GCHQ unveils schemes to help UK companies defend against cyber attack
Cyber Incident Response Scheme aims to boost infrastructure defences.
GCHQ has announced it is putting in place two incident response operations that could protect critical national infrastructure from hackers.
CESG, the Information Security arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), has been running pilot programmes of the initiatives since November 2012.
[This is] a great example of government and industry working together.
Following the success of the pilots, it was decided that a twin-track approach was needed to protect infrastructure critical to the UK as well as defending public and private sector organisations.
The first scheme is 'broad-based' and will be led by the Council of Registered Ethical Security Testers (CREST), the professional body representing the technical security industry. Endorsed by GCHQ and CPNI, it will focus on "appropriate standards for incident response aligned to demand from all sectors of industry, the wider public sector and academia."
The second scheme is a smaller and more focused Government run Cyber Incident Response scheme certified by GCHQ and CPNI responding to sophisticated, targeted attacks against critical national networks.
GCHQ said that the approach would help organisations under cyber attack to "source an appropriate incident response service tailored to their particular needs and allow GCHQ and CPNI to focus on the most challenging attacks."
"We know that UK organisations are confronted with cyber threats that are growing in number and sophistication," said cyber security minister Chloe Smith.
"The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help."
Industry figures have given their support to the scheme. Rob Cotton, chief executive of NCC Group said that this was a "a great example of government and industry working together to help improve standards of cyber security for businesses across the board."
"Having clear channels of help and support in place when the worst does happen will provide organisations with a massive boost, and also remove the confusion and panic in the immediate aftermath of a breach."
2021 Thales access management index: Global edition
The challenges of trusted access in a cloud-first worldFree download
Transforming higher education for the digital era
The future is yoursFree download
Building a cloud-native, hybrid-multi cloud infrastructure
Get ready for hybrid-multi cloud databases, AI, and machine learning workloadsFree download
The next biggest shopping destination is the cloud
Know why retail businesses must move to the cloudFree Download