The UK’s National Cyber Security Centre (NCSC) has introduced a new initiative designed to protect organisations from cyber threats.
Working alongside Netcraft, the NCSC has launched the Proactive Notification Service, a groundbreaking program that identifies and alerts system owners about security vulnerabilities affecting their networks.
How the Service Works
The Proactive Notification Service operates by scanning publicly available information across the internet to identify organisations running outdated software with known security flaws.
When vulnerabilities are discovered, the NCSC sends targeted emails to the affected organisations, urging them to install critical software updates and security patches that can significantly reduce their exposure to cyber attacks.
The service uses Netcraft’s extensive internet monitoring capabilities to detect vulnerable systems.
The NCSC and Netcraft work together to identify which vulnerabilities should be included in the scanning process, ensuring the program focuses on threats that pose genuine risk to UK businesses and institutions.
“This coordinated approach reinforces the broader national effort to make the UK the safest place to live and work online,” according to the NCSC.
The service is a key component of the agency’s Active Cyber Defence strategy, initially deployed as a pilot program to evaluate its effectiveness and potential impact.
Organisations receiving emails from the Proactive Notification Service should verify their authenticity before taking action.
Legitimate notifications include specific characteristics: emails originate from a Netcraft.com address, are in plaintext, contain no attachments, and never request personal information or payment.
All scanning activities comply with the Computer Misuse Act, ensuring the NCSC operates within legal boundaries while protecting the nation’s digital infrastructure.
The service relies on external observations, such as publicly advertised software version numbers, to identify vulnerable systems without conducting intrusive network scanning.
The NCSC emphasises that while the Proactive Notification Service provides valuable guidance, organisations retain ultimate responsibility for their own security.
The service should not be considered the sole source of security information. Systems administrators must evaluate recommendations and determine appropriate remediation steps for their specific environments.
The NCSC also offers Early Warning, a complementary free service that notifies organisations of potential cyber threats before attacks occur.
By sharing information about their IT infrastructure with the Early Warning program, organisations receive tailored alerts about malicious activity targeting their networks, enabling faster response and reduced risk.
The launch of the Proactive Notification Service demonstrates the NCSC’s commitment to proactive defence rather than reactive response, shifting the cybersecurity landscape toward prevention and early intervention.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.