Active Cyber Defence (ACD) is the title given to a range of technologies and processes set up by the NCSC to help make the UK the safest place to live and do business online.

Active Cyber Defence (ACD) seeks to reduce the harm from commodity cyber attacks by providing tools and services that protect from a range of attacks.

ACD v1.0 saw a number of innovative systems developed by the NCSC which proactively defend vital networks and services from malicious harm.

Current ACD offerings include:

Web Check – Web Check checks customer websites for common web vulnerabilities and misconfigurations. The checks are designed to impose low load on sites and to avoid damaging them. Web Check tells owners / administrators: what they need to worry about, when they need to worry about it and what they need to do about it.

Mail Check – Mail Check is the NCSC’s free platform for assessing email security compliance. It helps domain owners identify, understand, and prevent abuse of their email domains. In particular, Mail Check supports organisations in implementing the following controls:

  • Email confidentiality (TLS): Keeping messages encrypted and private as they are sent over the internet.
  • Email anti-spoofing controls (SPF, DKIM and DMARC): These standards help prevent various attacks (for example, phishing and malware campaigns) that use an organisation’s email domain to trick email recipients.

Early Warning – Early Warning is a free NCSC service designed to inform organisations of potential cyber attacks on their networks, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names provided, correlates those which are relevant to the organisation into daily notifications via the Early Warning portal.

Protective DNS (PDNS) – PDNS prevents access to domains known to be malicious, by simply not resolving them. Preventing access to malware, ransomware, phishing attacks, viruses, malicious sites and spyware at source makes the network more secure. Think pi-hole but on a UK-wide scale.

Exercise in a box – Exercise in a Box is a free, online tool from the NCSC which helps organisations test and practise their response to a cyber attack.

The service provides exercises, based around the main cyber threats, which an organisation can do in their own time, in a safe environment, as many times as they want. It includes everything required for setting up, planning, delivery, and post-exercise activity, all in one place.

Times are changing

Currently all these services are managed by NCSC teams – This is where the NCSC needs the help from academia and industry.

In a blog post earlier this month – the NCSC announced ACDv2.0 with some changes:

NCSC want ACD 2.0 to be a partnership; across the NCSC, across the cyber security community in government, and crucially also with industry and academia. Combined with our unique organisation, we can have a disproportionate impact on cyber resilience at scale.

NCSC needs to focus its efforts where they can make a uniquely valuable contribution – where there is a gap in the commercial market, or where being part of GCHQ presents a unique opportunity to drive up resilience at scale.

In light of this changing context, and from experience providing the existing ACD services, NCSC are assessing new delivery models and partners and are seeking to build a next generation suite of services under ACD 2.0.

In pursuit of this goal, NCSC have set these principles for ACD 2.0:

  1. The NCSC will only deliver solutions where the market is not able to – whether that’s due to our unique position in government, scaling abilities, capabilities or authorities
  2. The NCSC will look to divest most of our new successful services within 3 years – to another part of government or the private sector to run on an enduring basis

The NCSC are inviting those with ideas, or products & services and would like to work with the NCSC, to get in touch for further details.

Related Articles

MOAB* – 26 Billion breached records discovered online
General blogs

MOAB* – 26 Billion breached records discovered online

Mark
Cyber attack affects London hospitals
General blogs

Cyber attack affects London hospitals

Mark
US car industry hit in multi-pronged attack
General blogs

US car industry hit in multi-pronged attack

Mark
NCSC release vulnerability management guidance
General blogs

NCSC release vulnerability management guidance

Mark
XZ vulnerability – a perfect lesson in Social Engineering in a supply chain attack
General blogs

XZ vulnerability – a perfect lesson in Social Engineering in a supply chain attack

Mark