UK cyber attack reporting set to be more streamlined

Government funding has been allocated to help streamline cyber attack reporting, according to the National Cyber Security Centre

Plans are under way to set up a single point for reporting cyber attacks in the UK to make it easier for organisations to doso, the National Cyber Security Centre (NCSC) has said.

In announcing a new cyber crime classification framework at  the CyberUK 2018 conference in Manchester, the NCSC said any cyber attack that may have a national impact should be reported to the NCSC immediately, while individuals or businesses suffering a cyber attack below the national impact threshold should contact Action Fraud, the UK’s national fraud and cyber crime reporting centre.

Paul Chichester, director of operations at the NCSC, clarified the statement, saying there has been no change in the guidance on reporting, but that the new classification system will help organisations to understand more easily the nature of the incident they are dealing with.

The new framework expands the cyber incident categories from three to six, outlining the impact of each category, who reponds to it and what they do.

The new categories of incident are: National cyber emergency, Highly significant incident, Significant incident, Substantial incident, Moderate incident and Localised incident.

“What we are trying to do with the new categorisation and guidance is give organisations more clarity to avoid any ambiguity,” Chichester told Computer Weekly.

“A key part of the work we are doing with law enforcement now and in the future will be to make it as clear as possible for citizens and business.

“In the coming year, we will be working with law enforcement to create a simpler way of reporting incidents and more victim-focused, so there is a single point to report to and the system will ensure that it gets to the right party, whether it is law enforcement or the NCSC.”

At present, said Chichester, there is already a behind-the-scenes capability to ensure that all reports are routed to the most appropriate teams, regardless of whether an incident is reported to the NCSC or Action Fraud.

Read more about cyber crime

“What we are going to do in the coming year is ensure that the front-facing part of that is equally slick and equally joined up,” he said.

Asked about organisations’ reluctance to report cyber attack incidents, Chichester said he has not seen that at scale. “There are obviously companies that are sometimes nervous, but our job as the NCSC is to reassure,” he said.

“We are not a regulator. We do not automatically report things that get reported to us. We want to build trust, but the vast majority of organisations are really open and transparent with us.”

However, Chichester said that in many cases, the NCSC is the first to approach organisations to inform them that they have been targeted by an attack.

“We do a lot of detection, so it is mainly us going to tell the victim that they have been compromised, and organisations are starting to recognise that if they don’t come to us, we are more than likely to find out about it eventually and go to them,” he said.

NCA technical director Ian Levy said the EU’s NIS [Network and Information Systems] directive will also help channel incident reporting. “Once it is introduced, operators of essential services will have a different set of incident reporting requirements, which will bleed out into wider industry,” he said.

Read more on Hackers and cybercrime prevention