NCSC is scanning all Internet-exposed devices hosted in the UK
The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.
The reason behind the scanning of all Internet devices is to assess the UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture.
“These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact,” the agency said.
“The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure, and track their remediation over time.”
NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (126.96.36.199 and 188.8.131.52).
The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet.
NCSC technical director Ian Levy explained that they are not trying to find vulnerabilities in the UK for some other nefarious purpose.
“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).
Data collected from these scans includes any data sent back when connecting to services and web servers, such as the full HTTP responses (including headers).
Requests are designed to harvest the minimum amount of info required to check if the scanned asset is affected by a vulnerability.
If any sensitive or personal data is inadvertently collected, the NCSC says it will “take steps to remove the data and prevent it from being captured again in the future.”
British organizations can also opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at firstname.lastname@example.org.
In January, the cybersecurity agency also started releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.
The NCSC plans to release new Nmap scripts only for critical security vulnerabilities it believes to be at the top of threat actors’ targeting lists.