British Government Is Scanning All Internet Devices Hosted In UK

The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. The goal is to assess UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture. “These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact,” the agency said. “The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure, and track their remediation over time.”

NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231). The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet. “We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose,” NCSC technical director Ian Levy explained. “We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).” The NCSC says it will “take steps to remove [any sensitive or personal data] and prevent it from being captured again in the future.”

British organizations can opt out of having their servers scanned by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.