The UK Cyber Security Council announced itself to the public realm last week by touting a domain it doesn’t own. Helpfully, internet jokesters then bought up variations on the official address.
A brainchild of the Department for Digital, Culture, Media and Sport, the UK Cyber Security Council is billed by government as “the regulatory body, and voice, for UK cyber security education, training and skills.” As part of that it “drives progress towards meeting the key challenges the profession faces.”
All very worthy and important. When British infosec folk noticed that the official press release mentioned an email address for ukcybersecurity[.]org[.]uk, however, everything started unravelling.
UK govt advert encouraging re-skilling for cyber jobs implodes spectacularly
Why? Because the UK Cyber Security Council didn’t own ukcybersecurity[.]org[.]uk. Nobody did – until Adrian Kennard bought it and pointed it at his personal blog, where he dispensed some gentle advice to the new org.
“One of the tips I can give you when it comes to cyber security is that you should be careful to ensure that contact details you publish actually belong to you,” wrote Kennard, who runs a UK ISP, adding: “It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at email@example.com for more information (be nice).”
The UK Cyber Security Council domain doesn’t even have a parking page, let alone a working website behind it
So far nobody’s asked for the domain, Kennard told The Register – though there were a couple of attempts to register GPG keys for the address which he said weren’t by him. This could have been serious had an actual fraudster got hold of the domain: they would then be able to present themselves as an authenticated representative of UKCSC.
Others who picked up on the missing domain were slightly less nice. The domain ukcybersecuritycouncil.uk currently returns this actually-quite-helpful page…
Some joker set up a spoof UK Cyber Security Council webpage to answer an obvious question
… which points out what happens when you visit what appears to be the legitimate domain, ukcybersecuritycouncil.org.uk. Yes, that’s an HTTP 502 error: there’s nothing there to view. Inspired viral marketing move, there.
We have asked both DCMS and the UK Cyber Security Council to comment, the latter via what we hope is its actual email address. If this article disappears after publication and is replaced by offers from “Elon Musk” for “free Bitcoin”, we might have to keep asking around.
Your next job could be in cyber….
The UKCSC was first mooted in 2018 before being formally announced in the government’s Defence Industrial Strategy in March. It’s not clear exactly what the new body will do, though it boasts a variety of professional membership bodies as members including the British Computer Society (aka the Chartered Institute for IT), the Institution of Engineering and Technology and, inevitably, TechUK.
In its marketing fluff UKCSC declared it will deliver “thought leadership, career tools and education resources to the cyber security sector and those seeking a career in the industry, alongside helping influence government, industry and academia with the aim of developing and promoting UK cyber security excellence globally and growing the skills base.”
El Reg suggests that constructing a website and not directing the press to a non-existent domain would be two good pieces of thought leadership to start with. ®