A scheme that will provide access to companies certified to respond effectively to the consequences of cyber security attacks has been launched, by CESG, the Information Assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI).
Called Cyber Incident Response, the scheme is described as a Government quality-assured service provided by industry that organisations can turn to for assistance when they have suffered a cyber-security incident. While the scheme is mainly aimed at the public sector and organisations forming part of the UK’s critical national infrastructure, it may also be of assistance to the wider private sector.
The pilot scheme includes four companies selected by CESG/CPNI to work in partnership, based on knowledge and experience, to provide response services. The companies are BAE Systems Detica, Cassidian, Context IS and Mandiant.
Cyber Incident Response builds on the 10 Steps to Cyber Security which was launched by the Government in September and provides advice to business leaders on increasing cyber security within their own organisations. It also supports the delivery of the UK Cyber Security Strategy.
By taking this joint approach on response to cyber incidents, Government and industry will help to nurture and grow the emerging UK cyber incident response industry. This should set it on a growth path in terms of scale and expertise, which in turn will support the security and prosperity of the UK.
Chloë Smith, Minister for Cyber Security said: “The growing cyber threat makes it inevitable that some attacks will get through either where basic security is not implemented, or when an organisation is targeted by a highly capable attacker. ‘Cyber Incident Response’ services provide access to organisations certified by CESG/CPNI to respond effectively to cyber incidents. It builds on the ’10 steps to Cyber Security’ guidance on how to reduce the risk of vulnerability to attack. Together, GCHQ, CPNI, the incident response industry, and victims of cyber attack – can improve the cyber security of the UK; that is good for security, good for business and good for the UK’s prosperity.”
Background
The guidance “10 Steps to Cyber Security” was launched in September 2012, aimed at business leaders, describing the cyber security threat and providing advice on the basic measures to increase cyber security within their organisations. Visit – http://www.bis.gov.uk/news/topstories/2012/Aug/cyber-security-for-business
Cassidian CyberSecurity, a division of EADS, says that cyber attacks may include new techniques not previously seen, zero day attacks, innovative attack combinations and especially persistent threat attacks.
Cassidian CyberSecurity says it offers a full Incident Response and Remediation support service to help organisations recover from cyber attacks, including, where it is possible, identifying stolen data and compromised assets.
