Britain's GCHQ looks at creating nationwide internet firewall

LONDON (Reuters) - Britain’s GCHQ security agency is considering developing a nationwide internet firewall to block malicious content and protect government networks from rocketing numbers of attacks, the incoming head of its new cyber security arm says.

People sit at computers in the 24 hour Operations Room inside GCHQ, Cheltenham in Cheltenham, November 17, 2015. REUTERS/Ben Birchall/Pool

Ciaran Martin, the chief executive of the eavesdropping agency’s National Cyber Security Centre (NCSC), said the measure was among a number of more ambitious, active approaches Britain was taking in the face of an upsurge in attacks.

“Far too many of these basic attacks are getting through. And they are doing far too much damage,” Martin said in a speech at a summit in Washington.

“It’s possible to filter unwanted content or spam. It’s possible to filter offensive content. It’s possible to block malicious content. So why aren’t we doing more of it.”

The plan would involve taking automated defenses being developed by the NCSC, which launches next month, to internet service providers’ servers on a voluntary basis.

GCHQ has been accused of carrying out mass snooping on the public, and any plans to extend its role into the private sphere are likely to raise concerns among privacy campaigners.

Martin said the NCSC’s roots in the intelligence community did pose challenges, adding that internet users would be able to opt out of the protection the firewall offered.

“For an organisation whose history, custom and practice originate in the secret world this is not always comfortable but it’s necessary, because cyber’s a team sport,” he said.

“...Addressing privacy concerns and citizen choice is hardwired into our program.”

The NCSC’s brief will be to better coordinate Britain’s cyber defenses, and Martin said the proposed “flagship” project of extending government defenses to private internet providers would scale up DNS (domain name system) filtering, a means of screening out malicious websites.

“What better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses,” he said.

Last year, Martin said some 200 national security level cyber incidents were detected every month, double the number from the previous year while 65 percent of all large UK companies had reported a breach.

However, he said most attacks were unsophisticated, highlighting the high-profile hacking of Britain’s TalkTalk Telecom Group which he said had used a technique from the end of the last century.

He said the NCSC was looking to use new automated systems to better protect government networks, such as stopping scammers using spoof email addresses that appeared to be from official departments. This had stopped one such scammer sending 58,000 malicious emails a day from the fake address.

Reporting by Michael Holden; editing by John Stonestreet