The UK National Cyber Security Centre is actively scanning all internet-accessible systems in the UK to create an overview of the nation’s exposure to vulnerabilities. Credit: Getty Images The UK National Cyber Security Centre (NCSC) is scanning all UK internet-connected devices/systems to detect vulnerabilities and help owners better understand their security posture. The NCSC said its scanning operations are designed to build a “data-driven view of the vulnerability of the UK” reflecting the government’s aim of making the UK the safest place to live and do business online. The activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact, although owners can opt-out of scanning if they wish, the NCSC added. Collected data is used to create an overview of the nation’s exposure to vulnerabilities and to track their remediation over time.How UK NCSC scans systems for vulnerabilities, collects and records dataIn a posting on its website, the NCSC gave a summary of how scanning is performed, along with an outline of what information is collected and stored. “To identify whether a vulnerability exists on a system, it first needs to identify the existence of specific associated protocols or services. We do this by interacting with the system in much the same way a web browser or other network client typically would and then analysing the response that is received.” By repeating these requests on a regular basis, the NCSC can maintain an up-to-date picture of vulnerabilities across the whole of the UK, it added.As for data collection, the NCSC said it collects and stores any data that a service returns in response to a request, which are designed to collect the smallest amount of technical information required to validate the presence/version or vulnerability of a piece of software. “For web servers, this includes the full HTTP response (including headers) to a valid HTTP request. For other services, this includes data that is sent by the server immediately after a connection has been established or a valid protocol handshake has been completed. We also record other useful information for each request and response, such as the time and date of the request and the IP addresses of the source and destination endpoints,” the NCSC wrote.The requests are also designed to limit the amount of personal data within the response, and in the “unlikely event” that the NCSC discovers information that is personal or otherwise sensitive, it takes steps to remove the data and prevent it from being captured again in the future, it stated. “All our probes are verified by a senior technical professional and tested in our own environment before use. We also limit how often we run scans to ensure we don’t risk disrupting the normal operation of systems,” the NCSC added. All activity is performed on a schedule using standard and freely available network tools running within a dedicated cloud-hosted environment. All connections are made using either 18.171.7.246 or 35.177.10.231 IP addresses. Owners who wish to remove IP addresses from future scan activity should contact NCSC by email.Scanning could help build resilience to growing threatsJake Moore, cybersecurity expert at ESET UK, tells CSO there are multiple internet access points in organisations that businesses may not even be aware of themselves. “This scanning offers a vital overlook from above into areas which may not even be considered a threat as many businesses do not realise their own threat level purely due to only viewing threats from the inside out,” he adds. Having the benefit from an outsider looking in on what may not even be known could be what it takes to mitigate a threat and reduce risk. “It won’t be a catch all approach, but if anything can limit an attack or slow it down, it helps build up resilience to growing threats on a larger scale.” Related content news analysis Cisco unveils AI-powered assistants to level up security defenses New AI-driven tools aim to simplify and bolster policies, alerts and prevention to reduce complexity when setting security policies and assess traffic without decryption. By Rosalyn Page Dec 05, 2023 5 mins Encryption Cloud Security brandpost Sponsored by Microsoft Security How Microsoft and Amazon are expanding the fight against international tech support fraud By partnering with other companies to share vital information and resources, Microsoft is taking the fight to ever-evolving support fraud in 2024…and beyond. By Microsoft Security Dec 05, 2023 1 min Security news analysis Russia's Fancy Bear launches mass credential collection campaigns The campaigns exploit Outlook and WinRAR flaws to target government, defense, and other entities, and they represent a change of tactic for the APT28 group. By Lucian Constantin Dec 05, 2023 5 mins Advanced Persistent Threats Critical Infrastructure Vulnerabilities brandpost Sponsored by Palo Alto Networks Addressing vulnerabilities in OT environments requires a Zero Trust approach Here’s a rundown of why manufacturers are so exposed and how Zero Trust can help solve many security issues. By Navneet Singh, vice president of marketing, network security, Palo Alto Networks Dec 05, 2023 6 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe