Anyone can apply for exemptions
Parliament may be a circus, but the United Kingdom government isn’t all made up of incompetent hands — except for the ones who thought it’d be a good idea to store COVID-19 case data on Excel spreadsheets (it’s true, look it up). That should lend a sense of reassurance or dread, depending on what the given objectives are. Take the National Cyber Security Centre for your consideration: it has just launched a program that systematically scans every internet-connected device based in the nation as an intelligence-gathering method to survey current hacking threats and security preparedness.
The NCSC — which falls under the realm of the UK’s larger intelligence-gathering agency, GCHQ — launched its scanning program at the beginning of the month (via BleepingComputer). It entails making connection requests to servers and individual devices and logging any responses received along with the date, time, and the IP addresses involved. The Centre then analyzes responses to see if any reported software versions match those it has logged with reported vulnerabilities. The idea, with frequent scans, is to develop snapshots of how prepared the UK is against potential attacks.
In a blog post, Ian Levy, the NCSC’s departing Technical Director, wrote that the scans are similar to ones conducted by private cyber security firms. He also said to expect scans to increase in complexity over time and that the agency will have more to report in April during the CYBERUK conference. The Centre has published the IP addresses and the tied domain from which scans will originate — 18.171.7.246; 35.177.10.231, and; scanner.scanning.service.ncsc.gov.uk. Clients will see HTTPS requests tagged with an identifying header. Anyone can email the agency at scanning@ncsc.gov.uk to request certain IP addresses be exempted from scanning.
