The UK official NCSC (National Cyber Security Centre) is launching its internet scanning capability. This will feed into the challenge, said Dr Ian Levy, NCSC Technical Director, in a blog post. It’s due, he wrote, to the Centre having ‘reached the limit of the utility of the commercial internet-scanning data we procure’.
This new capability will help the Centre to: better understand the vulnerability and security of the UK; help system owners understand their security posture on a day-to-day basis; and respond to shocks (like a widely exploited zero-day vulnerability).
He wrote: “Most cyber security companies silently run internet scans similar to the ones we’re talking about. But the NCSC is part of an intelligence agency, so I think we need to be a bit more open about our scanning.
“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose. We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”
It’s part of the NCSC’s Active Cyber Defence (ACD).
Comments
Sylvain Cortes, VP Strategy at Hackuity said: “The NCSC initiative is part of a comprehensive approach to securing external assets that are often overlooked in remediation plans dedicated to addressing vulnerabilities. Already in January, the NCSC made available on Github a bunch of NMAP scripts to help organisations identify their internal vulnerabilities on their own network. With these two tools combined, UK-based organisations have access to a first level of information, which they will then have to process in a prioritisation process in order to be efficient and focus their efforts on the important elements.”
And Chris Vaughan, VP – Technical Account Management, EMEA, at the cyber firm Tanium, welcomed the scanning. ‘You can’t protect what you can’t see’ has become a commonly used idiom in the cybersecurity sector given how complex it can be to obtain a clear picture of where the most valuable data resides in an IT environment and what devices are connecting to the network. We usually talk about this in relation to businesses, but it also applies to the government. If they can gain a better view of what vulnerabilities exist then the protection they can provide for the country will be strengthened.
“I expect the initiative will extend the government’s capabilities to report at a sector level which will help minimise the impact of vulnerabilities. It will also allow the NCSC to flag security issues to systems owners and keep them accountable for rolling out patches in a timely manner. Despite these benefits I know that some people will be concerned about the privacy aspects of the exercise, so I think the NCSC was right to state that scans are designed to collect a minimum amount of information required to check if the scanned asset is affected by a vulnerability. If any sensitive or personal data is inadvertently collected, the NCSC says it will take steps to remove the data and prevent it from being captured again.”
