Defending a single server is often far more complex than people apreciate, defending a single organisation is significantly harder than a single server, defending a country… a much more complex challenge than I think people actually realise.

What is ACD?

According to the NCSC:

The aim of ACD is to “Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber attacks the majority of the time.” We do this through a wide range of mechanisms, which at their core have the ability to provide protection at scale. 

ACD is intended to tackle the high-volume commodity attacks that affect people’s everyday lives, rather than the highly sophisticated and targeted attacks, which NCSC deal with in other ways.

NCSC Active Cyber Defence

What is included?

The UK NCSC offer and run a range of Active Cyber Defence capabilities which include the following:

  • Takedown
  • Suspicious Email Reporting Service (SERS)
  • Mail Check
  • Web Check
  • Protective DNS
  • Exercise in a Box
  • Early Warning
  • MyNCSC
  • STAR (Subdomain Takeover Alerts and
  • Reporting)”
  • Routing and Signalling
  • National Telecoms Signal Monitoring Service
  • Host Based Capability (HBC)
  • Vulnerability Disclosure
  • Logging Made Easy (LME)
  • Cyber Threat Intelligence Adaptor (CTI Adaptor)
  • NCSC Observatory

A range of these services are for public sector only however a number of these are available for all orgs.

ACD has been running for 5 years, there’s a 5 year report from NCSC here


There’s a range of goverment provided cyber defence services, some of these are so handy such as Early Warning, SERS, TAKEDOWN and then we’ve got some of my faves is Vulnerability Disclosure and LME!

Go check out the NCSC ACD services, they are useful tools to improve and enable cyber defence for the UK.