What is the NCSC Early Warning Service?

 

Introduction

Imagine being able to receive alerts about potential cyber threats before they cause havoc for your organisation… With the source of those alerts being from the UK’s technical authority on cyber security – the National Cyber Security Centre… Imagine this service being free, with a quick and easy sign-up process… This is all possible – it’s called the NCSC Early Warning service!

In this article, we explore the free cyber security monitoring and alerting service by the National Cyber Security Centre (NCSC) – aimed at providing early warning for cyber security based threats. We look at the benefits of the service, explain how it works, and give advice on how to set it up and use it.

 

Resource

The National Cyber Security Centre (NCSC) is the UK’s leading authority on cyber security, dedicated to making the UK the safest place to live and work online. NCSC provides a range of services to help organisations protect themselves and react to cyber threats. One of their offerings is called ‘Early Warning’ and is aimed at providing notification about potential cybersecurity-related threats, such as malicious activity.

 

Benefits 

 

• Timely Alerts: Provides notifications about potential cyber threats as soon as they’re detected by the NCSC. This (early warning) can give more opportunity to review and remediate the situation, before it gets worse
• Reduced Risk: By receiving alerts about vulnerabilities and malicious activities, organisations can strengthen security controls and reduce the risk of a data breach
• Free and Easy to Use: It’s a free service that just requires sign-up. It’s also very easy to set up and use 
• Effective Communication: Having a point of contact aligned with the services means the (early warning) alerts will be sent to the correct person, who can then take action 
• Adds to Existing Security Controls: The Early Warning service can enhance and supplement the effectiveness of cyber security, by providing an additional layer of monitoring and alerting
• Compliance Support: By helping organisations identify and address vulnerabilities, the service can support compliance with UK data protection regulations and other legal requirements

 

 

Example Case Study

NCSC have provided a case study to support further insight into the benefits:

“A critical infrastructure owner within the UK with a large supplier footprint has been encouraging its providers to sign up for Early Warning. As a result, we were able to notify one of its suppliers of a web shell on its service, related to the 2021 Exchange vulnerabilities, even after initial checks and patching had taken place which failed to uncover the problem. Early Warning allowed us to provide timely notification to the victim to remediate this cyber attack. 

Without the Early Warning service, it is possible that an adversary could have remained hidden on this system, able to access information that neither the supplier nor our organisation would want to be exfiltrated.” 

Given the scale of the deployment of Microsoft Exchange, and the risk that this vulnerability posed, Early Warning represents a significant weapon in bringing compromises to the attention of system administrators.” 

 

How It Works

• As the UK’s cyber security agency, the NCSC receive a huge of data relating to cyber threats every day 
• These data feeds include data from open sources, commercial contacts, partners, and other areas
• The service monitors the IP addresses and domain names provided by an organisation and correlates the data to identify potential threats
• When a threat is detected, the service sends an alert to the designated contact of the organisation
• These alerts can include information about malicious software, vulnerabilities, and other suspicious activities 
• Signing up for the service doesn’t result in any extra scanning being required
• Monitoring and alerting is based on information the NCSC already have – it just requires a point of contact to receive notifications and act on the findings

 

Who’s Eligible to Use It

The NCSC has a mission to make the UK the safest place to work online. To support this, they offer the Early Warning Service to all UK-based organisations, regardless of size. This includes public sector bodies, private companies of all sizes, charities, not-for-profit organisations, educational institutions, healthcare providers, and local authorities. Thousands of organisations have already signed up. However, many thousands more are still eligible to join.

 

How to Get Started

1. Create a MyNCSC Account: First create a MyNCSC account (unless already holding one), by visiting the NCSC website (https://www.ncsc.gov.uk/section/active-cyber-defence/early-warning) and following the registration instructions
2. Register for the Service: Next, provide name and/or company number. This is then reviewed and approved by the NCSC
3. Reference Assets: Once registered and approved, setup and verify assets (domain names and IP addresses). Asset may also be detected automatically. Points of contact can be added
4. Review and Act on Alerts: Review and act on alerts relating to potential threats – these are received via email and through the MyNCSC portal. Alerts should be acted on promptly to mitigate any identified risks

 

What’s in There

• Assets: associated with the organisation, either configured or discovered
• Findings: generated from the lookup between organisational assets and NCSC threat data sets
• Members: Approved points of contact for each organisation 

 

How We Help

• At RB Consultancy Ltd – we support organisations in strengthening their cyber security posture
• NCSC Cyber Advisor certified – we’re proven to help organisations understand and implement technical controls
• NCSC Assured Service Provider – we meet the standards set by the National Cyber Security Centre (NCSC)
• IASME Assessor and Certification Body – we assess organisations and issue certificates for Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance 
• Consultancy – with ISO 27001 Lead Implementer certification, we help organisations implement Information Security Management System (ISMS) and associated controls

 

Conclusion – How NCSC Early Warning can support your organisation  

The Early Warning Service is provided by the NCSC – the UK’s national cyber security group. It’s a free tool to enhance cyber security posture and provide (timely) alerts about potential threats. By using this service, organisations can take proactive measures to protect their environment.

With cyber threats being increasingly sophisticated and pervasive, this free tool can be extremely valuable for organisations of all sizes. By leveraging the service, organisations can try to stay ahead of cyber threats and support the security and resilience of their digital assets. 

RB Consultancy Ltd empower organisations through cyber security. We can provide insight on how we use this service and the associated benefits. Contact Us for further information, advice, and guidance.

 

Information Sources 

NCSC Early Warning webpage and sign up: https://www.ncsc.gov.uk/section/active-cyber-defence/early-warning

Written by Remo Belisari, Managing Director of RB Consultancy Ltd, an experienced cyber security professional and cyber advisor. Remo holds certifications relating to CISSP, ISSAP, ISO 27001, Cyber Essentials, IASME Cyber Assurance, and has many years experience in IT and cyber security. Remo has a history of supporting organisations from over the world – including a Fortune 500 in USA and over 100 organisations across the UK. The views expressed in this blog are those of the author and do not necessarily reflect the views of RB Consultancy Ltd, its clients, partners, or affiliated organisations. The content is intended for general information only and should not be taken as legal advice.