Every day, malicious hackers use bots to scan internet devices for known vulnerabilities that they can exploit. The UK government is now taking a similar approach, but the vulnerability scanning is meant to provide both businesses and individuals with early warning of potential holes that the bad guys can crawl through.
The vulnerability scanning is being conducted by the National Cyber Security Centre (NCSC), and the government says that it is looking to avoid capturing personal information but will delete any that is inadvertently obtained. The scans are essentially the same as the basic service provided by many cybersecurity contractors, checking public-facing software versions for outdated installations known to be vulnerable in some way. The NCSC says that it will log the date and time of the scan along with the IP address, and may use the information to notify potential victims in serious cases.
Ambitious program looks to protect UK internet devices, boost national security
The NCSC advises that the scans will come from the URL “scanner.scanning.service.ncsc.gov.uk,” or two unique IP addresses (220.127.116.11 and 18.104.22.168). It also says that the general public should not suspect anything “nefarious” from the program and that it adheres to strict data minimization principles, but that it is possible that the scans could trip automated defenses and generate a warning notice.
There have been some concerns aired about the program, but the government is essentially doing for free what most companies pay for in a periodic vulnerability scanning service. The difference is that it appears this program will scan personal internet devices as well, though individuals will not necessarily be notified if vulnerabilities are found. Several other countries have previously launched similar programs, such as Norway, but the UK’s project appears to be the most comprehensive.
The average internet user can rest assured that basic vulnerability scanning of this nature is not capturing private communications or snooping on traffic; it is designed to simply query internet-connected systems as to what software they have accessible and what versions are running. This could include personal smart devices for home use, however.
Vulnerability scanning program seeks to promote cyber readiness
While the program appears to primarily be a public service, the UK government is looking to fortify national security and improve its own cyber readiness using data that it gathers from regularly scanning internet devices. This includes how long organizations tend to leave vulnerable software versions unpatched and what the most common and persistent vulnerabilities are.
The government has also said that it plans to make the vulnerability scanning program more “complex” over time, though it did not really elaborate on what that meant. However, it did say that it would issue public notices and test the involved tools prior to making any big new changes to the program. Anyone in the country is also able to opt out by sending a list of IP addresses that they want exempted to the NCSC.
More information about the future of the program is scheduled to be presented at the CYBERUK conference taking place in Belfast in April 2023.