The National Cyber Security Centre (NCSC) has launched a new scheme and is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. designed to help it better understand how vulnerable UK systems are to cyber-attack, in order to enhance resilience.
The agency’s new internet scanning capability is designed to build a data-driven view of “the vulnerability of the UK.”
It will do this by probing any internet-accessible systems hosted in the country for known vulnerabilities, allowing the NCSC to understand how exposed these assets are and track remediation over time.
“We design our requests to collect the smallest amount of technical information required to validate the presence/version and/or vulnerability of a piece of software. We also design requests to limit the amount of personal data within the response,” the NCSC explained.
“In the unlikely event that we do discover information that is personal or otherwise sensitive, we take steps to remove the data and prevent it from being captured again in the future.”
The agency hopes the data it collects will help it to:
- better understand the vulnerability and security of the UK as a whole
- advise system owners about their security posture on a day-to-day basis
- respond faster to incidents like a widely exploited zero-day vulnerability
In a blog explaining the new capability, outgoing technical director, Ian Levy, sought to reassure readers that the agency, which is part of GCHQ, wasn’t trying to find bugs “for some other, nefarious purpose.”
“The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure and track their remediation over time.”
NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231).
The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet.
“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose,” NCSC technical director Ian Levy explained.
“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”
He added that the priority would be transparency, rigorous auditing, minimal scanning activity to reduce the impact on target resources and swift processing of any opt-out requests.
“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it),” he explained.
The NCSC released new data this week revealing the significant impact it has had over the past year in making the UK a safer place in which to live and do business.
Its Early Warning service provided users with 34 million alerts about attacks, compromises, vulnerabilities and open ports over the period, it said.
How to opt-out of vulnerability probes
Data collected from these scans includes any data sent back when connecting to services and web servers, such as the full HTTP responses (including headers).
Requests are designed to harvest the minimum amount of info required to check if the scanned asset is affected by a vulnerability.
If any sensitive or personal data is inadvertently collected, the NCSC says it will “take steps to remove the data and prevent it from being captured again in the future.”
British organizations can also opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.
In January, the cybersecurity agency also started releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.
The NCSC plans to release new Nmap scripts only for critical security vulnerabilities it believes to be at the top of threat actors’ targeting lists.
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.