GCHQ Announces First Members in Dual-track Cybersecurity Schemes

Photo credit: Ministry of Defence
Photo credit: Ministry of Defence

The government-run Cyber Incident Response (CIR) scheme, which deals solely with sophisticated, targeted attacks against networks of national significance, has approved Context Information Security as a first supplier of cyber-incident response services to UK organizations that have suffered attacks from the most sophisticated criminal or state-sponsored threat actors.

The initiative provides UK government organizations, those providing critical national infrastructure and private sector companies that impact on the country’s economic well-being with access to government-accredited suppliers delivering the highest levels of experience, ability and integrity.

Context was one of only four companies involved in the CIR pilot scheme launched 12 months ago. It has had to pass further rigorous examinations of its cyber-incident response skills, experience and methodologies before being given approval by CESG and CPNI to carry out work on their recommendation as part of the full CIR scheme.

During the pilot, Context conducted cyber-incident response investigations for organizations across multiple sectors, including government, defence and aerospace, finance, law and the utilities. The work involved making substantial improvements to their cybersecurity posture through threat detection and response services as well as providing wider information security consultancy.

“We are delighted that Context’s experience in helping organizations defend themselves against targeted attacks has once again been recognized,” said Alex Church, technical director at Context. “Organizations notified of attacks by CESG or CPNI or those interested in getting expert cybersecurity advice about detection and mitigation now have a clear pointer to specialist support with the level of trust and quality-assurance delivered by the scheme.”

Meanwhile, the CSIR scheme has been set up for all other incidents affecting both private and public sector organizations. It’s run by the CREST non-profit group that represents the technical information security industry, and has announced that BAE Systems Detica, MWR InfoSecurity, PwC and Verizon UK Ltd. Have all met its stringent standards for recommended security vendor status.

CREST has worked with industry and government to define standards that companies providing CSIR services should have in place to protect client information. The CREST standard for the industry-led segment is the foundation for establishing a strong UK cyber incident response industry that is able to tackle the vast majority of cyber-attacks.

“The CSIR scheme gives the buying community confidence in the integrity and competence of the CREST-certified companies they can turn to for help following an attack,” explained Ian Glover, president of CREST, in a statement. “I congratulate all of the companies that have now been accredited because it certainly hasn’t been a trivial, box-ticking matter. The bar has to be set high if we are to ensure that cyber security incidents are dealt with properly and effectively.”

What’s hot on Infosecurity Magazine?