The UK's National Cyber Security Center (NCSC) has confirmed that it is scanning all internet-connected servers in the country for potential vulnerabilities to assess where the country stands in terms of cybersecurity benchmarks.
The NCSC is using a cloud-based system to run the scanning tools, which will come from the domain scanner.scanning.service.ncsc.gov.uk. It will run "slowly increasing complexity" scans, similar to those typically performed by cybersecurity firms.
The agency's technical director, Dr. Ian Levy, stressed the importance of having reliable data to make informed decisions about cybersecurity. He referenced the Microsoft Exchange vulnerability that was made public in March 2021, and the information the NCSC obtained from the incident, as part of the rationale for conducting nationwide scans, noting that "understanding the risk to the UK from different types of vulnerability, accessed through different vectors in a timely manner, requires dedicated capacity.
Sensitivity and transparency
The NCSC says it only collects the minimum amount of user data to check for vulnerabilities, which includes full web address data, as well as "the time and date of the request and the IP addresses of the endpoints." source and destination termination."
It also promises that mistakenly collected personal data will be deleted and scanned in future scans will be prohibited. "We are not trying to find vulnerabilities in the UK for any other nefarious purpose," said Dr Levy.
The NCSC also says that it will be as transparent as possible with its processes. Its goal is to "publicly explain the purpose and scope of the scanning system" as well as audit its activity so that any reports of misconduct resulting from the scans can be dealt with effectively.
Users can also opt out of scanning servers they own by sending an email to scansc.gov.uk with a list of IP addresses they wish to exclude.