White shape | Hexiosec Logo

Scanning All UK Local Authorities - Our Work With The CCoE

Rob Stemp
2 October 2023
|
3 min Read
|
Rob Stemp

The mission

Our mission is to help protect citizens and businesses from cyber-attacks, and so we are delighted to have partnered with the Cyber Centre of Excellence (CCoE) to use Hexiosec ASM to measure and assess the cyber risk of all 382 local authorities across the UK.

The CCoE are very forward-looking and a fantastic resource for the public sector. From their website:

The Cyber Centre of Excellence (CCOE) is an initiative aimed at all local authorities and UK public bodies to help them stay abreast of cyber threats and give them access to military-grade protection at high street prices.

With the support of the CCoE we are excited to be able to bring our cutting-edge attack surface scanning technology to help UK local authorities.

The challenge

Having established a unified mission alignment, the next challenge was to explore how to efficiently, securely and logistically conduct scans of all 382 local authorities across England, Wales, Scotland and Northern Ireland, with the primary objective of assessing the External Attack Surface of each.

Fortunately the technically aspects were already well in hand since we’ve built Hexiosec from the ground up to be fast, thorough, and most importantly, to scale.

The execution

We began by compiling all the domains for each of the local authorities and councils, and categorising them into logical groupings.

Then, after we’d run the scans we exported the results and processed the data so it could be jointly analysed by the CCoE team and ourselves.

For the first time, we were able to gain a comprehensive national perspective on the external attack surface risk associated with all local authorities. This newfound insight revealed discernible trends, common areas of vulnerability, and geographical disparities.

The significance of both parties having access to the entire dataset, as opposed to mere summaries, cannot be overstated. It allowed us, with the CCoE, to perform granular trend analysis and identify areas requiring immediate attention and mitigation, enabling us to pinpoint the specific skills necessary for addressing these risks effectively.

With this invaluable data in hand, the next challenge was to determine a responsible approach for disclosing this information to the authorized personnel within each respective authority.

The outcome

The impact from the work has been overwhelming!

Local authorities and councils have been busy fixing issues and asking for the full report for their attack surface. CCoE have been travelling the country to inform and educate the local authorities on the results and showing them how they can protect themselves in the future.

We have implemented a tiered approach tailored to the unique circumstances of each local authority, comprising quarterly, monthly, weekly, and daily scanning frequencies. These intervals are determined based on the complexity of the IT landscape within each authority and the pace of technological change.

Our commitment to this mission remains steadfast, with Hexiosec continuing to provide the comprehensive dataset necessary to empower CCoE in extending its assistance to schools, health providers, and other sectors across the UK and beyond.

Read the blog from the CCoE

About Rob Stemp
Rob is one of our co-founders. He has 20 years' experience in Cyber Security, working across National Intelligence, Security, Defence and the Commercial marketplace. With a deep understanding of IT security architecture, systems engineering, technical leadership, information security, cyber security and battlefield cyber, Rob provides in-depth technical knowledge of both enterprise IT systems and cyber security best practice.
Rob Stemp