Skip to main content

GCHQ launches initiative to help organisations deal with cyber attacks

GCHQ has launched two cyber incident response schemes to help UK organisations and businesses deal with cyber attacks.

The initiative has been designed by the security arm of GCHQ along with the Centre for the Protection of National Infrastructure (CPNI), and the Council of Registered Ethical Security Testers (CREST).

The schemes will enable any organisation that may fall victim to cyber attack, from SMEs to multinational corporations, plus government and the wider public sector, to source an accredited incident response service through CREST. The most challenging attacks will be dealt with by GCHQ and CPNI.

Following a successful pilot launched in November 2012, it was determined that the wider operation should be split into two arms.

The first, an industry led scheme delivered by CREST and endorsed by GCHQ and CPNI, will provide organisations with a list of approved cyber attack response services that are qualified to deal with the aftermath of a particular attack.

The second will be a small government run scheme, certified by GCHQ and CPNI, which will deal with sophisticated, targeted attacks against "networks of national significance".

The CREST led segment will enable service providers to establish a track record and go on to apply for certification to deal with the most sophisticated cyber-attacks. It is hoped that the CREST standard will act as a foundation to establish a strong UK cyber incident response industry able to tackle the vast majority of cyber-attacks.

Chloë Smith, Minister for Cyber Security said: "We know that UK organisations are confronted with cyber threats that are growing in number and sophistication.

"The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help."