National Cyber Security Centre
Printable version

New Cyber Attack categorisation system to improve UK response to incidents

The NCSC and law enforcement are implementing a new cyber incident prioritisation framework.

  • NCSC and law enforcement to implement new cyber incident prioritisation framework
  • Existing system of three categories of incident broadened to six detailed classifications
  • Categorisation spans full range of incidents from national campaigns to personal attacks
  • Move reflects ever-strengthening partnership between law enforcement and the NCSC
  • Announcement comes on the final day of the NCSC’s flagship conference CYBERUK 2018

HACKERS wanting to harm the UK will be thwarted thanks to a step-change in how intelligence experts align with law enforcement.

The new, world-leading approach will see the National Cyber Security Centre (NCSC), a part of GCHQ, working hand-in-hand with law enforcement agencies to defend against the growing threat.

The NCSC has responded to more than 800 significant incidents since October 2016, and their incident responders will now classify attacks into six specific categories rather than the previous three.

The changes, which are effective immediately, will improve consistency around the incident response and better use resources – ultimately leading to more victims receiving support.

Paul Chichester, the NCSC’s Director of Operations, said:

“This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.

“The new system will offer an improved framework for dealing with incidents, especially as GDPR and the NIS Directive come into force shortly.

“Individual judgements will of course still be applied to respond to incidents as necessary.”

Information processed by the new framework will ultimately be used to generate the most comprehensive national picture to date of the cyber threat landscape, spanning the full range of incidents from national crises to cyber attacks on individuals.

The incident category definitions give increased clarity on response mechanisms for incidents by identifying what factors would happen to activate a specific classification, which organisation responds and what actions they would take.

National Police Chiefs' Council Lead for Cybercrime, Chief Constable Peter Goodman, said:

“This is a hugely important step forward in joint working between law enforcement and the intelligence agencies

“Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.

“This is good news for the safety of our communities, business and individuals.”

The framework encompasses cyber incidents in all sectors of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals.

Any cyber attack which may have a national impact should be reported to the NCSC immediately. This includes cyber attacks which are likely to harm UK national security, the economy, public confidence, or public health and safety.

Depending on the incident, the NCSC may be able to provide direct technical support. The NCSC also provides comprehensive guidance and advice on its website for companies or individuals in need.

People or businesses suffering from a cyber attack below the national impact threshold should contact Action Fraud, UK’s national fraud and cyber crime reporting centre, who will respond in accordance with the new incident categorisation.

Click here for full press release


Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre