Cyber Incident Response schemes have been launched in association with the Centre for the Protection of National Infrastructure, in collaboration with the Council of Registered Ethical Security Testers – the professional body representing the technical security industry.
The new CESG scheme will provide a list of government assured, certified providers of response and clean up services in the event of a cyber-attack.
The successful pilot in November 2012 concluded that the objectives of the National Cyber Security Strategy in providing greater resilience to Critical National Infrastructure companies, as well as wider public and private sector organisations, can be best met by adopting a complementary twin track approach for certified Cyber Incident Response services.
Jarno Limnell, director of cyber security for Stonesoft, a McAfee Group Company, said: "From a grassroots business level, IT departments should be working with employees to ensure that they understand the pitfalls of bad cyber-practice, but when a successful attack does occur it’s encouraging to see a framework in place to equip organisations with the tools to respond and remedy the aftermath.
"However, due to the nature of the internet and modern business, cyber crime doesn’t adhere to national boundaries. Other nations should look to the UK as an example of best practice for governmental-business cooperation, and this is the perfect opportunity for the UK to take the lead among European nations in building defence capabilities."
The first is a broad based scheme led by CREST and endorsed by GCHQ and CPNI, which focuses on appropriate standards for incident response aligned to demand from all sectors of industry, the wider public sector and academia.
The second is a small and focused Government-run Cyber Incident Response scheme certified by GCHQ and CPNI responding to sophisticated, targeted attacks against networks of national significance.
CREST, a not for profit organisation, has worked with industry and government to define standards that companies providing ‘Cyber Security Incident Response (CSIR)’ services should have in place to protect client information. CREST will audit the service providers against these standards and ensure compliance through codes of conduct.
The CREST standard for the industry-led segment will act as a foundation to establish a strong UK cyber incident response industry able to tackle the vast majority of cyber-attacks.
ChloĆ« Smith, minister for cyber security said: "I am delighted to announce a unique Government-Industry partnership to tackle the effects of cyber incidents. This scheme and others like it, together with the ’10 Steps to Cyber Security’ guidance for business launched last year, are an important part of our effort to provide assistance to industry and government in order to protect UK interests in cyberspace."
