National Cyber Security Centre
New Cyber Attack categorisation system to improve UK response to incidents
The NCSC and law enforcement are implementing a new cyber incident prioritisation framework.
- NCSC and law enforcement to implement new cyber incident prioritisation framework
- Existing system of three categories of incident broadened to six detailed classifications
- Categorisation spans full range of incidents from national campaigns to personal attacks
- Move reflects ever-strengthening partnership between law enforcement and the NCSC
- Announcement comes on the final day of the NCSC’s flagship conference CYBERUK 2018
HACKERS wanting to harm the UK will be thwarted thanks to a step-change in how intelligence experts align with law enforcement.
The new, world-leading approach will see the National Cyber Security Centre (NCSC), a part of GCHQ, working hand-in-hand with law enforcement agencies to defend against the growing threat.
The NCSC has responded to more than 800 significant incidents since October 2016, and their incident responders will now classify attacks into six specific categories rather than the previous three.
The changes, which are effective immediately, will improve consistency around the incident response and better use resources – ultimately leading to more victims receiving support.
Paul Chichester, the NCSC’s Director of Operations, said:
“This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.
“The new system will offer an improved framework for dealing with incidents, especially as GDPR and the NIS Directive come into force shortly.
“Individual judgements will of course still be applied to respond to incidents as necessary.”
Information processed by the new framework will ultimately be used to generate the most comprehensive national picture to date of the cyber threat landscape, spanning the full range of incidents from national crises to cyber attacks on individuals.
The incident category definitions give increased clarity on response mechanisms for incidents by identifying what factors would happen to activate a specific classification, which organisation responds and what actions they would take.
National Police Chiefs' Council Lead for Cybercrime, Chief Constable Peter Goodman, said:
“This is a hugely important step forward in joint working between law enforcement and the intelligence agencies
“Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.
“This is good news for the safety of our communities, business and individuals.”
The framework encompasses cyber incidents in all sectors of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals.
Any cyber attack which may have a national impact should be reported to the NCSC immediately. This includes cyber attacks which are likely to harm UK national security, the economy, public confidence, or public health and safety.
Depending on the incident, the NCSC may be able to provide direct technical support. The NCSC also provides comprehensive guidance and advice on its website for companies or individuals in need.
People or businesses suffering from a cyber attack below the national impact threshold should contact Action Fraud, UK’s national fraud and cyber crime reporting centre, who will respond in accordance with the new incident categorisation.
Latest News from
National Cyber Security Centre
Alert: Mass credential harvesting phishing campaign active in the UK18/10/2019 16:23:00
The NCSC is investigating an automated, ongoing, widespread credential-harvesting phishing campaign currently affecting the UK
New-look CyberFirst Girls Competition goes regional17/10/2019 09:15:00
The introduction of regional semi-finals give girls the opportunity to test their cyber skills against those of local rivals for the first time.
Surge in female applicants for cyber security courses08/10/2019 15:51:00
The NCSC has revealed new figures highlighting an increase in the amount of girls applying for cyber security courses.
Advisory: Exim mail server vulnerabilities07/10/2019 12:10:00
Hundreds of UK organisations at risk of compromise due to Exim mail server vulnerabilities
UK and Singapore sign IoT security pledge04/10/2019 11:15:00
Ciaran Martin explains why he is so pleased to have signed an agreement to strengthen the partnership between the UK and Singapore on the security of internet-connected devices.
Vulnerabilities exploited in VPN products used worldwide03/10/2019 16:15:00
APTs are exploiting vulnerabilities in several VPN products used worldwide.
First threat assessment for universities produced by the NCSC19/09/2019 09:15:00
The NCSC has published a threat assessment aimed at supporting universities.
Declassified: cyber security recruitment fair takes to the road16/09/2019 08:20:00
CyberFirst bursary students shown the varied career opportunities within the cyber security community.