The UK’s National Cyber Security Center has launched a new program that will continuously scan every internet-connected device hosted in the UK for vulnerabilities to help the government respond zero day threats.
The NCSC, part of Government Communications Headquarters, which acts as the UK’s public technical authority on cyber threats, says launched the initiative to build a data-driven view of ‘UK vulnerability and security’
It is similar to efforts by Norway’s National Security Authority, which last year saw the agency look for evidence of exploitation of Microsoft Exchange Vulnerabilities aimed at internet users in the country. of Slovenia cyber defense response unit, known as SI-CERT, also said at this time that it is notifying potential victims of an Exchange zero-day bug in its web space.
NCSC’s scanning activity will cover any internet-accessible system that is hosted in the UK, explained by the agencyand will look for vulnerabilities that are common or particularly important due to widespread impact.
The NCSC says it will use the data collected to create “an overview of the UK’s exposure to vulnerabilities following their disclosure and track their remediation over time”. The agency also hopes the data will help advise system owners about their security posture on a day-to-day basis and help the UK respond more quickly to incidents such as zero-day vulnerabilities that are being actively exploited.
The agency explains that the information collected from these scans includes all data sent back when connecting to services and web servers, such as full HTTP responses, along with information about each request and response, including the time and date of the request and the IP addresses of the endpoints. source and destination points.
It notes that the requests are designed to collect the minimum amount of information necessary to verify whether the scanned asset is affected by a vulnerability. If sensitive or personal data is inadvertently collected, the NCSC says it “will take steps to remove the data and prevent its recapture in the future.”
Scanning is performed using tools running from NCSC’s dedicated cloud-hosted environment, allowing network administrations to easily identify the agency in their logs. UK-based organizations can opt out of having their servers scanned by the government by emailing the NCSC a list of IP addresses they want excluded.
“We are not trying to find vulnerabilities in the UK for some other, criminal purpose,” explained Ian Levy, the outgoing CTO of the NCSC, in blog post. “We’re starting with simple scans and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”