NCSC and UK law enforcement launch new cyber attack guidelines

UK cyber breaches are being sorted into six detailed types of incident.

Sign Up

Get the New Statesman's Morning Call email.

The National Cyber Security Centre (NCSC) and UK law enforcement have drawn up a new categorisation brief for cyber attacks that will help them to coordinate and streamline their responses depending on the nature of the incident.

The previous NCSC guidelines around cyber breaches – split into just three types of incident – have now been broadened to cover six detailed classifications instead.

A Category One attack on the new brief, for example, constitutes a “national cyber emergency”. This would necessitate strategic leadership from the Cabinet Office, tactical cross-government coordination by NCSC, working closely with the police.

A Category Three attack, meanwhile, is now considered a “significant incident” and relates to a large organisation or local government, or the delivery of essential UK services. The response to this sort of attack would be typically led by the NCSC itself.  

A more moderate Category Six breach or “localised incident”, however, relates to a cyber attack on an individual or preliminary indications of an attack against a small or medium-sized business. Category Six breaches may be handled by an online Automated Protect advice or a localised response by the police.

According to the NCSC, the move to the new framework, which is effective immediately, will improve consistency and speed in incident responses, making better use of resources and ultimately leading to more victims of cyber crime receiving support.

The NCSC, a dedicated arm of GCHQ, has dealt with more than 800 significant cyber attacks since October 2016, and the organisation’s director of operations Paul Chichester is confident that the more in-depth framework will only improve already elite security protocol.

Chichester said: “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.”

National Police Chiefs' Council Lead for Cyber Crime, Chief Constable Peter Goodman, added: “Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response. This is good news for the safety of our communities, business and individuals.”

The NCSC’s new framework covers cyber incidents in all aspects of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals.

Any cyber attack which may have a national-level impact, for instance, should be reported to the NCSC immediately. This includes cyber attacks which are likely to harm UK national security, the economy, public confidence, or public health and safety, such as the WannaCry ransomware attack on the NHS.

Depending on the incident, the NCSC may be able to provide direct technical support. The NCSC also provides comprehensive guidance and advice on its website for companies or individuals in need.

People or businesses suffering from a cyber attack below the national impact threshold should contact Action Fraud, UK’s national fraud and cyber crime reporting centre, who will respond in accordance with the new incident categorisation.

Rohan Banerjee is a Special Projects Writer at the New Statesman