GCHQ has announced it is putting in place two incident response operations that could protect critical national infrastructure from hackers.
CESG, the Information Security arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), has been running pilot programmes of the initiatives since November 2012.
[This is] a great example of government and industry working together.
Following the success of the pilots, it was decided that a twin-track approach was needed to protect infrastructure critical to the UK as well as defending public and private sector organisations.
The first scheme is 'broad-based' and will be led by the Council of Registered Ethical Security Testers (CREST), the professional body representing the technical security industry. Endorsed by GCHQ and CPNI, it will focus on "appropriate standards for incident response aligned to demand from all sectors of industry, the wider public sector and academia."
The second scheme is a smaller and more focused Government run Cyber Incident Response scheme certified by GCHQ and CPNI responding to sophisticated, targeted attacks against critical national networks.
GCHQ said that the approach would help organisations under cyber attack to "source an appropriate incident response service tailored to their particular needs and allow GCHQ and CPNI to focus on the most challenging attacks."
"We know that UK organisations are confronted with cyber threats that are growing in number and sophistication," said cyber security minister Chloe Smith.
"The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help."
Industry figures have given their support to the scheme. Rob Cotton, chief executive of NCC Group said that this was a "a great example of government and industry working together to help improve standards of cyber security for businesses across the board."
"Having clear channels of help and support in place when the worst does happen will provide organisations with a massive boost, and also remove the confusion and panic in the immediate aftermath of a breach."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Former GCHQ intern risked national security after taking home top secret dataNews A former GCHQ intern has pleaded guilty to transferring data from a top-secret computer onto his work phone.
-
Businesses must get better at sharing cyber information, urges former GCHQ chiefJeremy Fleming, the former head of GCHQ, has warned businesses face increasingly sophisticated cyber attacks on critical national infrastructure (CNI).
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
UK and US pledge to punish cyber criminals at annual meetingNews Intelligence and defence officials met at the annual forum to discuss approaches to cyber security for the years ahead
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
