The UK government announced that its new Vulnerability Monitoring Service (VMS), a centralized platform continuously scanning internet-facing public sector systems for known weaknesses, has sharply reduced the time to fix serious flaws and the backlog of unresolved issues.
The service, which monitors around 6,000 public sector organizations, has helped cut unresolved security issues by roughly 75% and reduced the median time to fix critical vulnerabilities from about 50 days to approximately eight days.
Officials said the VMS detects around 1,000 different types of weaknesses each month and provides specific guidance to agencies on how to remediate them. Alongside this capability, the government is launching a dedicated “Cyber Profession” initiative to recruit, train, and retain cybersecurity experts, including a Cyber Resourcing Hub and a Cyber Academy to support long-term defensive capabilities across the public sector.
The UK government said these efforts are designed to protect public services from cyber-attacks and strengthen national cyber resilience. The announcement outlined plans for structured career pathways aligned with Cyber Security Council standards and emphasized improved detection, prioritization, and response across departments.
Denis Calderone, CTO, Suzu Labs:
“Scanning 6,000 public sector organizations and cutting DNS fix times from 50 days to 8 is genuinely good news. Find it, assign it, track it, close it. That’s how vulnerability management should work. Worth noting though that the 84% number is specifically for domain-related issues. Other vulnerability types went from 53 days to 32, so closer to a 40% improvement. Still real progress, just not quite as dramatic.
“The part that should give everyone pause is that these vulnerabilities were sitting across the public sector for years and nobody knew. NHS trusts, legal aid, ambulance services. Turning on a scanner and finding this much is a win, absolutely, but it also tells you just how blind these organizations were before. You can’t fix what you can’t see.
“And this is why it kind of bugs me that the government exempted itself from the Cyber Security and Resilience Bill it’s putting on the private sector. You have to wonder what the numbers would look like if they pointed these same scanners at their own departments with actual legal obligations behind them.”
Rajeev Raghunarayan, Head of GTM, Averlon:
“Reducing median remediation time from roughly 50 days to single digits across thousands of public sector organizations is meaningful progress. It shows that when vulnerability management is treated as an operational priority, measurable improvements follow.
“At the same time, modern attack cycles move quickly. Even an eight-day exposure window can be significant. The real takeaway is not improved scanning alone, but operational follow through. Most organizations already have visibility into weaknesses. The challenge is translating findings into prioritized, accountable remediation and consistently shrinking the time between discovery and fix.”
Noelle Murata, Sr. Security Engineer, Xcape, Inc.:
“The UK government’s implementation of the Vulnerability Monitoring Service (VMS) marks a significant move from reactive patching to proactive, centralized security management for 6,000 public sector organizations. This initiative drastically reduces the average time to fix critical vulnerabilities from fifty days to just eight, effectively eliminating the window of opportunity that state-sponsored attackers and ransomware groups exploit for initial access. The focus on DNS vulnerabilities is a key strategic choice, as these frequently overlooked misconfigurations are the main method used for covert redirection and data interception.
“Complementing this technical solution is the new “Cyber Profession” initiative, which includes a Cyber Academy and a Resourcing Hub in Manchester, aiming to tackle the persistent skills shortage that has historically hindered public sector cybersecurity resilience. Crucially, the VMS approach reorients cybersecurity from a reactive “firefighting” mode to ongoing risk management. By combining this technical capacity with a structured “Cyber Profession” development program, the government is also addressing the human resource deficit that often undermines sustained resilience.
“While scanning tools are essential, they don’t resolve vulnerabilities on their own; skilled professionals and clear accountability are what truly fix them. Other governments would benefit from observing this model. This includes mandatory, continuous scanning of Internet-facing assets, coordinated centrally but executed by individual agencies. Talent development programs that establish cybersecurity as a viable career path can close security gaps more effectively than any regulation or budget increase.
“When governments treat patching speed as a national security metric, attackers lose their advantage: time.”
The UK government lately has been known to come up with some good ideas on the cybersecurity front. This is one of those good ideas because it forces those who are responsible for defending government networks to actually defend those networks in a way that reduces the attack surface.
Börje Ekholm opens Ericsson’s MWC 2026
Posted in Commentary with tags Ericsson on March 2, 2026 by itnerdHyperconnectivity driven by huge numbers of sensors, the expansion of AI into applications and devices, and the role of telecoms in national security was center stage in Barcelona today as Ericsson President and CEO, Börje Ekholm, got the company’s Mobile World Congress (MWC) 2026 program underway.
Ekholm said these three “fundamental forces” shaped this year’s Ericsson MWC event theme – Enter New Horizons – and are central to company demos, seminars, panel and round-table discussions, and customer meetings at the Fira Gran Via venue this week.
He said the AI surge and growth in the number of connected devices will drive high-performance connectivity demand as “everything will be connected.”
Ekholm said he was excited about the new era, which he said will also put demands on Ericsson.
Momentum in differentiated connectivity use cases – such as premium fixed wireless access, network slicing, and Network APIs – will also be in focus in Ericsson’s pavilion.
Ericsson’s event space will feature collaborations with more than 120 partners across the industry – comprising more than half of what Ericsson is showing in Barcelona this year.
Ekholm said this was evidence of how the new ecosystem is scaling.
Ekholm referenced the Network APIs-focused joint venture Aduna as an important example of bringing the industry together to form ecosystems to utilize the digital stack.
Ekholm said 5G Standalone would also influence the third ‘fundamental force.’
Ekholm was joined by special guests during the webcast: AT&T CEO, John Stankey, and Singtel CEO, Yuen Kuan Moon.
Stankey and Ekholm discussed the companies’ December 2023 deal aimed at helping the U.S. communications service provider to move to cloud-based architecture and pursue new revenue streams.
Stankey highlighted momentum in fixed wireless access and network slice uptake as being notable and agreed with Ekholm that 5G Standalone is central to the cloud-based and service-based architecture needed for new physical AI services and applications.
Stankey and Ekholm also addressed the importance of collaborating on network security, before discussing the fact that both AT&T and Ericsson celebrate 150-year anniversaries in 2026. While celebrating the landmark they also stressed the need to constantly innovate and think about what is coming next.
Ekholm and Yuen Kuan Moon also discussed the advantages of having 5G Standalone connectivity.
He also highlighted dedicated network slices as new revenue generation opportunities across security, factories, airports and seaports, saying offering applications and gaming network slices was also in focus.
Mobile World Congress Barcelona 2026 runs until March 5. Find out ore about Ericsson’s MWC activities vis this link.
Leave a comment »