NCSC: New Categorization Framework Will Improve Cyber-Response

Written by

A new cyber-incident categorization framework will help government agencies and law enforcers collaborate and respond to attacks more effectively, the National Cyber Security Centre (NCSC) has announced today.

The GCHQ body made the launch at its flagship conference CYBERUK 2018 in Manchester today.

It said the new framework would expand attack categories from the previous three to six, improving consistency, and ensuring better use of resources and improved collaboration between the likes of the NCSC, National Crime Agency (NCA) and police.

“This is a hugely important step forward in joint working between law enforcement and the intelligence agencies,” said National Police Chiefs' Council lead for cybercrime, Peter Goodman.

“Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response. This is good news for the safety of our communities, business and individuals.”

The new framework ranks incidents from category one – a national cyber-emergency requiring immediate cross-government coordination – down to category six – a localized incident on an individual or SME which only requires automated protection advice or a local police response.

The NCSC claimed that any online attack which may have a national impact should be reported to it immediately. According to the new framework that means a category 1-3 incident.

Anything below that “national impact threshold” should be reported to Action Fraud.

The NCA is likely to be involved in most categories of incident except six, whether leading the response or coordinating with local police and regional organized crime units (ROCUs).

The NCSC claimed it has responded to more than 800 “significant” incidents since its inception in October 2016. These are either category two or three according to the new framework, having a serious impact on central or local government, UK essential services, a large proportion of the UK population, the UK economy or a large organization.

“This new framework will ensure we are using the same language to describe and prioritize cyber threats, helping us deliver an even more joined up response,” said NCA deputy director, Ollie Gower.

“I hope businesses and industry will be encouraged to report any cyber-attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK.”

It’s unclear whether the new framework has come about as a result of the NIS Directive, but the new EU rules introduced from early May will certainly force member state governments to lead a more coordinated and effective response to major cyber-incidents.

What’s hot on Infosecurity Magazine?