The UK has launched a vulnerability scanning program that will monitor all internet devices in the country for any unpatched problems, with the aim of both enhancing national security and helping individual organizations to protect.
The vulnerability scanning program is conducted by the National Cyber Security Center (NCSC) and will check all Internet-connected devices in the country for software versions, looking for outdated installations with known vulnerabilities. The government says it will only log these software versions with date, time and IP address, but if personal information is inadvertently captured, it will be deleted.
Country-wide vulnerability scanning seeks to create continuous “snapshots” of cyber readiness
NSCS technical director Ian Levy said scanning for vulnerabilities is very similar to what private security companies often do to proactively uncover potential vulnerabilities and notify affected parties. In addition to providing a way to encourage potential victims to patch their internet devices before the bad guys reach them, the program provides a way to collect data for things like how long it takes most organizations to fix a serious vulnerability. once disclosed.
The new vulnerability scanning program will be linked to the existing early warning service, which was previously an opt-in program but did not actively scan participants. Now all internet devices in the country will be scanned, but it is possible to opt out by emailing the agency with a list of IP addresses to be exempted.
Levy also said that scanning for vulnerabilities would become increasingly complex over time, and that new public explanations would be released as new items were added to the process in the interests of transparency. The agency also promised regular audits and the ability to file abuse reports. Further details on future developments were promised at the CYBERUK conference in Belfast in April 2023.
Personal internet devices to include in scans
Organizations and individuals should expect to see scans from the scanner.scanning.service.ncsc.gov.uk URL and two IP addresses (18.104.22.168 and 22.214.171.124). The NCSC says it tests its tools and probes internally before scanning any internet device, and that it has no “negative” goals in mind. It indicates that the requests are designed to take the minimum amount of information possible to serve the purpose of vulnerability scanning. However, some people may see alerts related to these addresses if they have security software installed.
Vulnerability scanning is probably nothing that big companies don’t already do (or outsource to a security company). Small businesses that don’t have a substantial IT budget and don’t have the staff available to properly configure and secure internet devices will likely benefit the most from this program, as long as the government can find a way to make its system effective notification.
While there may be natural privacy issues in the news, vulnerability scanning doesn’t seem to be any different from what many threat actors routinely do to find exploitable flaws wherever they are. Shodan, a neutral tool that constantly scans the Internet, essentially performs the same function and is available to everyone.
David Maynor, Senior Director of Threat Intelligence, Cybrary, sees this as a positive development: “Organizations performing large-scale internet analytics are now commonplace thanks to tools such as Masscan. I think this is a positive sign that the UK government continues to improve its security. »
And Chris Vaughan (VP – Technical Account Management, EME, Tanium) agrees: “I expect the initiative to expand the government’s ability to report to the sector level, which will help minimize the impact of vulnerabilities. This will also allow NCSC to report security issues to system owners and hold them accountable for deploying patches in a timely manner. Despite these benefits, I know some people will be concerned about the privacy aspects of the exercise, so I think the NCSC was correct in stating that the scans are designed to collect minimal information needed to verify whether the scanned asset is affected by a vulnerability.”
“I welcome this development and hope it will achieve the same level of success seen in other countries that have launched similar programs like Norway. If it proves popular, don’t be surprised if the complexity of initial scans slowly increases,” Maynor added.
Natural concerns about government digitization activities
However, the mere fact that the word “scan” is involved could lead people who are unfamiliar with how vulnerability scanning is done (or the vast majority of the population) to mistakenly believe that this program is analyze internet traffic and capture things like private messages or location data. The problem is not solved by a plan which was proposed several months ago which called for the active scanning of all UK phones and internet devices on the client side for child abuse images, which has been supported and promoted by NCSC and GCHQ. This would have potentially required providers of mobile operating systems or social media apps to integrate technology to actively scan devices, with any reported images being passed on to child protection NGOs for review. The plan drew heavy criticism as it essentially proposed breaking end-to-end encryption and is still under government review. It was not the government’s first attempt to end end-to-end encryption using child abuse as a motivation, as it also came under fire for the early 2022 ‘No Place to Hide’ ad campaign run by the Ministry of the Interior.
The NCSC has made other efforts in recent times to help UK organizations scan for vulnerabilities and secure their internet devices, making available via Github scripts from the NMAP scripting engine that help users scan their own network at the looking for potential cracks for attackers to squeeze through. This is also an ongoing program, and the NCSC announces that it will release new NMAP scripts for critical security vulnerabilities that it believes threat actors will heavily target.
#Government #vulnerability #scan #internet #devices #begins #CPO #Magazine