National Cyber Security Centre to publish rankings for departmental email security

Written by Rebecca Hill on 14 October 2016 in News

The National Cyber Security Centre is reportedly planning to list government departments that fail to comply with cyber security measures.

Traffic light system

Centre plans to rank government's email security red, amber or green - Photo credit: Flickr, Tim Green, CC BY 2.0

The centre, which opened for business at the start of this month, wants to encourage government departments to use email security measures, and has said it will set up a dashboard of red, amber and green indicators based on the level of email security.

Related content

“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
Are we entering a 'cognitive era'?

The centre plans to make this public so departments can pit themselves against each other, Computer Weekly reported.

The trade title said that the plans were announced by Ian Levy, the technical director of NCSC at a CW500 Security Club meeting in London.

“In six months the dashboard goes public as an incentive for government departments to take action or face being named and shamed,” he is quoted as saying.

NCSC has said that all government bodies must use Dmarc (domain-based message authentication, reporting and conformance) protocol set to the highest level.

Using Dmarc protocol helps stop people spoofing GOV.UK domains to send out malicious emails, by alerting the domain owners to the malicious emails and allowing them to take control over their domains.

The centre plans to roll Dmarc out across all 3,258 government domains as part of its active defence programme – which was first revealed by the centre’s leader Ciaran Martin last month.

Computer Weekly reported that Levy said that the centralised system, which processes all the Dmarc reports and automate responses – such as redirecting, or sinkholing, the emails – had closed 50 open email relays in the first six weeks of use.

Meanwhile, the centre has announced that it has certified two more companies to provide cyber security consultancy services to government.

Hewlett Packard Enterprise and Actica Consulting have joined the group of certified cyber security companies with the accreditation.

The certified cyber security consultancy scheme aims to indicate which consultancy services government and industry can use to protect their information online.

Actica Consulting can provide NCSC-approved consultancy on security architecture, risk management and risk assessment, while HPE can provide risk assessment and risk management.


Share this page


Add new comment

Related Articles

Scottish flag Scottish digital strategy set out plans for assurance, training and common platforms
22 March 2017

The Scottish government will implement a “tough” assurance process for digital projects, mandate the use of common technologies and offer training to make sure civil servants “get digital”.

Person hacking computer ICO: Councils need to sharpen up on data protection ahead of GDPR
22 March 2017

Survey shows lack of preparedness as data protection watchdog slaps £60,000 fine on Norfolk County Council

Technology Councils told to embrace ‘radical outcomes’ of smart technology
21 March 2017

Councils should be in the “driving seat” of technological change, but need to rethink the role they play in their locality and invest in long-term planning, a report has said.

Networking image Government bodies still need to be PSN compliant, says GDS
17 March 2017

Public sector organisations have been told they still have to meet the common Public Sector Network assurance standards while work is carried out to move away from the network.