Fake UK government website redirect detection time reduced to eight days | Computer Weekly

The UK government is putting a positive spin on the news that it now takes eight days to stop hackers redirecting citizens to fake government websites.

Weaknesses in the Domain Name System (DNS), which converts website URLs into the network addresses of internet connected servers, can be used to redirect users to fraudulent sites, steal sensitive data or take services offline entirely – with potentially serious consequences for anyone relying on government services.

The DNS is based on a distributed network, which means any updates take time to propagate fully across all servers. This window of opportunity can be as short as a few minutes up to 72 hours or so.

The government has admitted that previously, a fraudulent DNS record used to go unnoticed for nearly two months. It has now put in place the Vulnerability Monitoring Service, which reduces this delay down to eight days. 

While there still appears to be a significant delay in resolving fake redirects, minister for digital government Ian Murray said: “The Vulnerability Monitoring Service has transformed how quickly we can spot and fix weaknesses before they’re exploited so we can protect against that. We’ve cut cyber attack fix times by 84% and reduced the backlog of critical issues by three-quarters. And as the service expands to cover more types of cyber threats, fix times are falling there, too.”

The Vulnerability Monitoring Service continuously scans 6,000 UK public sector bodies, detecting around 1,000 different types of cyber vulnerabilities. When a weakness is identified, the service alerts the relevant organisation with specific, actionable guidance and tracks progress until the issue is resolved.

Along with reducing the time taken to remediate fake DNS redirects, the government said the service has reduced median time to fix other cyber vulnerabilities from 53 days to 32, and cut the backlog of critical open domain-related vulnerabilities by 75%.

To help the government keep abreast of the latest cyber threats, Murray announced the Government Cyber Profession, to attract and develop people with cyber security skills.

Speaking at the annual government Cyber Security and Digital Resilience Conference, he said the goal of this initiative is to make the government a destination of choice for cyber professionals who want to protect the public services.

Richard Horne, CEO of the National Cyber Security Centre, said: “As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.

“The Government Cyber Action Plan is a crucial step in building stronger cyber defences across our public services, and the launch of the Government Cyber Profession today will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online.” 

The government has also unveiled a dedicated Cyber Resourcing Hub to streamline recruitment, with a career framework aligned with UK Cyber Security Council professional standards.

It also announced the Government Cyber Academy for training and development, an apprenticeship scheme to build future talent and structured career pathways to strengthen long-term capability across the public sector. 

The North West will serve as a primary hub for the profession.