A new offering enabling public bodies to track, and address, potential security issues already has hundreds of adopters and is having a noticeable impact, according to DSIT’s digital government minister
A public sector monitoring service launched last year by the Government Digital Service is identifying and enabling remediation of more than100 “critical vulnerabilities” each month, a minister has claimed.
The Vulnerability Monitoring Service (VMS) – first rolled out last summer, when it was initially known as ‘Extended Monitoring’ – is offered for free to public sector bodies, who can register to take advantage of the service via the National Cyber Security Centre. According to the VMS’s website, the offering is designed to help “identify and respond to security vulnerabilities in… internet-facing digital services”.
The service has already enjoyed strong uptake and is having a noticeable impact on public sector resilience, according to digital government minister Ian Murray.
“Over 700 public sector organisations have now signed up to the vulnerability scanning service, with the service finding and helping fix over 100 critical vulnerabilities a month,” said.
The minister was answering a written parliamentary question from Conservative MP Wendy Morton, who in addition to enquiring about the impact of VMS, also asked about the current volume of legacy systems used throughout government and plans to address ageing tech platforms.
Related content
- New GDS-led cyber ops will be ‘more interventionist’
- Cross-public sector cyber duties moved into GDS
- GDS and Treasury monitor departments to prevent ‘diversion of funding earmarked for cyber and legacy’
“The most recent assessment of the scale of legacy systems across the public sector was conducted as part of the State of Digital Government Review [in January 2025], which found that 28% of public sector systems were identified as legacy IT,” Murray said. “Individual departments remain responsible for addressing their highest risk systems. While DSIT provides oversight, it does not hold central information on all these plans.”
The minister also addressed a query from Morton about support provided for departments to adopt secure by design approaches in the development of internal infrastructure and public-facing digital services.
“The Secure by Design approach provides delivery and project teams with clear principles and activities to follow to increase the cyber resilience and security of new and emerging systems, services and technology infrastructure,” Murray said. “A central DSIT team supports them through a community of champions, nominated by their respective organisation.”
