[BreachExchange] Cyber security agencies overhaul grading system for online attacks

[Audrey McNeil]

bhttps://guernseypress.com/news/uk-news/2018/04/11/cyber-
security-agencies-overhaul-grading-system-for-online-attacks/

Britain’s cyber security agencies have launched a major overhaul of how
they grade online attacks.

Incidents can now be classified in six categories, up from three under the
previous arrangements.

The system has been designed to bring greater clarity and consistency to
the response triggered when UK networks are targeted by hackers, online
fraudsters or hostile states.

Officials described the new approach as a “step change” in how intelligence
experts align with law enforcement to thwart hackers.

They said information processed by the new mechanism will ultimately be
used to generate the most comprehensive national picture to date of the
cyber threat landscape.

Paul Chichester, director of operations at the NCSC, said: “This new joint
approach, developed in partnership with UK law enforcement, will strengthen
the UK’s ability to respond to the significant, growing and diverse cyber
threats we face.

“The new system will offer an improved framework for dealing with incidents.

“Individual judgments will of course still be applied to respond to
incidents as necessary.”

The NCSC, which is part of intelligence agency GCHQ, has responded to more
than 800 “significant” incidents since it was established in October 2016.

Among the most high-profile episodes was the global “ransomware” outbreak
which affected dozens of NHS trusts in May last year.

Its incident category definitions give increased clarity on response
mechanisms identifying what factors would happen to activate a specific
classification, which organisation responds and what actions they would
take, the NCSC said.

A category one incident is a “national cyber emergency” which causes
sustained disruption to essential services or affects national security,
leading to severe economic or social consequences, or loss of life.

A “highly significant” incident which has a serious impact on central
government or a large proportion of the population would be classified in
category two.

Category three covers “significant” attacks, such as those that have a
serious impact on a large organisation or local government.

Substantial, moderate and localised incidents are logged in categories
four, five and six respectively.

These would include attacks on medium sized or small organisations, or
individuals.

Derbyshire Chief Constable Peter Goodman, the national policing lead for
cyber crime, said: “Sharing a common lexicon enables a collaborative
understanding of risk and severity that will ensure that we provide an
effective, joined-up response.

“This is good news for the safety of our communities, business and
individuals.”

Ollie Gower, deputy director at the National Crime Agency, said: “This new
framework will ensure we are using the same language to describe and
prioritise cyber threats, helping us deliver an even more joined up
response.

“I hope businesses and industry will be encouraged to report any cyber
attacks they suffer, which in turn will increase our understanding of the
cyber threat facing the UK.”

The new categorisation scheme will be announced at the CYBERUK conference
in Manchester.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180412/74e04ec7/attachment.html>