Out-Law News 2 min. read

Government endorses four businesses to help others respond to cyber attacks


Government agencies have launched a pilot scheme that certifies private security agencies as able to deal with cyber attacks. 

The pilot scheme is designed to help public sector organisations which have been attacked but is also open to the private sector.

Businesses and public bodies are being encouraged to contact 'Cyber Incident Response' (CIR) service providers if they are attacked.

Under the CIR scheme staff from four companies – BAE Systems Detica, Cassidian, Context IS and Mandiant – will be able to "provide response services" to companies that have been the target of cyber attacks based on their own "knowledge and experience". The companies have been accredited as CIR providers by the UK intelligence body GCHQ which announced the launch of the scheme earlier this week. The Centre for the Protection of National Infrastructure (CPNI) is also behind the scheme.

In its statement CPNI said that the new CIR scheme was currently in a pilot stage and would be expanded into a full service in spring 2013. It said that more companies will be able to apply to be listed as an accredited CIR provider under the full service scheme.

"The most immediate concerns for an organisation which has been subject to an attack are likely to be: what has happened, what action needs to be taken, and who has the proven knowledge and expertise required to investigate, contain and clean up the affected systems," CPNI said.

Under the pilot scheme CPNI said it hopes to "develop working practices" between it, the four accredited CIR service providers and GCHQ's information assurance arm CESG. It said it also hopes that new "eligibility criteria" will be developed and published under the pilot scheme "so that other interested companies can apply to be part of the full service from spring 2013."

"Whilst the scheme is primarily aimed at the public sector and organisations forming part of the UK’s critical national infrastructure, it may also be of assistance to the wider private sector," according to the GCHQ statement.

"By taking this joint approach on response to cyber incidents, Government and industry will help to nurture and grow the emerging UK cyber incident response industry. This should set it on a growth path in terms of scale and expertise, which in turn will support the security and prosperity of the UK," it said.

CPNI said that an "appropriate response" to a cyber attack include is "likely to include: determining the extent of the incident; working to ensure the impact is minimise; mitigating or removing the cause of the incident; producing an incident report to describe the scope of the problem, the technical impact, mitigation activities and an assessment of business impact; [and conducting an] impact assessment – where the incident affects partners or customers."

GCHQ said the CIR scheme builds on guidance published by the Government on cyber security protections earlier this year.

"The growing cyber threat makes it inevitable that some attacks will get through either where basic security is not implemented, or when an organisation is targeted by a highly capable attacker," Chloë Smith, Minister for Cyber Security said. "Together, GCHQ, CPNI, the incident response industry, and victims of cyber attack – can improve the cyber security of the UK; that is good for security, good for business and good for the UK’s prosperity."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.