The National Cyber Security Center (NCSC), the UK's cyber security authority, is launching a vulnerability scan that will examine all of the country's internet systems for cyber vulnerabilities. If something is found, the authority informs the companies and operators.
The authority in Great Britain informs that all systems in the country that can be reached via the Internet are subjected to a scan for cyber vulnerabilities. The rationale for this reads as follows: “As part of the NCSC mission to make the UK the safest place to live and do business online, we are producing a data-driven map of the UK's 'vulnerability'. This directly supports the UK Government's cyber security strategy in terms of understanding UK cyber risk. This will help us:
- a better understanding of the UK's vulnerability and security
- to help system owners understand their security posture in everyday life
- react to shocks (e.g. a widely exploited zero-day vulnerability)
Which systems should be scanned?
These activities cover all web-accessible systems hosted in the UK and vulnerabilities that are widespread or particularly important due to their high impact. The NCSC uses the data collected to provide an overview of the UK's exposure to security vulnerabilities once they are discovered and to track their remediation over time.
How is the verification carried out?
To determine if a vulnerability exists in a system, the existence of specific associated protocols or services is first determined. For example, the NCSC can determine the existence of a security vulnerability in version X of a commonly used web server software. If the vulnerability is then fixed in a later version Y, we can determine this by also determining the value “Version Y” in the response. By regularly repeating the inquiries, the NCSC provides an up-to-date picture of security vulnerabilities across the UK.
How to detect NCSC scanning?
All activities are performed according to a schedule using standard and freely available network tools running in a dedicated cloud-hosted environment. All connections are made using one of two IP addresses: 18.171.7.246 and 35.177.10.231. The IP addresses are also assigned scanner.scanning.service.ncsc.gov.uk with both forward and reverse DNS entries. Scanning probes also attempt to identify themselves as NCSC originating whenever possible by including appropriate headers in all HTTP requests.
More at NCSC.gov.uk