Political candidates will be able access a new cyber defence service on their personal devices, the UK intelligence service has announced.
The National Cyber Security Centre, part of GCHQ, has ramped up security measures to protect officials from spear-phishing, malware attacks, and other cyber threats.
An opt-in service offers an extra layer of security by warning users if they try to visit a malicious domain. It will also block outgoing traffic to these domains.
The NCSC director for national resilience and future technology, Jonathon Ellison, urged eligible users to sign up to the service and follow the provided security guidance.
“Individuals who play important roles in our democracy are an attractive target for cyber actors seeking to disrupt or otherwise undermine our open and free society. That’s why the NCSC has ramped up our support for people at higher risk of being targeted online to ensure they can better protect their accounts and devices from attacks,” Mr. Ellison said in a statement.
The Personal Internet Protection service is part of a wider package that was updated in March ahead of local elections in England and Wales. Wide-ranging guidance by the NCSC aims to protect Electoral Management System data and to eliminate risks posed by spear-phishing.
Malicious Activity
The launch of the new cyber defence service was announced this week at the CYBERUK 2024 conference in Birmingham and follows reports of malicious activity attempts by the Russian intelligence services and Chinese state-affiliated actors.Speaking at the CYBERUK event, GCHQ Director Anne Keast-Butler said that challenges posed by China are the service’s top priority.
“We see the Chinese state acting in an increasingly assertive fashion on the world stage … The UK’s intelligence community is working alongside our allies and in partnership with our industry and academic colleagues to combat and deter cyber threats from nation states and hostile actors,” Ms. Keast-Butler said.
NCSC CEO Felicity Oswald urged business leaders and online security providers to focus on cyber resilience.
“China is certainly not treating security as an extra, and neither should we,” Ms. Oswald told the conference.
Personal accounts of political candidates are “almost certainly attractive targets for cyber actors looking to carry out espionage operations,” the NCSC has warned.
Personal Accounts
Internet protection offered to politicians is based on the protective domain name service developed for organisations. Since 2017, it has handled more than 2.5 trillion site requests and prevented access to 1.5 million malicious domains.In addition, politicians and other officials have been advised to sign up for the Account Registration service, which alerts users if malicious activity is detected on their personal accounts.
Intelligence services have also advised politicians to use disappearing WhatsApp messages on personal use devices, which would see texts automatically deleted after a set period.
WhatsApp users can set messages to disappear 24 hours, 7 days, or 90 days after they’re sent unless that message is kept. Disappearing messages can be turned on for all or selected chats.
“By turning this on you will limit what a successful attacker could access if they do manage to get in,” the advice says, adding that politicians should also be careful when receiving message requests from unknown accounts.
This year, millions of UK voters are expected to head to the polls for the general election.
The NCSC has cautioned that cyber attacks, such as spoofing, could see official domains hacked to send emails. This in turn could disrupt political campaigning and affect voters in the run up to elections.