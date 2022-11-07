The UK official NCSC (National Cyber Security Centre) is launching its internet scanning capability. This will feed into the challenge, said Dr Ian Levy, NCSC Technical Director, in a blog post. It’s due, he wrote, to the Centre having ‘reached the limit of the utility of the commercial internet-scanning data we procure’.

This new capability will help the Centre to: better understand the vulnerability and security of the UK; help system owners understand their security posture on a day-to-day basis; and respond to shocks (like a widely exploited zero-day vulnerability).

He wrote: “Most cyber security companies silently run internet scans similar to the ones we’re talking about. But the NCSC is part of an intelligence agency, so I think we need to be a bit more open about our scanning.

“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose. We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”

It’s part of the NCSC’s Active Cyber Defence (ACD).

Comment

Sylvain Cortes, VP Strategy at Hackuity said: “The NCSC initiative is part of a comprehensive approach to securing external assets that are often overlooked in remediation plans dedicated to addressing vulnerabilities. Already in January, the NCSC made available on Github a bunch of NMAP scripts to help organisations identify their internal vulnerabilities on their own network. With these two tools combined, UK-based organisations have access to a first level of information, which they will then have to process in a prioritisation process in order to be efficient and focus their efforts on the important elements.”