When I announced the NCSC’s Active Cyber Defence programme in November 2016, I was clear that, while we can use government as a guinea pig, we need partners to help us scale the protection we need to the whole of the UK. In my blog, I talked about the public sector protective DNS and said ‘we'll be talking to ISPs about doing something similar for their residential customers by default’. In this guest blog, Dave Harcourt, chief security advisor at BT, talks about how they are leading the way in doing just that – and building a community for ISPs to share data in real time to better protect UK customers. This is a big step towards our Active Cyber Defence vision: protect the majority of the people from the majority of the harm caused by the majority of the attacks the majority of the time. As we get more partners on board and more services scaled, we should be able to publish national-level data that shows how these initiatives better protect people, businesses and critical infrastructure in the UK.
Ian Levy, Technical Director, National Cyber Security Centre
Proactive protection: Supporting the NCSC to make our customers safer
October marks cyber security month, which looks to help employees, citizens and businesses across Europe and the US stay safe and secure online.
At BT, we believe that only by working together can we collectively succeed in stemming the tide of cyber crime. That’s why we are leading activity across the telecoms industry with the UK’s National Cyber Security Centre (NCSC) to protect our customers from as many of these threats as possible.
As part of NCSC’s world-leading Active Cyber Defence programme, which tackles the high-volume commodity attacks that affect people's everyday lives, BT and the NCSC are working together to protect people against cyber attacks and to make it more difficult for cyber criminals to target the UK.
Protecting customers by default
One of the areas we’re supporting the NCSC on is around malicious software and websites. We’ve been taking a more proactive and automated approach to blocking malicious code and harmful website content on our infrastructure for some time, which means we’re protecting our customers by default. Blocking malware, such as computer viruses, worms and spyware, allows us to mitigate a high volume of cyber threats before they have a chance to take hold and impact our customers. We block over 100 million attempted malware communications per month to help keep our customers safe.
Preventing harm through collaboration
We’re also the first telecommunications provider in the world to share malware information on a large scale with other Internet Service Providers (ISPs) and automatically use the data to protect people. Using a free, collaborative online platform, ISPs can alert each other in a secure and trusted way to any malicious domains associated with malware control. ISPs can then take action to protect their customers by blocking such harmful malware. We’ve already identified and shared over 300,000 malicious domains to date with the 11 other organisations on the platform.
We’ve taken the step of sharing data relating to malware not only because it helps us to protect our customers online, but also because it helps protect the wider security infrastructure that our network and services interact with (e.g. critical national infrastructure). By supporting the NCSC and their ACD programme, and through greater collaboration and the exchange of information, we’re helping make the UK a safer place to live and do business online.
A global issue
Whilst the UK is where the majority of our customers are, we also have customers in 180 countries globally. When a customer buys from us, they are benefitting from our knowledge and experience of how to protect a large, global network and millions of customers. But they also value the relationships we have with government agencies, telecommunications providers, security suppliers and partners around the world.
By raising the cyber security bar, we’re making it more difficult for cyber criminals to make gains. Because if they’re less like to make money or it’s more risky for them, it’s less likely hackers will try to attack the UK in the first place.
Staying one step ahead
We’re never going to eradicate cyber crime, but by continuing to collaboratively share threat intelligence, we can try to stay one step ahead of the cyber criminals and protect our customers, whether they’re individuals or multinational organisations.