GCHQ steps in to combat hackers attempting to crash UK power grid via smart energy meters
GCHQ wants to use DNS filtering to help combat cybercrime GCHQ

The Government Communications Headquarters (GCHQ), the UK's secretive signals intelligence agency, is developing 'automated defence' tools – already dubbed the 'Great British Firewall' - to help combat a spike in cyberattacks over the past year.

The scheme, which is still in the early planning stages, would see major UK service providers working alongside GCHQ in a voluntary capacity to help filter malicious website domains that could potentially be used by hackers or state-sponsored rivals to infect computer systems.

The main base for the operation is likely to be the agency's upcoming National Cyber Security Centre (NCSC), set to launch later this year, which will bring together experts from MI5, Cert, local law enforcement and private industry to help fight the threat of hacking.

"We know automated defences work on the internet," Ciaran Martin, GCHQ's director-general for cyber security, said during a conference in Washington DC on 13 September.

"It's possible to filter unwanted content or spam. It's possible to filter offensive content. It's possible to block malicious content. So why aren't we doing more of it? Well, in the UK now, we're really trying.

"We're exploring a flagship project on scaling up DNS [domain name system] filtering," he continued. "What better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?"

This blocking system, which will reportedly be opt-out for any privacy-conscious citizens, will have to be heralded by the private sector firms like BT, Virgin Media and Sky, Martin said. "The government does not own or operate the internet," he asserted. "Consumers [must] have a choice."

The GCHQ cyber chief said the agency is already testing a number of 'automated defence' methods on government networks and domains. "Whoever was sending 58,000 malicious emails per day from the delightfully named taxrefund@gov.uk isn't doing it anymore," Martin told the conference.

Additionally, the agency is piloting a number of ways of sending "automated takedown requests" to registrars and other websites hosting malicious domains.

"We're starting to see real, measurable results," Martin said, adding "looking at phishing attacks against UK government brands, the median time the phishing site is up has dropped from 49 hours to 5 hours. A clear, verifiable improvement."

Ciaran Martin
Ciaran Martin, cyber chief at the Government Communications Headquarters (GCHQ) speaks at the CyberSecurity summit in Bonn November 3, 2014 REUTERS/Wolfgang Rattay

From GCHQ's perspective, the need for strong digital defences is required more than ever. According to the government, one eighth of the UK's GDP comes from the digital economy and the nation's digital industries grew two-and-a-half times more quickly than the economy as a whole between 2003 and 2013.

Furthermore, critical infrastructure is turning to the internet, with electricity, gas and power grids increasingly relying on an internet connection to operate effectively.

Meanwhile, the amounts of external threats faced is quickly rising. According to Martin, GCHQ detected 200 national security level cyberattacks a month last year, double the figure recorded the year previous. From rival nations like Russia and China to UK criminal gangs, the UK agency is fighting cybercrime on all fronts – despite typically being a foreign intelligence gathering operation.

Major attack is coming

Despite the ramping up of cybercrime rhetoric, especially in light of recent state-sponsored hacks against the US political system and the World Anti-Doping Agency, Martin said the UK is still yet to fall victim to a major hacking crisis. This will inevitably change, he warned.

"It's possible to filter unwanted content or spam. It's possible to filter offensive content. It's possible to block malicious content. So why aren't we doing more of it?"

- Ciaran Martin, GCHQ

"Unlike some of our allies, there has not yet been a single stand-out incident of hostile foreign cyberattack that's resonated as a first-order national crisis with the public and media," the cyber chief said. "But I expect – frankly I know – that we will face one, and we prepare on that basis."

It remains to be seen how civil liberties and privacy rights groups will react to the notion of DNS filtering or increased automation scanning of the internet. As noted by the Financial Times, the same technical ideas are the basis of China's 'Great Firewall', routinely used to censor the web.

Martin, who will also head up the NCSC when it launches, did not make a reference to who would be in charge of deciding what exactly is blocked and how such algorithms would be programmed. GCHQ, when contacted by IBTimesUK, declined to comment further.

Yet for Martin, and one suspects British Intelligence as a whole, protecting national security remains the ultimate priority. "The majority of successful cyberattacks are not sophisticated," he said. They can be defended against, but they're doing serious damage and we're not yet as well we want to against them.

"[As] security officials we're sometimes accused of wishing this new world away and seeking to thwart or slow the onset of the technology that underpins this revolution," he said. "I emphatically reject this."