The ACD 2.0 exploration into attack surface management represents the National Cyber Security Centre’s (NCSC) advanced initiative to evolve cybersecurity defenses for modern threats. Building upon the success of original ACD services, ACD 2.0 expands its scope by conducting rigorous experiments and trials focused on External Attack Surface Management (EASM).
This exploration aims to provide continuous, real-time visibility into an organization’s external attack surface. It tackles challenges such as discovering ephemeral cloud assets, third-party vulnerabilities, and brand impersonation risks. The approach integrates AI and automated workflows to detect, assess, and prioritize vulnerabilities rapidly.
Key outcomes from the ACD 2.0 exploration include:
-
Enhanced automated discovery of exposed internet-facing assets, including shadow IT and forgotten infrastructure.
-
Improved risk prioritization through behavioral analytics and real-world attacker data.
-
Stronger integration with Security Operations tools to speed up response and remediation.
-
Partnerships with industry players to innovate and scale effective defenses.
-
Transition plans to hand off mature services to private or government sectors for sustainable operation.
This pragmatic, collaboration-driven exploration is transforming attack surface management from reactive inventory tracking to proactive cyber-risk reduction, setting new standards for resilience in the face of evolving cyber threats.
This initiative underscores the importance of continuously adapting cybersecurity strategies using sophisticated technologies and partnerships to protect digital assets in today’s dynamic threat environment.
- https://www.ncsc.gov.uk/blog-post/active-cyber-defence-2-easm-update
- https://www.ncsc.gov.uk/report/acd-the-sixth-year
- https://www.linkedin.com/pulse/leadership-trends-understanding-ncscs-active-cyber-defence-atkinson-srvze
- https://www.timesofai.com/news/revolutionizing-cyber-security-the-future-of-active-cyber-defence-2-0/
- https://www.cypro.se/2025/01/22/acd-2-0-exploration-into-attack-surface-management-completed/
- https://www.cyberadvisoryservices.co.uk/uncategorized/acd-2-0-exploration-into-attack-surface-management-completed/
- https://www.redscan.com/news/ncsc-sets-out-plans-to-launch-advanced-cyber-defence-2-0/
- https://blog.crossborderboost.com/acd-2-0-insights-from-the-external-attack-surface-management-trials-2/
- https://www.linkedin.com/pulse/uks-national-cyber-security-centre-ncsc-reveals-f7iee
- https://industrialcyber.co/reports/ncsc-annual-review-2025-surge-in-ransomware-and-hacking-growing-gap-between-threats-and-national-defenses/