Back in November, the Chancellor launched the National Cyber Security Strategy. In it, we said we’d build services to protect the public sector from potential cyber attacks, as well as help them to become more cyber resilient.
One of those services is our UK Public Sector DNS service for the public sector. The internet facing resolver is now up and running with 44 organisations using it and it’s doing some cool stuff; actively protecting subscribers from attacks and helping us detect existing weirdness. For instance, based on current statistics, there were 264,954 blocks, of which 8,466 were unique per-customer per-day, and 3,312 were truly unique. The companion PSN resolver is due to become available by the end of 2017. We’ll talk about the things we’re seeing in due course, but we think we’ve already proven the value the service can bring.
Matt Philpott, Director of Infrastructure and Platforms at the Home Office said:
“The Home Office already includes an extensive array of security controls to protect our services, but the Public Sector DNS service provides an additional level of protection and monitoring for the Home Office which is free of charge. Using this service means we have an additional method to detect and block attempts to access malicious web sites which may not be otherwise be known by commercial protection products.”
I understand that people would be nervous of using a critical service like DNS if the NCSC had built it, so we didn’t. Nominet, the UK Registry, has a 20-odd year history of running national scale DNS with cracking uptime, so we asked them to do it for us. You already rely on them for anything ending in .uk, so relying on them for your recursive DNS service doesn’t change much in terms of business risk.
The Cabinet Secretary wrote to all permanent secretaries recently, saying that departments should use the protective services we’re providing. To make that easier for DNS, we’ve aggregated all the information public sector organisations need to get onto the service here.
I’d strongly encourage you to get onto the UK Public Sector DNS service as soon as you can. However, if you have any queries or issues, please visit our information page with details of how to get in touch and instructions on how to register.
Ian Levy
Technical Director, NCSC
Source: National Cyber Security Centre