At first glance, the sea-battered Shetland Isles appear an unassuming candidate for a leader in UK cyber security.
Despite being accessible only via a 12 hour ferry crossing or propeller plane, and maintaining a population of 23,000, the islands have emerged as one of the first adopters of a new anti-phishing tool recommended by the NCSC.
Research from the UK’s National Cyber Security Centre has highlighted the fact that cyber-crime has increased and evolved into many different forms in recent years.
With around half of the British population having been targeted by cyber-criminals and 8% falling victim, the Shetland Islands Council has adopted the DMARC system for screening incoming emails.
DMARC (domain-based message authentication, reporting and conformance) works by telling email recipients whether the sender is protected by Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM).
These two frameworks validate whether emails which claim to have come from a specific domain were indeed authorised by that domain. As a result, it removes guesswork about their sender, and could in theory eliminate email spoofing as one of the cornerstones of online phishing.
Although the work was ‘not easy’, DMARC has been implemented by the council’s IT department, at the very low cost of only £1,000.
As yet, Shetland and Aberdeenshire are the only local authorities that have implemented the system, with Aberdeenshire fully rolling out DMARC first.
DIGIT reached out to several official organisations to ask why the system has not yet been adopted more widely. However we received no definitive answers.
It is hoped that the new Chief Information Security Officer role, now being sought by Scotland’s Digital Office, will encourage local authorities to brush up on their cyber-resilience in line with recent government plans.
[Original source: The Shetland Times]