UK Security Service Reduces Unresolved Vulnerabilities
▼ Summary
– The UK government reports a 75% reduction in its critical vulnerability backlog and an 87% improvement in cyber-attack fix times.
– This progress is attributed to a new Vulnerability Monitoring Service (VMS) that scans public sector assets and has cut average DNS vulnerability resolution time from two months to eight days.
– The VMS continuously scans 6,000 public sector bodies for around 1,000 different types of cyber vulnerabilities, alerting officials with clear guidance.
– A new government Cyber Profession initiative was launched to attract and develop talent through improved recruitment, training, and career pathways.
– The government’s Cyber Action Plan includes a £210m investment to improve cybersecurity standards and build long-term public sector resilience.
The United Kingdom has made significant strides in strengthening its public sector cybersecurity, reporting a dramatic reduction in both unresolved critical vulnerabilities and the time required to address cyber-attacks. Official figures indicate a 75% reduction in the backlog of critical vulnerabilities and an 87% improvement in cyber-attack fix times. This progress is largely attributed to the implementation of a dedicated Vulnerability Monitoring Service (VMS), which has slashed the average resolution time for serious security weaknesses from nearly two months to just over a week.
This specialized service, operated by the Department for Science, Innovation and Technology (DSIT), continuously scans approximately 6,000 public sector internet-facing assets. It utilizes a combination of commercial and proprietary tools to detect around 1,000 different types of cyber vulnerabilities. A primary focus has been on addressing Domain Name System (DNS) issues, which are particularly dangerous as they can allow malicious actors to redirect users to fake websites, steal sensitive information, or completely take services offline. Prior to the VMS, a flaw in a government DNS record could persist unnoticed for close to 60 days; the new system has reduced that exposure window to an average of eight days.
The VMS operates by not only identifying problems but also ensuring they are resolved. It automatically alerts the appropriate personnel with clear, actionable guidance on implementing a fix and then systematically tracks the progress until each vulnerability is closed. This end-to-end management has been crucial in tightening the UK’s digital defenses.
Alongside these technical improvements, the government is launching a major initiative to bolster its human cybersecurity resources. Minister for Digital Government Ian Murray has introduced the new government Cyber Profession initiative, developed in partnership with DSIT and the UK’s National Cyber Security Centre (NCSC). This program aims to attract and develop top-tier cyber talent through a multifaceted approach.
The initiative will feature a competitive employment package, a dedicated Cyber Resourcing Hub to simplify recruitment, and a well-defined career framework that aligns with UK Cyber Security Council standards. To build future capability, it will also establish a government Cyber Academy for training, introduce a new apprenticeship scheme, and create structured career pathways. The North West of England, leveraging Manchester’s expanding digital ecosystem and a forthcoming government Digital Campus, will serve as a primary hub for this growing profession.
These efforts are part of the broader government Cyber Action Plan, which launched in early 2025 with £210 million earmarked for improving cybersecurity standards across public services. Minister Murray emphasized the importance of these measures, stating that as public services innovate, they must also remain resilient against evolving threats. He described the Cyber Action Plan as a crucial step in building stronger defenses and noted that the new Cyber Profession initiative is designed to attract and retain the skilled professionals needed to keep the UK safe online.
(Source: InfoSecurity Magazine)
