Skip to content
You can now search across every topic, entity and event.What's new
Cybersecurity: Threats and Defences
30APR

NCSC ships SilentGlass, its first commercial product

3 min read
08:16UTC

NCSC launched SilentGlass on 22 April: the first commercial hardware to carry NCSC branding, manufactured with Sony UK Technology Centre and licensed to Goldilock Labs.

TechnologyDeveloping
Key takeaway

NCSC adds a commercialisation lever in the same week UK cyber capability moved outside UK control.

The UK National Cyber Security Centre (NCSC) launched SilentGlass mid-week, the first commercial hardware product ever to carry NCSC branding 1. The device blocks HDMI and DisplayPort hardware-injection attacks, the physical-cable paths that bypass software defences entirely, and is already deployed in UK government high-threat environments. Sony UK Technology Centre at Pencoed manufactures the unit; Goldilock Labs holds the global commercial distribution licence.

The launch matters less for the device's specification and more for the policy template it establishes. NCSC has historically been an attribution and advisory body, not a commercial vendor; SilentGlass moves a piece of UK government intellectual property into the open market under licence. Goldilock Labs carries the channel and warranty exposure; Sony UK Technology Centre carries the manufacturing scale; NCSC keeps the IP rights. The structure means the commercial ramp does not require any new procurement or trading authority inside the agency.

NCSC's launch timing carries the political read. SilentGlass lands inside the same week as the Beazley Swiss acquisition and the Airbus absorption of Ultra Cyber, two transactions that move UK cyber capability outside UK consolidated control. NCSC simultaneously demonstrates that the public sector can monetise its IP into the commercial channel without ceding ownership. NCSC, fresh from co-signing the FSB Star Blizzard advisory with AIVD , now adds a hardware product line to the same agency footprint, with the UK Cyber Security and Resilience Bill baseline supplying the regulatory floor on which products like SilentGlass become procurement-defensible inside operator estates. For policy readers, the question is whether SilentGlass becomes a one-off press release or the first item in a recurring NCSC commercial pipeline.

Deep Analysis

In plain English

Hackers with physical access to HDMI or DisplayPort cables, the connectors between computers and screens, can inject malicious signals that bypass all software security controls. NCSC, the UK government's cybersecurity agency, developed SilentGlass to block that class of attack. Sony UK Technology Centre manufactures the device; Goldilock Labs sells it commercially. NCSC has deployed SilentGlass in UK government high-threat environments and licensed it to Goldilock Labs for sale to private-sector organisations.

What could happen next?
  • Precedent

    SilentGlass establishes a structure for NCSC and other GCHQ-adjacent bodies to license government-developed IP into commercial products without placing the government entity in the commercial product-liability chain.

  • Opportunity

    UK cyber product companies with technology adjacent to government-developed IP should evaluate licensing structures with NCSC, given that the SilentGlass model is now a demonstrated precedent.

First Reported In

Update #2 · FIRESTARTER puts Cisco below the patch line

NCSC UK· 30 Apr 2026
Read original
Different Perspectives
UK managed service providers and data centre operators
UK managed service providers and data centre operators
Newly brought into critical-infrastructure scope by the Cyber Security and Resilience Bill's Lords second reading, facing fines up to £17m or 4% of global turnover and a new near-miss reporting duty they did not previously carry. The sector moves from best-practice guidance to statutory exposure within this Parliamentary session.
Threat-intelligence industry
Threat-intelligence industry
SOCRadar's confirmation that one operator sits on two ransomware crews' negotiation panels, following Bitdefender's affiliate-overlap flag six weeks earlier, gives the sector its second independent data point that brand-based tracking undercounts shared access. The firms doing this work are shifting language from named-group attribution toward access-broker mapping.
FSB Centre 16
FSB Centre 16
Named by NCSC as running an SNMP-hijacking campaign against communications, energy, healthcare, defence and financial-services operators, harvesting device data and reconfiguring routers through a decades-old plaintext-authentication protocol. The campaign runs in parallel to, not in place of, the GRU's separate DNS-hijacking operation named in April.
CISA
CISA
CISA's Known Exploited Vulnerabilities catalogue added seven CVEs between 5 and 14 July, none from a headline security vendor, capped by the 18-year-old Cisco IOS bug CVE-2008-4128. BOD 26-04's risk-tiered listing rules make that slowdown as much a policy artefact as a threat-intensity read.
Nidec
Nidec
Nidec faces a $2m demand from Blackfield after the crew breached a server at its supplier Chaun Choung Technology rather than Nidec's own network. The attack reached Nidec's data without touching its own perimeter at all, the same supply-chain route World Leaks used against Tata Electronics.
Tata Electronics
Tata Electronics
Tata Electronics restricted remote access to its purchase-order systems and hired a forensic consultant after World Leaks posted 630GB of its files, including purported Apple and Tesla design material, to a leak site. The exposed value sits on its customers' balance sheets, not its own, which is what makes it hard to price.