Cyber Incident Response Scheme Launched – 13 Aug 2013

Two new schemes that provide access to industry expertise to respond effectively to the consequences of cyber-security attacks in the UK have been announced this week by CESG, the Information Security arm of Government Communications Headquarters (GCHQ), and the Centre for the Protection of National Infrastructure (CPNI).

These Cyber Incident Response schemes follow on from a successful pilot conducted by CESG and CPNI, launched in November 2012. Cassidian was one of the four organisations that participated in the pilot as expert service providers, considered successful enough to be expanded into these two new schemes.

The schemes have been launched in collaboration with the Council of Registered Ethical Security Testers (CREST), the professional body representing the technical security industry.

Andrew Beckett, Head of Professional Services at Cassidian CyberSecurity UK and Managing Director of Regency IT Consulting said: “We welcome the expansion of this initiative by the UK Government to support industry in dealing with cyber attacks – sophisticated or basic. The two schemes launched today will enable organizations of any size to seek appropriate expert support in responding to and minimizing the impacts of a cyber attack.

The two new CESG schemes will provide a list of government assured, certified providers of response and clean up services in the event of a cyber-attack.

The first, led by CREST, will take a broad approach, focusing on appropriate standards for incident response, aligned to demand from all sectors of industry, the wider public sector and academia.

The second will be a smaller government-run Cyber Incident Response scheme, certified by GCHQ and CESG, which will respond to more sophisticated, targeted attacks against networks of national significance.

Chloe Smith, UK Government Minister for Cyber Security said: “The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help.

This news story is also covered on the GCHQ website at: