The UK’s National Cyber Security Center, known as the NCSC, has initiated a testing phase for a new security offering called Proactive Notifications. This service is specifically designed to alert organizations within the country about security vulnerabilities that are currently present in their digital environment. The NCSC is working with the cybersecurity firm Netcraft to deliver this service. The foundation of the system relies on reviewing publicly available information and conducting extensive internet scanning to gather the necessary data.
The NCSC’s process involves identifying organizations that appear to be lacking essential security services or have detectable weaknesses. Once identified, the NCSC will reach out to these entities with specific, actionable recommendations for software updates that will address the unpatched vulnerabilities found. The advice may focus on specific, known issues referenced by a CVE number, or it could address more general security concerns, such as the use of outdated or weak encryption methods. The agency emphasizes that the scanning and subsequent notifications are strictly based on external observations, such as the version number of software that is publicly advertised, and that this activity is in full compliance with the Computer Misuse Act.
When an organization receives a notification, the NCSC highlights important security details about the communication to ensure its legitimacy. Emails sent as part of this service will always originate from an address associated with netcraft.com. Furthermore, these official communications will never contain any attachments, nor will they request any form of payment, personal details, or any other sensitive information. It has been reported that the initial pilot program for Proactive Notifications will concentrate on UK domains and IP addresses belonging to Autonomous System Numbers operating within the country.
However, the new service is not intended to be a comprehensive solution, as it will not cover every system or every possible vulnerability. Consequently, the NCSC strongly advises that organizations should not rely on Proactive Notifications as their sole source of security alerts. Instead, they are strongly encouraged to register for the NCSC’s pre-existing and more mature ‘Early Warning’ service. This established, free service delivers timely alerts about potential cyberattacks, emerging vulnerabilities, or other suspicious activity detected across a company’s network.
The Early Warning service functions by compiling public, private, and government cyber-threat intelligence feeds. It then cross-references this aggregated intelligence with the domains and IP addresses of organizations that have enrolled to pinpoint signs of active compromises. Proactive Notification, on the other hand, is designed to be triggered earlier, before any direct threat or compromise has been detected, when the NCSC merely becomes aware of a risk relevant to an organization’s configuration. Together, these two services are intended to form a layered approach to security: Proactive Notification aids in hardening systems and reducing the overall risk exposure, while the Early Warning service is positioned to catch any threats that still manage to slip through the initial defenses. The NCSC has not yet provided a timeframe for when the Proactive Notifications program will conclude its pilot phase and become available for wider deployment.
Reference:
