hilalabdullah - stock.adobe.com

NCSC expands Cyber Incident Response service more widely

The NCSC has added a level to its CIR programme to enable more cyber attack victims to take advantage of the service, which offers access to assured incident response specialists

The UK’s National Cyber Security Centre (NCSC) has announced an expansion to its Cyber Incident Response (CIR) scheme, introducing a second tier of service providers that will supposedly help more organisations provide incident response service to more victim organisations.

The well-established scheme is designed to help organisations experiencing a cyber attack quickly and easily identify trusted and assured incident response service providers, but up to now it has centred on assuring service providers that are set up to help government bodies, operators of critical national infrastructure (CNI) and regulated industries, which are at particular risk of sophisticated, targeted and complex attacks, often backed by countries hostile to the UK.

Going forward, these service providers will be designated as CIR Level 1 Assured Service Providers, and any organisation that has experienced a particularly sophisticated cyber attack is encouraged to approach such organisations.

However, with the addition of CIR Level 2 Assured Service Provider status, the NCSC hopes to be able to assist more private sector organisations outside of CNI sectors, as well as charities, local authorities and smaller public sector organisations.

To attain Level 2 status, service providers will be assessed as capable of supporting most organisations through the most common cyber attacks, including ransomware.

“Falling victim to a cyber attack is really stressful,” said Chris Ensor, NCSC deputy director of cyber growth. “Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world. For many years, we have Assured Cyber Incident Response services for organisations targeted by the most sophisticated threat actors.

“I am really pleased that we can now assure a similar service for any organisations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organisations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.”

Read more about the NCSC's work

One of the first organisations to have achieved Level 2 Assured status is Reading-based managed security services provider Bridewell, which has worked with clients including Gwent Police, Northern Gas Networks and Trainline.com.

Bridewell director of managed security services Martin Riley said: “It’s a testament to our team and a privilege to be one of the first organisations to achieve CIR level two. It continues to demonstrate our strength and capability within incident response and supports our journey to becoming level one. We look forward to supporting more organisations as we help them recover from incidents and provide guidance so they can defend against future threats.”

Other organisations that have already achieved Level 2 accreditation via Crest, an NCSC delivery partner for the scheme, include CYSIAM, LRQA Nettitude, NCC Group, Quorum Cyber and WithSecure.

Organisations that have fallen victim to a cyber attack should, as a first port of call, visit https://www.gov.uk/report-cyber to identify where they should report their incident.

Assured CIR providers can be found via the NCSC’s Find a Provider page, or the Verify Suppliers search on the NCSC website.

There are currently about 400 companies, including CIR-assured service providers, offering services on behalf of the NCSC, but the agency is open to on-boarding more, and is encouraging potential candidates to register their interest here.

Read more on Data breach incident management and recovery