The Cyber Security Centre (CSC) provides essential advice, guidance, and practical support to enhance cyber resilience. As part of its mission to improve overall cybersecurity awareness, CSC has developed a Vulnerability Advisory Service. This service aims to raise awareness about critical vulnerabilities that could potentially leave individuals and organisations exposed to cybersecurity risks.
By conducting regular scans of publicly accessible IP address spaces, the CSC identifies vulnerabilities that could be exploited by malicious actors. These vulnerabilities are then communicated to the relevant equipment owners or, when not possible, to the associated service providers. The goal is to encourage the review and assessment of any potential risk, enabling timely and appropriate action to reduce the likelihood of compromise.
This proactive approach supports key objectives in national cybersecurity strategies, offering insights into how vulnerabilities might impact businesses or individuals and ensuring that potential risks are understood and addressed.
How the Service Works
The Vulnerability Advisory Service uses publicly available data to regularly scan and identify weaknesses in systems connected to the internet. When a vulnerability is found, the CSC notifies the responsible party, providing detailed information such as:
- The criticality score (CVE score)
- The affected IP address
- Relevant publicly available data on the vulnerability
While the vulnerabilities are identified based on public data and are accurate at the time of discovery, the information serves to guide organisations in formulating a risk-based response plan. The aim is to help prevent cyberattacks by addressing potential vulnerabilities before they are exploited.
Managing the Risks
We understand that organisations may have operational reasons for not immediately addressing a vulnerability, or they may already have other controls in place. Therefore, we recommend that businesses consult with their technology providers to develop the best risk management approach based on their specific circumstances. This ensures that each organisation can assess the level of risk posed and decide on the most appropriate course of action for their unique situation.