UK slashes cyberattack response time to just eight days
▼ Summary
– The UK government has launched a Vulnerability Monitoring Service (VMS) that continuously scans internet-facing systems of about 6,000 public sector organizations for cyber weaknesses.
– This service has drastically reduced the median time to fix critical vulnerabilities, cutting domain-related fixes from nearly two months to eight days and other types from 53 to 32 days.
– The Minister for Digital Government stated the service has transformed response times, reducing cyber-attack fix times by 84% and the backlog of critical issues by three quarters.
– As a next step, the government is introducing a Cyber Profession initiative to build long-term expertise, including a Cyber Resourcing Hub and a career framework aligned with professional standards.
– The Cyber Profession program, co-branded with DSIT and the NCSC, also plans a Cyber Academy, a new apprenticeship scheme, and structured career pathways to strengthen public sector cybersecurity.
The UK government has significantly accelerated its response to digital threats, slashing the time to fix critical cyber vulnerabilities from nearly two months to just eight days. This dramatic improvement is the result of a new Vulnerability Monitoring Service (VMS), a cornerstone of the government’s digital strategy. The system provides continuous, automated scanning of public sector networks, identifying weaknesses before they can be exploited by malicious actors. This proactive approach is essential for safeguarding essential services and sensitive citizen data from disruptive cyberattacks.
Operating under the Blueprint for Modern Digital Government, the service scans internet-facing systems across approximately 6,000 public sector bodies. It utilizes a combination of commercial and in-house tools to detect around 1,000 different types of security flaws. When a vulnerability is found, the system doesn’t just flag it; it automatically alerts the responsible organization, offers detailed guidance on remediation, and then tracks the progress until the issue is fully resolved. Officials report that this streamlined process allows them to process and close about 400 confirmed vulnerabilities every month.
Beyond domain-related flaws, the service has improved response times for other cyber weaknesses, reducing the median fix time from 53 days to 32 days. Ian Murray, the Minister for Digital Government, emphasized the real-world impact of these threats. He noted that cyberattacks directly cause delays in NHS appointments, disrupt vital public services, and jeopardize sensitive personal information. The 84% reduction in fix times and a 75% cut in the backlog of critical issues demonstrate how the VMS transforms the government’s defensive posture, moving from reactive patching to proactive prevention.
Looking ahead, the government is launching a complementary Cyber Profession initiative to build long-term expertise within the public sector. This program aims to strengthen overall cybersecurity capability by addressing talent recruitment and retention. A key component is the new Cyber Resourcing Hub, designed to streamline the hiring process for specialized roles. The initiative also establishes a clear career framework aligned with the standards of the UK Cyber Security Council, providing structured pathways for professional growth.
Further elements include plans for a government Cyber Academy to support ongoing training, a new apprenticeship scheme, and development programs to build internal skills. Dr. Richard Horne, CEO of the National Cyber Security Centre (NCSC), described the Cyber Action Plan as a crucial step in fortifying the nation’s public services. He stated that the Cyber Profession will help attract and retain top-tier talent with the advanced skills necessary to keep the UK secure online. This holistic strategy, developed in partnership with the Department for Science, Innovation and Technology and the NCSC, represents a sustained commitment to national cyber resilience.
(Source: HelpNet Security)
