The UK government is scanning all of the country's internet connections

connection
(Image credit: Shutterstock / IR Stone)

The UK’s National Cyber Security Centre (NCSC) has confirmed it is scanning all of the nation's internet-connected servers for any possible vulnerabilities in order to assess where the country lies in terms of its cybersecurity credentials.

The NCSC is using a cloud-based system to run the scanning tools, which will be coming from the domain scanner.scanning.service.ncsc.gov.uk. It will run scans that “will slowly increase [in] complexity,” similar to those commonly undertaken by cyber security companies. 

The agency’s technical director, Dr. Ian Levy, stated the importance of having reliable data to make informed decisions about cybersecurity. He referenced the Microsoft Exchange vulnerability that went public in March 2021, and the information the NCSC gleamed from the incident, as part of the justification for carrying out nationwide scans, noting that, “understanding the risk to the UK from different vulnerability types, accessible over different vectors in a timely manner, requires a dedicated capability.”

Sensitivity and transparency

The NCSC says it is only collecting the bare minimum of user data to check for vulnerabilities, which includes full web address data, as well as, “the time and date of the request and the IP addresses of the source and destination endpoints”. 

It is also promising that personal data collected by mistake will be removed and prohibited from being swept up in future scans. “We're not trying to find vulnerabilities in the UK for some other, nefarious purpose”, stated Dr. Levy. 

The NCSC also claims that it will be as transparent as possible with its processes. It aims to “publicly explain the purpose and scope of the scanning system”, as well as audit its activity so that any reports of misconduct resulting from the scans can be dealt with effectively.

People can also opt-out of having servers that they own from being scanned by emailing scanning@ncsc.gov.uk with a list of IP addresses that they want precluded. 

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.