Nova South
Show Hide image

NCSC and UK law enforcement launch new cyber attack guidelines

UK cyber breaches are being sorted into six detailed types of incident.

The National Cyber Security Centre (NCSC) and UK law enforcement have drawn up a new categorisation brief for cyber attacks that will help them to coordinate and streamline their responses depending on the nature of the incident.

The previous NCSC guidelines around cyber breaches – split into just three types of incident – have now been broadened to cover six detailed classifications instead.

A Category One attack on the new brief, for example, constitutes a “national cyber emergency”. This would necessitate strategic leadership from the Cabinet Office, tactical cross-government coordination by NCSC, working closely with the police.

A Category Three attack, meanwhile, is now considered a “significant incident” and relates to a large organisation or local government, or the delivery of essential UK services. The response to this sort of attack would be typically led by the NCSC itself.  

A more moderate Category Six breach or “localised incident”, however, relates to a cyber attack on an individual or preliminary indications of an attack against a small or medium-sized business. Category Six breaches may be handled by an online Automated Protect advice or a localised response by the police.

According to the NCSC, the move to the new framework, which is effective immediately, will improve consistency and speed in incident responses, making better use of resources and ultimately leading to more victims of cyber crime receiving support.

The NCSC, a dedicated arm of GCHQ, has dealt with more than 800 significant cyber attacks since October 2016, and the organisation’s director of operations Paul Chichester is confident that the more in-depth framework will only improve already elite security protocol.

Chichester said: “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.”

National Police Chiefs' Council Lead for Cyber Crime, Chief Constable Peter Goodman, added: “Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response. This is good news for the safety of our communities, business and individuals.”

The NCSC’s new framework covers cyber incidents in all aspects of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals.

Any cyber attack which may have a national-level impact, for instance, should be reported to the NCSC immediately. This includes cyber attacks which are likely to harm UK national security, the economy, public confidence, or public health and safety, such as the WannaCry ransomware attack on the NHS.

Depending on the incident, the NCSC may be able to provide direct technical support. The NCSC also provides comprehensive guidance and advice on its website for companies or individuals in need.

People or businesses suffering from a cyber attack below the national impact threshold should contact Action Fraud, UK’s national fraud and cyber crime reporting centre, who will respond in accordance with the new incident categorisation.

Rohan Banerjee is a Special Projects Writer at the New Statesman. He co-hosts the No Country For Brown Men podcast.

Show Hide image

Investing in a secure future

Increased training and investment in cyber security infrastructure are essential in the digital age.

It is easy to underestimate how crucial the internet is to our everyday lives. It has become an essential tool in the way we communicate with others and conduct business both at home and abroad. More than 1.6m people work in the digital sector or in digital tech roles in the United Kingdom and the internet continues to provide individuals and businesses with huge opportunities.

However, we know that criminals seek to exploit the many benefits of the internet for their own personal gain, often at great expense to others. The WannaCry ransomware attack, which hit the NHS as well as other organisations, highlights the seriousness of the threat and reinforces the need to properly protect ourselves online.

In the recent Cyber Security Breaches Survey 2017, just under half (46 per cent) of all businesses identified at least one breach or attack in the last year. Although it is difficult to put an exact figure on how much this cost the UK economy, it is likely to be in the billions.

We are also all too aware of attacks by hostile state actors who look to exploit the UK through intellectual property theft, in order to further their own interests and prosperity. We take these attempts to disrupt our national security very seriously.

That is why this the government set up the National Cyber Security Centre (NCSC), which provides cyber security at a national level. In its first year of being operational, the NCSC responded to 590 significant cyber incidents, more than 30 of which were sufficiently serious to require a cross-government response.

It is not just large organisations and our national infrastructure that are targeted by online criminals; individuals also face the daily threat of being scammed in their own homes. It is now the case that British citizens are 20 times more likely to be defrauded at their computer than mugged in the street.

It is a threat we all face. I strongly believe that we – individuals, businesses and the government – must play our own part to mitigate the risk and ensure that the internet is a safe and secure space for everyone. The government has legislated within the Serious Crime Act 2015 to create a new offence that applies where an unauthorised act in relation to a computer results in serious damage to the economy, the environment, national security or human welfare, or a risk of such damage occurring.

Legislating against online criminality goes some way to tackling the problem; however, close collaboration between the government, business and international partners is essential in combating the increasingly sophisticated attacks that the UK faces.

We work closely with the NCSC, which acts as a bridge between industry and government, providing a unified source of advice and the management of cyber-related incidents. It is at the heart of the government’s 2016 National Cyber Security Strategy, which is supported by £1.9bn of transformational investment to 2021.

Our law enforcement agencies across England and Wales also play a vital role in disrupting the activities of cyber criminals and bringing them to justice. They now operate as a single networked resource with the National Crime Agency (NCA) and Regional Cyber Crime Units using shared intelligence and capabilities. The NCA also has a dedicated Dark Web Intelligence Unit which targets those criminals who exploit hidden areas of the internet.

But we also want people to take their own preventative measures, so that they don’t become a target by criminals operating in the cyber space. We are running a series of campaigns and programmes which aim to encourage individuals and businesses to adopt more secure online behaviours.

Cyber Aware works with over 320 public and private sector partner organisations to encourage us all to take simple steps to protect ourselves online including using a strong, separate password for our email accounts and installing the latest software and app updates on our electronic devices.

The NCSC has also recently launched expert guidance on how small businesses can easily avoid common online breaches and attacks. Should organisations seek to improve their cyber security further, they can get certification through the Cyber Essentials Scheme.

To further support the efforts of SMEs in improving their cyber security, regional cyber crime prevention coordinators engage with businesses and members of the public to provide customised cyber security advice based on the latest technical guidance from the NCSC.

We must also look to the future – we now have a whole generation that have grown up immersed in tech. It is hugely important that we harness their talents and put them to good use rather than letting them wander down a path towards criminal online activities.

We must train and engage with the next generation of cyber security experts and is why the NCSC is taking a leading role in promoting a culture where science and technology subjects can flourish within the education system. Their CyberFirst programme identifies and nurtures young talent through a series of summer workshops and competitions. In addition, their CyberUK 2018 programme focuses on encouraging more women to enter into the technology industry, a sector that is largely seen as male-dominated.

There is a great effort across government and law enforcement to pursue online criminals, prevent
those that are headed on a path towards criminal activity, protect the public and prepare for the many threats we face online. We will continue to invest in law enforcement capabilities at a national, regional and local level to ensure agencies have the capacity to deal with the increasing threat from cyber crime.

However, this is not a threat that we can tackle alone. It is everybody’s responsibility, from top to bottom, to follow the guidance provided and increase their awareness of cyber security in order to create a safe space to communicate and conduct business online.