NCSC launches Web Check for public sector sites

Cyber security monitoring service is already covering more than 1,200 websites for over 300 users

The National Cyber Security Centre (NCSC) has launched its Web Check service to help public sector organisations fix website threats.

Web Check screenshotThe plan was flagged up earlier this month as one of four measures to help public authorities to improve their cyber security, and following a series of tests the service has now gone live for anyone who manages websites for UK public sector bodies.

NCSC said that users provide their own watch list of URLs and the service provides a ‘quiet’ package of web scans, making few connections to a server than an average we user visiting a single page. These cover issues such as whether user data is protected, and if protective technologies such as HTTP strict transport security (HSTS) and content security policy (CSP) are in place.

It then generates reports with several groups of findings on what needs fixing and how to do so.

The number of users quickly increased from the 150 for the prototype version to more than 300, providing scans of 1,200 public sector websites.

“Web Check came about by listening to the experiences of local government with automated vulnerability scanning tools,” said the (unnamed) chief technology officer of NCSC Digital Government. “We see Web Check helping system owners find and fix common issues, letting them focus on trickier issues that only people can find.”

NSCS said it is looking at the possibility of extending the service to the private sector.

Image from GOV.UK, Open Government Licence v3.0