The National Technical Authority
for Information Assurance

New Cyber Incident Response scheme launched - PRESS RELEASE

Published on 07/11/2012

A NEW scheme that will provide access to companies certified to respond effectively to the consequences of cyber security attacks has been launched today by CESG, the Information Security Arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI).
Called Cyber Incident Response, the scheme will be a HMG quality-assured service provided by industry that organisations can turn to for assistance when they have suffered a cyber security incident.  Whilst the scheme is primarily aimed at the public sector and organisations forming part of the UK’s critical national infrastructure, it may also be of assistance to the wider private sector.
The pilot scheme includes four companies selected by CESG/CPNI to work in partnership, based on knowledge and experience, to provide response services. The companies are BAE Systems Detica, Cassidian, Context IS and Mandiant.
Cyber Incident Response builds on the “10 Steps to Cyber Security” which was launched by the Government in September and provides advice to business leaders on increasing cyber security within their own organisations. It also supports the delivery of the UK Cyber Security Strategy.
By taking this joint approach on response to cyber incidents, Government and industry will help to nurture and grow the emerging UK cyber incident response industry. This should set it on a growth path in terms of scale and expertise, which in turn will support the security and prosperity of the UK.
Chloë Smith, Minister for Cyber Security said:
"The growing cyber threat makes it inevitable that some attacks will get through either where basic security is not implemented, or when an organisation is targeted by a highly capable attacker.
‘Cyber Incident Response’ services provide access to organisations certified by CESG/CPNI to respond effectively to cyber incidents.  It builds on the ’10 steps to Cyber Security’ guidance on how to reduce the risk of vulnerability to attack. 
Together, GCHQ, CPNI, the incident response industry, and victims of cyber attack – can improve the cyber security of the UK; that is good for security, good for business and good for the UK’s prosperity."

Notes for Editors

The UK Cyber Security Strategy sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment.
“10 Steps to Cyber Security” was launched in September 2012, aimed at business leaders, describing the cyber security threat and providing advice on the basic measures to increase cyber security within their organisations.
Responding to cyber infiltration – In the event of a cyber attack compromising an organisation’s network, immediate action is required to contain, understand, and eradicate the incident. This may be accompanied by mandatory reporting actions where the compromise affects partner organisations such as customers and suppliers.
GCHQ and CPNI have unique knowledge and expertise in responding to cyber incidents. By using an approach similar to that established for penetration testing services for Government under the CHECK scheme it is hoped to grow the scale and expertise of the emerging UK cyber incident response industry.
About CESG - CESG is the UK Government's National Technical Authority for Information Assurance (IA) and is the Information Security Arm of GCHQ
CESG protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia
About GCHQ - GCHQ is one of the three UK intelligence agencies.  Further information can be found at:
About CPNI - CPNI is the government authority on protective security in relation to national security threat. It provides advice to businesses and organisations across the national infrastructure covering physical personnel and cyber security/information assurance.
About ‘Cyber Incident Response’ Service Providers

Four companies have been selected for the Cyber Incident Response pilot.  The following brief details have been provided by each of the four service providers for inclusion in this Press Notice.

BAE Systems Detica

Every day Detica helps global organisations manage cyber risk. Our dedicated incident response team can start investigating attacks within hours. We use specialist forensic tools and knowledge of attackers' methods to expose advanced malware and ensure successful business recovery.
Contact Details
Natasha Davies, Head of PR and Media, BAE Systems Detica
Tel: +44 (0)20 7812 4274
Mobile: + 44 (0)7787 297 831

Cassidian CyberSecurity has been delivering information assurance and cyber support to UK government and MoD for over 10 years.  As part of the EADS Group, they have a global reach supporting the business activities of this world leading aerospace and defence company.  Cassidian CyberSecurity’s expertise includes cyber incident response, network security monitoring, risk assessment.
Contact Details
Deborah Waddon (
Tel: 01633 715447    Mob: 07919 696443,
Secondary press contact Nelly Tartivel (
Context IS
Context is an independent, flexible, technically expert Information Security consultancy. We provide bespoke incident response services to organisations experiencing targeted attacks. We specialise in detecting, investigating, and mitigating breaches, whilst assisting clients with improving their defences against Cyber threats.
Contact Details
Peter Rennison (
Tel: 01442 245030    Mob: 07831 208109
Mandiant's products and services protect the world's most valuable data every day from targeted attacks. Mandiant's unique combination of intelligence, experience and technology equip organisations to find and stop advanced attackers that bypass their preventive defences.
Contact Details
Susan Helmick (
Tel: +1.703.224.3547