardIan Levy, technical director of the NCSC, said it has now gone live and encouraged public authorities to sign up to the service as soon as possible.

It replaces the existing Public Services Network (PSN) DNS service, has been built by Nominet, the registry for internet domains ending in .uk, and is free for public authorities to use.

The Protective DNS is configured not to resolve any look-ups for internet domains that are known to be sources of malware. Instead it provides a block page with the reason the look-up was blocked, or an error message saying the IP address does not exist.

Levy said that 44 organisations are already using the new service, which has provided 264,954 blocks of which 8,466 were unique per-customer per-day, and 3,312 were truly unique.

He added that the service has been designed as part of the National Cyber Security Strategy, and that the cabinet secretary recently wrote to all of Whitehall’s permanent secretaries saying their departments should use the protective services developed by the NCSC.

Home Office support

Matt Philpott, director of infrastructure and platforms at the Home Office, expressed his support for the Protective DNS. “The Home Office already includes an extensive array of security controls to protect our services, but the Public Sector DNS service provides an additional level of protection and monitoring for the Home Office which is free of charge,” he said.

“Using this service means we have an additional method to detect and block attempts to access malicious websites which may not be otherwise be known by commercial protection products.”

Plans for the service were announced in November of last year. It appears to have developed more slowly than was originally planned, with the launch coming four months after the initial target date of April.

Image from BlogtrepreneurCC BY 2.0 through flickr