Tools good, talk better: The UK government’s VMS uses a combination of commercial and proprietary scanning tools to detect vulnerabilities in internet-facing assets.But McKay cautions against drawing the wrong conclusion from the results.”Process, accountability and taking ownership for explaining why this matters to the resilience of the business is far more important than the technical tooling,” he said. “Building a robust prioritization approach and a strong trusted relationship with peer stakeholders responsible for doing the work of patching and applying fixes, matters far more than the specific tooling chosen.”The UK’s VMS alerts responsible organizations with “specific, actionable guidance” on each finding, rather than generating raw vulnerability feeds, and tracks progress until the issue is closed.The government cited DNS vulnerabilities as a specific example. Before the VMS, a weakness in a government DNS record could sit undetected for nearly two months. The service has closed that window to eight days.The statement also added that the service will expand to cover additional vulnerability categories, with fix times expected to fall further as it matures.The UK’s National Audit Office (NAO), however, flagged a challenge the VMS alone cannot fix.
The workforce challenge: Word of the success of VMS comes a month after the NAO reported that the cyber threat to government is “severe and advancing quickly,” concluding that resilience levels were lower than previously estimated, and determined the government would not meet its own 2025 cyber resilience targets. It identified skills gaps as the single biggest risk to building lasting cyber resilience.The government said the new Cyber Profession is a direct response to those findings. Co-branded with the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT), it will “establish a dedicated Cyber Resourcing Hub, a government Cyber Academy, an apprenticeship scheme, and structured career pathways” aligned with UK Cyber Security Council standards. Manchester will serve as the primary hub, the statement added.”The launch of the government Cyber Profession will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online,” NCSC CEO Richard Horne said in the statement.DSIT did not respond to requests for additional technical detail on the VMS by the time of publication.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4139509/vulnerability-monitoring-service-secures-public-sector-websites-faster.html
