#CYBERUK19: NCSC and ICO Clarify Roles to Assist Incident Response

Written by

The UK’s National Cyber Security Centre (NCSC) and regulator the Information Commissioner’s Office (ICO) have agreed to clarify their roles and improve coordination, in a move designed to make it easier for breached organizations to reach out to the right body.

At the CYBERUK conference in Glasgow yesterday, the two set out their distinct roles and responsibilities.

GCHQ body the NCSC is tasked with dealing with incidents of “national importance” and is on hand to help victim organizations in the immediate aftermath of an attack to better understand the incident.

Although it will encourage organizations to meet their requirements under the GDPR and NIS Directive, its free advice will be given confidentially, with no information shared with GDPR regulator the ICO without seeking consent first.

The ICO will then be on hand to help organizations take the right steps to mitigate any risks to individuals’ data, and ensure a proper investigation is set up and that legal responsibilities are met.

Both have agreed to share anonymized and aggregated info to better understand risk, and to amplify each other’s messages to provide consistent advice.

ICO deputy commissioner of operations, James Dipple-Johnstone, argued that organizations need to better understand what to expect if they suffer a breach.

“The NCSC has an important role to play in keeping UK organizations safe online, while our role reflects the impact cyber-incidents have on the people whose personal data is lost, stolen or compromised,” he clarified.

“Organizations need to be clear on the legal requirements when to report these breaches to the ICO, and the potential implications, including sizeable fines, if these requirements aren’t followed.”

Joseph Carson, chief security scientist at Thycotic, welcomed the NCSC’s commitment to confidentiality.

“Ensuring that businesses have trust with the government agencies so they can work with the NCSC during an ongoing cyber-incident when time is critical knowing it is the business’s responsibility to report the incident to the ICO,” he said.

“During a cyber-breach working with the NCSC can help the business potentially recover quickly and ensure it can be investigated, giving the business time to identify whether or not they are required to report the incident to the ICO.”

What’s hot on Infosecurity Magazine?