View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 13, 2013

New Cyber Incident Response scheme from GCHQ

Cyber security attacks can now be responded to with industry expertise thanks to CESG, the information security arm of GCHQ.

By Claire Vanner

Cyber Incident Response schemes have been launched in association with the Centre for the Protection of National Infrastructure, in collaboration with the Council of Registered Ethical Security Testers – the professional body representing the technical security industry.

The new CESG scheme will provide a list of government assured, certified providers of response and clean up services in the event of a cyber-attack.

The successful pilot in November 2012 concluded that the objectives of the National Cyber Security Strategy in providing greater resilience to Critical National Infrastructure companies, as well as wider public and private sector organisations, can be best met by adopting a complementary twin track approach for certified Cyber Incident Response services.

Jarno Limnell, director of cyber security for Stonesoft, a McAfee Group Company, said: "From a grassroots business level, IT departments should be working with employees to ensure that they understand the pitfalls of bad cyber-practice, but when a successful attack does occur it’s encouraging to see a framework in place to equip organisations with the tools to respond and remedy the aftermath.

"However, due to the nature of the internet and modern business, cyber crime doesn’t adhere to national boundaries. Other nations should look to the UK as an example of best practice for governmental-business cooperation, and this is the perfect opportunity for the UK to take the lead among European nations in building defence capabilities."

The first is a broad based scheme led by CREST and endorsed by GCHQ and CPNI, which focuses on appropriate standards for incident response aligned to demand from all sectors of industry, the wider public sector and academia.

The second is a small and focused Government-run Cyber Incident Response scheme certified by GCHQ and CPNI responding to sophisticated, targeted attacks against networks of national significance.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

CREST, a not for profit organisation, has worked with industry and government to define standards that companies providing ‘Cyber Security Incident Response (CSIR)’ services should have in place to protect client information. CREST will audit the service providers against these standards and ensure compliance through codes of conduct.

The CREST standard for the industry-led segment will act as a foundation to establish a strong UK cyber incident response industry able to tackle the vast majority of cyber-attacks.

Chloë Smith, minister for cyber security said: "I am delighted to announce a unique Government-Industry partnership to tackle the effects of cyber incidents. This scheme and others like it, together with the ’10 Steps to Cyber Security’ guidance for business launched last year, are an important part of our effort to provide assistance to industry and government in order to protect UK interests in cyberspace."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.