Political candidates, election officials and others at high risk of being targeted online are being given access to support from the UK’s cyber experts to help boost their digital security.
The National Cyber Security Centre – a part of GCHQ – has announced a new cyber defence service today (Wednesday) which will help prevent individuals falling foul of spear-phishing, malware attacks and other cyber threats.
The new Personal Internet Protection service provides an extra layer of security on personal devices by warning users if they try to visit a domain which the NCSC knows to be malicious and by blocking outgoing traffic to these domains.
The opt-in service, launched today at CYBERUK 2024 in Birmingham, forms part of a wider package of cyber support on offer ahead of the next general election to individuals and organisations that play an important role in our democracy.
This follows the government’s announcements in recent months of attempts by the Russian Intelligence Services and China state-affiliated actors to carry out malicious activity targeting UK institutions and individuals, including parliamentarians.
To coincide with CYBERUK, the NCSC and international partners from five other countries have also produced new advice for civil society groups, whose work advancing democratic values puts them under threat of transnational repression by state-sponsored actors.
Jonathon Ellison, NCSC Director for National Resilience and Future Technology, said: “Individuals who play important roles in our democracy are an attractive target for cyber actors seeking to disrupt or otherwise undermine our open and free society.
“That’s why the NCSC has ramped up our support for people at higher risk of being targeted online to ensure they can better protect their accounts and devices from attacks.
“In this significant year of elections around the world, I urge individuals eligible for our services to sign up and to follow our guidance now to bolster their defences.”
The NCSC assesses that the personal accounts of candidates and election officials, as well as their official work accounts, are almost certainly attractive targets for cyber actors looking to carry out espionage operations.
The Personal Internet Protection offer for high-risk individuals builds on the NCSC’s Protective DNS service which was developed principally for use by organisations. Since 2017, PDNS has provided protection at scale for millions of public sector users, handling more than 2.5 trillion site requests and preventing access to 1.5 million malicious domains.
Individuals at higher risk are also encouraged to sign up for the Account Registration service – another opt-in service which allows the NCSC to alert individuals if malicious activity is detected on their personal accounts – and to follow NCSC advice for high-risk individuals.
The new guidance aimed at supporting civil society groups is designed for a community which faces a heightened threat of targeting by malicious cyber actors and are more likely to have limited resources to combat the threat. This includes elected officials, journalists, activists, academics, lawyers and dissidents.
Its publication follows a gathering of agencies from 10 countries at CYBERUK for the second Strategic Dialogue on the Cyber Security of Civil Society Under Threat from Transnational Repression.
The initiative is co-chaired by the NCSC and the United States’ Cybersecurity and Infrastructure Security Agency, and there was agency representation at this session from Austria, Canada, Denmark, Estonia, Japan, New Zealand, Norway and Romania.
At the latest dialogue, participants provided updates on the progress being made in their countries to safeguard civil society groups from cyber attacks and agreed to continue working together to raise collective resilience of global democracy.
The new guide ‘Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society’ can be read on the CISA website.