Internet wires

NCSC scans UK internet to better understand the big security picture

The National Cyber Security Centre. (NCSC) has a new project underway, which involves scanning chunks of the UK’s internet for what may turn out to be vulnerable systems. The announcement reveals that this scanning plan is designed to help NCSC “understand the UK’s vulnerability to cyber attack”. With this, the NCSC hopes to try and understand some of the more common issues for business and, in turn, explain those issues to the organisations in question.

Scanning, but nicely

NCSC is a part of the UK’s Government Communications Headquarters, which you are more likely to recognise as GCHQ. As such, NCSC is being quite open with regard to scanning activity because you probably can’t say you’re scanning things under the umbrella of an intelligence agency without making some folks wonder what you’re up to.

For NCSC’s part, it says:

“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose. We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”

NCSC has developed some principles to presumably reassure anyone coming into contact with these scans. These include explaining purpose and scope of scanning activities, marking activity so it can be traced back to the scanning system(s), and minimisation of scans to try and reduce any impact on the scanned resources.

According to BankInfo Security, admins have the ability to opt-out from the scans by emailing their ip addresses to the agency. Personal information will also not be collected, and the two IP addresses used to make these connections are listed over on the scanning information page.

Why is this a good thing?

If you have cause for concern about your devices being scanned, that’s fair. However, pretty much everything you can think of is being constantly scanned, pinged, probed, and crawled on a regular basis. A lot of this is just how things work, and without these scans, many bits and pieces of the internet you use would start to degrade in performance.

NCSC routinely performs different forms of scans and takedown services in order to better understand the threats facing the public, whether at home or in the office. As an example, the NCSC takedown service was used in 2021 to better encourage system owners to take action against a Microsoft Exchange vulnerability. Data collected in relation to UK-based vulnerable servers is extremely valuable, and can ultimately be used to develop better engagement strategies for vulnerable organisations alongside more effective ways to patch.

If you run a network, you’ll know that patching can be very difficult to pull off correctly. Exposed and vulnerable systems are everywhere. If a Government agency is collecting large amounts of data with regard to the hottest threats of the moment, and ways to mitigate said threats, it can make things quite a bit more straightforward for you.

Other “spin-off” services often operate from inside of these Government umbrellas, doing everything from takedowns focusing on Government (and occasionally non-Government) spam and spoofing, to other forms of exploit exploration and shutdown.

Isn’t this rather unusual?

Not at all! In fact, similar programs operate across the world. For example, in the US the Cybersecurity and Infrastructure Security Agency (CISA) is an agency of Homeland Security. CISA releases an endless stream of advisories on every cybersecurity topic you can imagine. Apple security updates, industrial control system advisories, Firefox security updates…you name it, there’s a good chance that it’s covered.

If you’re a small business, it’s tricky enough ensuring that you have enough funding in the pot to cover all of the security bases. It’s even harder to keep up with the deluge of security issues and threats aimed at your organisation from all angles.

Is this week’s biggest concern a spear phishing campaign, or a nation state attack involving techniques you’ve never heard of? Could it be that your server is running an insecure version of your software which needs patching against a newly discovered critical vulnerability? Maybe the biggest problem this week is a smart social engineering attack focused on your accounts department.

Without research and projects such as the above from security-centric Government agencies, the uphill task tends to become a little bit steeper. If you’re on the fence about whether or not to allow these scans against your internet connected systems, consider how much extra work you’d have to do to come up with this big picture data. The simple fact of the matter is, you almost certainly wouldn’t be able to do it, and could well risk legal trouble if you got something wrong.

If NCSC is out there doing all of this shovel work on your behalf, at some point down the line this data will turn into a satisfyingly detailed report which you’ll be able to plug into your day to day activities and perhaps keep your network a little bit more secure than it was previously. This can only be a good thing.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Thank you!


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.