The National Cyber Security Centre (NCSC) has launched a new scheme designed to help it better understand how vulnerable UK systems are to cyber-attack, in order to enhance resilience.
The agency’s new internet scanning capability is designed to build a data-driven view of “the vulnerability of the UK.”
It will do this by probing any internet-accessible systems hosted in the country for known vulnerabilities, allowing the NCSC to understand how exposed these assets are and track remediation over time.
“We design our requests to collect the smallest amount of technical information required to validate the presence/version and/or vulnerability of a piece of software. We also design requests to limit the amount of personal data within the response,” the NCSC explained.
“In the unlikely event that we do discover information that is personal or otherwise sensitive, we take steps to remove the data and prevent it from being captured again in the future.”
The agency hopes the data it collects will help it to:
- better understand the vulnerability and security of the UK as a whole
- advise system owners about their security posture on a day-to-day basis
- respond faster to incidents like a widely exploited zero-day vulnerability
In a blog explaining the new capability, outgoing technical director, Ian Levy, sought to reassure readers that the agency, which is part of GCHQ, wasn’t trying to find bugs “for some other, nefarious purpose.”
He added that the priority would be transparency, rigorous auditing, minimal scanning activity to reduce the impact on target resources and swift processing of any opt-out requests.
“We're beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we're doing (and why we're doing it),” he explained.
The NCSC released new data this week revealing the significant impact it has had over the past year in making the UK a safer place in which to live and do business.
Its Early Warning service provided users with 34 million alerts about attacks, compromises, vulnerabilities and open ports over the period, it said.