NCSC Expands Election Cybersecurity to Safeguard Candidates
The UK National Cyber Security Centre (NCSC) has launched a new cyber defense service to help protect political candidates against spear-phishing, malware attacks and other cyber threats during the 2024 election cycle.
The service, known as the Personal Internet Protection (PIP) offering, was announced at CyberUK 2024 in Birmingham and is being offered to political candidates and election officials.
It will warn users if they try to visit a domain which the NCSC knows to be malicious and block outgoing traffic to these domains.
Users will be encouraged to register their email addresses and details via a portal, then configuration will be loaded on the personal device used by the individual.
PIP also aims to proactively tackle issues around commercial spyware being nefariously installed on a device that could then be used to monitor activity on the mobile device and/or capture potentially sensitive data.
Speaking to Infosecurity, Toby Lewis, Global Head of Threat Analysis, Darktrace, and former Deputy Technical Director, Incident Management, at the NCSC, noted that during his time at the organization, which spanned previous UK elections, a lot of support was offered to political parties. Pushing support like this out to individual candidates and offering them this kind of level of support is a positive step, he noted.
This new service has been announced following the government’s statements in recent months about attempts by the Russian Intelligence Services and China state-affiliated actors to carry out malicious activity targeting UK institutions and individuals, including parliamentarians.
James Castro-Edwards, Counsel at Arnold & Porter and cybersecurity legal expert, commented, “As authoritarian states such as Russia and China take an increasingly hostile stance towards the UK, the PIP service will have its work cut out protecting the UK’s democratic institutions from hostile nation states’ sustained attempts at political interference.”
The PIP offering builds on the NCSC’s Protective Domain Name Service (PDNS) service, which was developed principally for use by organizations.
PDNS prevents access to domains known to be malicious, by simply not resolving them.
It is unclear how long the PIP service will be available and if it will be offered beyond this election cycle as the NCSC reviews all its services on an ongoing basis.
Individuals at higher risk are also encouraged to sign up for the Account Registration service – another opt-in service which allows the NCSC to alert individuals if malicious activity is detected on their personal accounts – and to follow NCSC advice for high-risk individuals, the NCSC said.