DSIT Shields Thousands of UK Organisations from Cyber Threats

▼ Summary
– DSIT manages over half a million domains across thousands of UK government organizations, from parish councils to the NHS.
– DSIT advises non-expert staff by explaining vulnerabilities in terms of outcomes, like losing website access, rather than technical details.
– To scale its efforts, DSIT uses SIEM solutions and the NCSC portal to push vulnerability data that organizations can prioritize themselves.
– DSIT avoids overwhelming organizations by drip-feeding issues in stages and providing human support focused solely on fixing problems.
– Woodcraft emphasizes that doing basics correctly, such as patching and keeping systems up to date, is key to staying secure against rapidly emerging vulnerabilities.
The UK’s Department of Science, Innovation and Technology (DSIT) oversees security for over half a million domains spanning thousands of government organizations. These range from small Parish Councils to massive entities like the National Health Service (NHS) and its many subsidiaries.
Advising these diverse bodies on emerging cybersecurity vulnerabilities and remediation strategies presents a significant challenge, particularly as advanced AI models uncover weaknesses at an unprecedented pace. However, Nick Woodcraft, service owner for vulnerability monitoring at DSIT, emphasized that organizations don’t need deep technical expertise to stay secure. What matters most is receiving clear, actionable guidance on what to fix and how.
“When you come with a problem, rather than talking about the technology, talk about the outcomes,” Woodcraft said at Infosecurity Europe 2026 during a session titled ‘From Months to Days: How DSIT Is Rethinking Remediation at Scale’.
Simplifying vulnerability management is key. Woodcraft explained how DSIT has streamlined discussions around DNS vulnerabilities, for instance. A local council may not understand the technical specifics, but they grasp the consequence: if unresolved, they could lose access to their website.
“Most of the people we talk to are extremely competent at what they do, but they are not cybersecurity or vulnerability experts,” Woodcraft noted. “But when you explain this is what it is, this is what it means – that you could lose access to your website – they understand and appropriately prioritize it.”
With over half a million domains to protect, DSIT cannot provide hands-on support to every organization. Instead, the department has invested in scalable technology solutions like Security Information and Event Management (SIEM) systems and online portals.
“We can push everything we get into a SIEM, and they can prioritize it themselves,” Woodcraft explained. “The National Cyber Security Centre (NCSC) has a portal with early warnings, so we started pushing our data into there, where people might expect to find it, they see the data and trust it.”
DSIT also avoids overwhelming organizations with too many issues at once. Presenting a long list of problems can trigger defensiveness. Instead, Woodcraft’s team uses a drip-feed approach, gradually introducing issues and helping organizations resolve them step by step.
“We quickly found that if you discover 15 issues within an organization and we said that we had found 15 things, it gets their backs up and it’s too much information,” he said. “We started drip feeding stuff instead – we would gradually feed issues and help them fix it. We also have humans who were prepared to spend the time with them with the sole focus to get it fixed.”
Looking ahead to a post-Mythos era where AI-driven vulnerability discovery accelerates, DSIT is already planning how to keep organizations secure. Woodcraft stressed that mastering the basics remains the most effective defense.
“If we know to keep patching, to keep things up to date and to have the right processes in place, we’re not going to be in as much danger,” he concluded.
(Source: Infosecurity Magazine)



