NCSC scanning Internet devices hosted in the UK — what you need to know?
NCSC — The United Kingdom's National Cyber Security Centre — is the government agency responsible for providing support and guidance regarding the country’s cybersecurity. And now a vital part of their mission includes scanning all Internet-exposed devices hosted in the UK for any weak points.
They want to map out the UK’s vulnerabilities to cyber-threats in order to get a bigger and more up-to-date picture of the vulnerability landscape, so that they can be better able to respond to any emergencies. Also, the goal is to help business owners understand where they are in terms of online security.
So, if your systems (all or just some of them) are hosted within the UK as well — read on to see what you should know about this, what your options are, and how you can prepare for the governmental scanning.
What is all the fuss about? 5 facts that you should know:
- As the NCSC claims, their mission is to make the UK the safest place to live and work online. That’s why they’ve decided to build a data-driven view of “the vulnerability of the UK”. They are focusing on the most common types of vulnerabilities that may have a particularly high impact on system security and stability.
- The scanning process covers all Internet-accessible systems that are hosted within the UK, and will be happening automatically, without first asking business owners for permission.
- How will the scans be performed? First, they will identify if there are any specific vulnerability-associated protocols and services that exist on a system, and they will do this by interacting with it in a way that any network client would. Then they will analyse the response received and detect any potential vulnerabilities.
- The NCSC’s activities will be performed using standard tools that run in a dedicated cloud-hosted environment. For all connections, they will only use two IP addresses (220.127.116.11 and 18.104.22.168) which are both assigned to scanner.scanning.service.ncsc.gov.uk. Plus, the governmental scanning probes will be identifiable (wherever possible, probably not in each case) as having originated from the agency, e.g., in the headers within HTTP requests. This will allow any company to easily detect these activities and choose to ignore them since they will know that they’re being performed by the UK government, and not by a cyber criminal.
- You can always opt-out — by contacting email@example.com and providing the agency with a list of IP addresses that you want to exclude from the scanning process, so that they can validate your request and remove them as soon as possible. Just remember that once you decide to do this, you will need to be proactive about notifying them — the UK government is not going to offer companies any forms to fill in right before they start doing their job.
Uncertainties and unknowns
- We don’t know what sort of tests are going to be performed, what exactly will be scanned, and how disruptive all of this will be. However, it really shouldn’t be disruptive at all. Most likely, only your IT/security department will notice any NCSC activities. Your processes and operations won’t be disturbed, and your business should run as usual.
- We don’t know if the NCSC will inform companies about any detected vulnerabilities. It would certainly be useful to receive this information so that those companies could make some quick fixes (and more advanced ones as well), but the official statement doesn’t mention this, so it could go either way.
- We don’t know if there will be any consequences waiting for companies with detected security issues. Again — probably not. Having problems with security is enough of a punishment for any organisation, and as long as you meet all the standards required by law and follow the official regulations — you should be safe.
As far as we know — scans like these shouldn’t cause any difficulties, whatsoever. Quite the opposite, the goal is to help increase corporate security — also on the national level due to the nature of the scans. CERT Polska (the Polish Computer Emergency Response Team) performs security scans as well, albeit on a much smaller scale.
It’s also worth mentioning that in order to ensure maximum security, the NCSC have already tested their scans beforehand in a controlled environment. And they seem to be quite similar to the scans that are run by commercial cybersecurity companies.
What you should do
- First and foremost, don’t panic. After all, this entire undertaking is aimed at preventing cyber threats and making online environments a safer place to operate for everyone, both on the business side and the client side.
- Secondly, be prepared. Your IT department can add the above-mentioned IP addresses to their known and trusted list, so that the government scanning won’t alert your security experts, and trigger any unnecessary responses.
- Thirdly, if you’re worried, recruit some external assistance. At Future Processing, we are here to help and guide you through this. Contact us and our specialists to find all the answers to any questions that have been bothering you. Our specialists will gladly put your mind at ease. We also offer Open Source Intelligence — a service which helps you figure out which of your IP addresses are going to be scanned. So, if it’s hard for you to navigate through your complex infrastructure — just get in touch with us and put your worries to rest.
As you can see, all of this scanning doesn’t really look that bad…. It’s just the new and unknown can still be a scary thing to face. However, once we do face it, more often than not, the result turns out to be either neutral or beneficial to us. And with a little bit of help from your IT partner — you will be ready for any scenario.