National Cyber Security Assessment Platform (NCAP)
The NCAP is a set of capabilities that can produce bespoke one off or regular and continuous vulnerability reports for the Critical National Infrastructure (CNI) of nation states. The simple to use dashboard presents data across a broad definition of CNI that can encompass standard areas, for example, Defence, Energy, Water, Agriculture, Food, Health, Financial Services, ICT, Transport and Government Facilities. It can be tailored to individual country needs, to reflect economic priorities, for example, tourism, culturally vital facilities, for example, Mosques and Holy Sites and politically salient issues, for example, Small and Medium Sized Enterprises. The presentation of these vulnerabilities can be used as a tool to support those who are working within these states on the enhancement of the protection of Critical National Infrastructure or to inform a national cybersecurity strategy if one does not exist.
NCAP allows users to perform specific searchers involving critical infrastructures, such as:
• Which industries, institutions and sectors are under greater risk?
• Which systems – national or regional – are vulnerable to a newly discovered zero-day vulnerability?
• How should the defence of CNI be prioritised?
NCAP is, in effect, a nationwide cyber security penetration test. It can create a DNS (Domain Name System) zone file for a specific country, gov.uk for example. From there it can scan any websites on that specific domain extension and provide a report on threats and areas for improving cyber defences. This is presented in a user-friendly graphical interface that will also produce reports and critical assessments of risk.
The system will also assess breached data and monitor this to discover if an account is vulnerable. NCAP collects open source data from websites that have been hacked in the past. This data is placed into a searchable database to allow checks on email addresses and domain names for breached data. We have over 7 billion accounts so far and are able to return data for most searches.
If sub-national level entities are part of CNI, then NCAP can perform automated penetration testing across any sector, for example, SMEs. This operates an online vulnerability scanner. Any user can enter the website address and a report will be produced recommending changes to secure the website against 99% of hacking vulnerabilities. A working website can be re-branded for a target country. NCAP can tailor this automated system for each country and help to secure any entity or sector of critical importance.