How GCHQ plans to protect the UK from all-out cyberwar

As evidence of the increasingly central role cybersecurity plays in the UK, the National Cyber Security Centre (NCSC) is tightening its ties with law enforcement – announcing a new joint approach to how the country handles digital attacks.

The GCHQ-based NCSC has unveiled an extensive cyber incident framework, broadening existing guidelines around identified threats. The aim, according to the centre, is to create the most comprehensive picture of the cyber threats facing the nation.

Paul Chichester, the NCSC’s Director of Operations, said the new framework of six categories will “strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face”.

Some 800 “significant incidents” have been responded to by the NCSC since October 2016, which were dealt with under a classifying system of three categories. The new guidelines, developed in coordination with the National Police Chiefs’ Council and the National Crime Agency (NCA), expands that system to a total of six categories – ranging from attacks on individuals to full-scale national cyber emergencies. The table at the bottom of this article highlights the differences between categories.

“This is a hugely important step forward in joint working between law enforcement and the intelligence agencies,” said the National Police Chiefs’ Council lead for cybercrime, chief constable Peter Goodman.

“Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.”

Indeed, the framework is designed to make it clear which particular body is responsible for taking action for different levels of attacks, as well as what those bodies are supposed to be doing.

On the lowest end of the spectrum, for example, a Category 6 attack is defined as a localised incident on an individual, or “preliminary indications of cyber activity against a small or medium-sized organisation”. According to the guidelines, automated advice will be able to offer remote support with local police called on for an on-site response, as an exception.

As the categories get more serious, the NCA will become involved, then the NCSC. At the highest level, Category 1, ministers will give strategic leadership, along with cross-government coordination by the NCSC. This level is defined as an attack that “causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life”.

Speaking at a panel last year, the technical director for the NCSC, Ian Levy, said he was “reasonably confident” that a major attack will happen, and that organisations should be prepared.

“Sometime in the next few years we’re going to have our first – what we would call – Category 1 cyber-incident; one that will need a national response.”

The announcement about the extended framework comes at the close of the CYBERUK18 conference in Manchester, against a backdrop of increasing threats to UK business and infrastructure from cyberattacks. Yesterday, the NCSC’s annual report warned that UK firms are facing an acceleration of online threats, with particular attention to the vulnerabilities of the interconnected household devices.

Last year, parts of the NHS infrastructure were knocked out of action after its computers were infected with WannaCry ransomware. Security experts now believe the attack originated from North Korea.

Below is the full table of NCSC’s new framework.

Related Posts

How to Protect Yourself Against AirTags Used for Stalking How To Password Protect in Microsoft Excel How To Password Protect a Zip File in Windows How To Password Protect a PDF File on Any Device How to Password-Protect a Word Document How To Password Protect a Folder on a Mac 7 Excel Spreadsheet Problems and How to Solve Them What Is a VPN? How It Works and Common Uses Here’s How to Buy the Best VPN for Your Online Safety