The National Cyber Security Strategy sets a strategic objective of enhancing national prosperity and national security by making the UK more resilient to cyber attacks. Such attacks can vary in terms of persistence, sophistication and impact.
There is a range of guidance to help organisations maintain cyber defences, such as CESG’s Good Practice Guides and ‘10 Steps to Cyber Security’, and information published on the CPNI website. There continue to be occasions where attackers successfully breach the corporate networks of organisations. This may be due to basic defences not being maintained adequately. However, it may also be due to the targeting and sophisticated techniques employed by determined, well resourced cyber attackers.
Where an organisation has been attacked, its most immediate concerns are likely to be:
What action needs to be taken and who has the proven knowledge and experience required to contain and eradicate the incident?
Drawing on experiences of a CESG/CPNI pilot running since October 2012, a twin track approach is being taken for certified Cyber Incident Response services:
- a broad based scheme managed by an industry professional body, endorsed by CESG and CPNI, and delivered by industry. This scheme focuses on appropriate standards for incident response aligned to demand from industry, the wider public sector and academia. Initially this scheme will be administered by the Council of Registered Ethical Security Testers (CREST): additional professional body-led schemes may be added should they emerge in future.
- a small and focussed Government-run Cyber Incident Response scheme certified by CESG and CPNI where industry partners deliver services focussed on responding to sophisticated, targeted attacks against networks of national significance. Organisations affected by such an attack should approach one of the CESG/CPNI certified CIR providers.
Certified service providers and end Service users should agree changes as part of Contractual arrangements.