The UK’s National Cyber Security Centre (NCSC) has confirmed it is scanning all of the nation's internet-connected servers for any possible vulnerabilities in order to assess where the country lies in terms of its cybersecurity credentials.
The NCSC is using a cloud-based system to run the scanning tools, which will be coming from the domain scanner.scanning.service.ncsc.gov.uk. It will run scans that “will slowly increase [in] complexity,” similar to those commonly undertaken by cyber security companies.
The agency’s technical director, Dr. Ian Levy, stated the importance of having reliable data to make informed decisions about cybersecurity. He referenced the Microsoft Exchange vulnerability that went public in March 2021, and the information the NCSC gleamed from the incident, as part of the justification for carrying out nationwide scans, noting that, “understanding the risk to the UK from different vulnerability types, accessible over different vectors in a timely manner, requires a dedicated capability.”
Sensitivity and transparency
The NCSC says it is only collecting the bare minimum of user data to check for vulnerabilities, which includes full web address data, as well as, “the time and date of the request and the IP addresses of the source and destination endpoints”.
It is also promising that personal data collected by mistake will be removed and prohibited from being swept up in future scans. “We're not trying to find vulnerabilities in the UK for some other, nefarious purpose”, stated Dr. Levy.
The NCSC also claims that it will be as transparent as possible with its processes. It aims to “publicly explain the purpose and scope of the scanning system”, as well as audit its activity so that any reports of misconduct resulting from the scans can be dealt with effectively.
People can also opt-out of having servers that they own from being scanned by emailing email@example.com with a list of IP addresses that they want precluded.
- See our best free security scanners
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers.
His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.
He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.