Cybersecurity“Great British Firewall”: U.K. plans firewall to protect industries, consumers

Published 15 September 2016

The GCHQ, U.K.’s surveillance agency, said it was planning to build a British firewall to offer protection against malicious hackers. GCHQ has developed cybersecurity systems the aim of which is to protect government sites and critical infrastructure, but the agency is now ready to offer its expertise to major private companies. “It’s possible to filter unwanted content or spam. It’s possible to filter offensive content. It’s technically possible to block malicious content,” GCHQ director said. “So, the question is: why aren’t we, the cybersecurity community, using this more widely? Well, we — in the U.K.— now are.”

The GCHQ, U.K.’s surveillance agency, said it was planning to build a British firewall to offer protection against malicious hackers.

GCHQ director, Ciaran Martin, made the proposal at a conference in Washington, D.C. Martin is also head of the U.K. National Cyber Security Center (NCSC), which is part of GCHQ.

The NCSC plan envisions private-sector Internet service providers  voluntarily complying with the proposed firewall approach, thus making legislation unnecessary.

Malicious Web sites which automatically infect visitors’ computers with malware are one of the most common methods of cyberattack.

The method is widely used by China, Iran, and Russia in efforts to penetrate sensitive government networks, steal commercial information, or compromise national infrastructure. It is also a method commonly used by cyber criminals to target individuals.

“It’s possible to filter unwanted content or spam. It’s possible to filter offensive content. It’s technically possible to block malicious content,” Martin said. “So, the question is: why aren’t we, the cybersecurity community, using this more widely? Well, we — in the U.K.— now are.”

“We’re exploring a flagship project on scaling up DNS [domain name system] filtering: what better way of providing automated defenses at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?” Martin said.

Financial Times reports that asking GCHQ for cyber-protection has its risks, since implementing tight cybersecurity protocols may allow the agency access to companies’ sensitive data, but that some companies may be still willing to ask GCHQ for help in protection against hackers.

GCHQ has developed cybersecurity systems the aim of which is to protect government sites and critical infrastructure, but the agency is now ready to offer its expertise to major private companies.

The FT notes that Martin’s proposal is in the early stages of formulation, and that privacy advocates have already sounded the alarm over the proposal’s privacy implications – not necessarily from the companies seeking GCHQ cybersecurity assistance, but from the customers of these companies.

GCHQ noted that consumers will be able to opt out of the security measure in order to allay concerns over civil liberties.

Martin told the 7th Annual Billington Cybersecurity Summit that the number of cybersecurity incidents — about 200 a month are detected — was growing and was double the level a year ago.

Martin said that because of its strategic interests and digital development, the United Kingdom  is one of the most vulnerable economies in the world to cyberattack, making the need for more robust government action to protect businesses and civilians urgent.

“Behind the necessarily closed doors of our cyber defense operations center, last year we detected twice as many national security level cyber incidents — 200 per month — than the year before,” he said.

“Faced with a problem of this importance and scale, we believe it is worth trying something new, unleashing innovation in the hope and expectation we can achieve a very significant breakthrough in the coming years.”

His talk on Tuesday was his first public comments as head of the National Cyber Security Center, which formally opens next month.