The NCSC and their Role
The National Cyber Security Centre (NCSC) was founded in 2016 as part of the Government Communications Headquarters (GCHQ), the UK’s intelligence, security, and cyber agency. The NSCS is the result of a merger of several previous organisations including the Communications-Electronics Security Group (CESG). The NCSC manages major cybersecurity incidents in the government, provides guidance on security incidences and creates strong relationships within the cybersecurity community for the facilitation of information sharing.
The NCSC scanning strategy
The NCSC has announced that it will be scanning all internet accessible systems that are hosted in the UK for potential vulnerabilities. This comprehensive scanning will take place amidst the UK Cyber Security Strategy: 2022 to 2030. The purpose of this scanning strategy is to find vulnerabilities that could potentially have a high-risk impact. These scans will collect the minimum amount of data that is needed to conduct them.
The scans’ results will be used to create an overview of the vulnerability of internet accessible systems hosted in the UK. Ian Levy, Technical Director of the NCSC, stated in a recent blog post: ”One thing that’s missing in cyber security is unbiased data and evidence. Many of the active defence measures are intended to generate useful data that will help us all understand much better the reality of cyber-attacks and the efficacy of the various defences we’ll put in place over the coming years.”
Ian Levy describes the transparency of the scanning process and its underlying principles. These principles are to:
- Publicly explain the purpose and scope of the scanning system;
- Mark activity so that it can be traced back to the scanning system being used;
- Audit scanning activity so abuse reports can be easily and confidently assessed;
- Minimise scanning activity to reduce impact on target resources;
- Ensure opt-out requests are simple to send and processed quickly.
This is not the first time the NCSC have run scans. In 2021, following an announcement made by Microsoft regarding a vulnerability of its “Exchange” service, the NCSC Takedown Service, a mechanism to remove malicious websites and infrastructure, addressed this vulnerability.
It is worth noting that cyber criminals are already performing such scans. On average, there are about 1,500 active scanner IPs any given day, not including the legitimate scanning service providers.
How NCSC strategies will affect your company
The NCSC is scanning and storing any data that a service returns in response to a request. The date, time, IP address of the source and the IP address of the endpoint are also recorded. In its statement, the NCSC has promised to conduct scans in a safe and responsible manner. The number of scans run is limited in order to prevent disrupting the operation of these internet accessible systems.
The NCSC has announced that if it encounters personal data, it will remove it as quickly as possible and attempt to prevent it from happening again in the future. Technical Director Levy added that the NCSC strives to be as transparent as possible with regard to the scans. For individuals, however, it is possible to opt out of the scanning of websites they own or maintain. To opt out, an email that indicates any affected IP addresses must be sent to scanning@nscs.gov.uk. Queries about scanning activities can be sent directly to the NCSC. Note that if your company uses certain cloud services or Distributed Denial-of-Services (DDoS), it may not be possible to opt out, as your IP address will change and be shared with other service clients.
How HewardMills can support you
HewardMills can offer guidance on breaches and incidents, giving advice on how to prevent them and how to handle the consequences if a breach has happened already. HewardMills has available a range of Subject Matter Experts (SMEs) who specialise in a variety of subjects to assist you in preventing or mitigating any types of incidents or breaches.
