The UK National Cyber Security Centre is actively scanning all internet-accessible systems in the UK to create an overview of the nation’s exposure to vulnerabilities. Credit: Getty Images The UK National Cyber Security Centre (NCSC) is scanning all UK internet-connected devices/systems to detect vulnerabilities and help owners better understand their security posture. The NCSC said its scanning operations are designed to build a “data-driven view of the vulnerability of the UK” reflecting the government’s aim of making the UK the safest place to live and do business online. The activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact, although owners can opt-out of scanning if they wish, the NCSC added. Collected data is used to create an overview of the nation’s exposure to vulnerabilities and to track their remediation over time.How UK NCSC scans systems for vulnerabilities, collects and records dataIn a posting on its website, the NCSC gave a summary of how scanning is performed, along with an outline of what information is collected and stored. “To identify whether a vulnerability exists on a system, it first needs to identify the existence of specific associated protocols or services. We do this by interacting with the system in much the same way a web browser or other network client typically would and then analysing the response that is received.” By repeating these requests on a regular basis, the NCSC can maintain an up-to-date picture of vulnerabilities across the whole of the UK, it added.As for data collection, the NCSC said it collects and stores any data that a service returns in response to a request, which are designed to collect the smallest amount of technical information required to validate the presence/version or vulnerability of a piece of software. “For web servers, this includes the full HTTP response (including headers) to a valid HTTP request. For other services, this includes data that is sent by the server immediately after a connection has been established or a valid protocol handshake has been completed. We also record other useful information for each request and response, such as the time and date of the request and the IP addresses of the source and destination endpoints,” the NCSC wrote.The requests are also designed to limit the amount of personal data within the response, and in the “unlikely event” that the NCSC discovers information that is personal or otherwise sensitive, it takes steps to remove the data and prevent it from being captured again in the future, it stated. “All our probes are verified by a senior technical professional and tested in our own environment before use. We also limit how often we run scans to ensure we don’t risk disrupting the normal operation of systems,” the NCSC added. All activity is performed on a schedule using standard and freely available network tools running within a dedicated cloud-hosted environment. All connections are made using either 18.171.7.246 or 35.177.10.231 IP addresses. Owners who wish to remove IP addresses from future scan activity should contact NCSC by email.Scanning could help build resilience to growing threatsJake Moore, cybersecurity expert at ESET UK, tells CSO there are multiple internet access points in organisations that businesses may not even be aware of themselves. “This scanning offers a vital overlook from above into areas which may not even be considered a threat as many businesses do not realise their own threat level purely due to only viewing threats from the inside out,” he adds. Having the benefit from an outsider looking in on what may not even be known could be what it takes to mitigate a threat and reduce risk. “It won’t be a catch all approach, but if anything can limit an attack or slow it down, it helps build up resilience to growing threats on a larger scale.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe