GCHQ unveils schemes to help UK companies defend against cyber attack

Cyber Incident Response Scheme aims to boost infrastructure defences.

GCHQ

GCHQ has announced it is putting in place two incident response operations that could protect critical national infrastructure from hackers.

CESG, the Information Security arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), has been running pilot programmes of the initiatives since November 2012.

[This is] a great example of government and industry working together.

Following the success of the pilots, it was decided that a twin-track approach was needed to protect infrastructure critical to the UK as well as defending public and private sector organisations.

The first scheme is 'broad-based' and will be led by the Council of Registered Ethical Security Testers (CREST), the professional body representing the technical security industry. Endorsed by GCHQ and CPNI, it will focus on "appropriate standards for incident response aligned to demand from all sectors of industry, the wider public sector and academia."

The second scheme is a smaller and more focused Government run Cyber Incident Response scheme certified by GCHQ and CPNI responding to sophisticated, targeted attacks against critical national networks.

GCHQ said that the approach would help organisations under cyber attack to "source an appropriate incident response service tailored to their particular needs and allow GCHQ and CPNI to focus on the most challenging attacks."

"We know that UK organisations are confronted with cyber threats that are growing in number and sophistication," said cyber security minister Chloe Smith.

"The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help."

Industry figures have given their support to the scheme. Rob Cotton, chief executive of NCC Group said that this was a "a great example of government and industry working together to help improve standards of cyber security for businesses across the board."

"Having clear channels of help and support in place when the worst does happen will provide organisations with a massive boost, and also remove the confusion and panic in the immediate aftermath of a breach."

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Neiman Marcus data breach hits 4.6 million customers
data breaches

Neiman Marcus data breach hits 4.6 million customers

4 Oct 2021
Indiana notifies 750,000 after COVID-19 tracing data accessed
data breaches

Indiana notifies 750,000 after COVID-19 tracing data accessed

18 Aug 2021
Pearson fined $1 million for downplaying severity of 2018 breach
data breaches

Pearson fined $1 million for downplaying severity of 2018 breach

17 Aug 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021