Cyber Incident Response (CIR) service
The National Cyber Security Strategy sets a strategic objective of making the UK more resilient to cyber attacks. Such attacks can vary in terms of persistence, sophistication and impact.
When an organisation has been attacked its most immediate concerns are likely to be:
- What action needs to be taken?
- Who has the proven knowledge and experience required to contain and eradicate the incident?
Drawing on the experiences of a CESG/CPNI pilot, there is a twin track approach for the provision of certified Cyber Incident Response services.
- A broad-based scheme focused on maintaining an appropriate standard for incident response, managed by an industry professional body, delivered by industry and endorsed by CESG and CPNI. Initially this scheme will be administered by the Council of Registered Ethical Security Testers (CREST): additional professional body-led schemes may be added should they emerge in future.
- A small focused Government run Cyber Incident Response (CIR) scheme certified by CESG and CPNI. Industry partners deliver services that are focused on responding to sophisticated targeted cyber attacks against networks of national significance.
Selecting a service provider
An organisation affected by a cyber incident should first decide which of the certified incident response schemes best fits their circumstances.
- Details of companies certified under the CESG/CPNI CIR scheme to deal with sophisticated targeted attacks against networks of national significance
Becoming a service provider
CESG and CPNI have endorsed the CREST Cyber Security Incident Response (CSIR) Scheme as having the necessary requirements and control mechanisms to ensure CREST certified companies are able to deliver effective cyber security incident response services. CREST certification is suitable for the vast majority of incidents affecting private and public sector customers and will allow the CESG/CPNI CIR scheme to concentrate on the most sophisticated attacks. Details of requirements and the application process for the CREST Scheme are available on the CREST website
The CESG/CPNI CIR Scheme is aimed specifically at organisations with proven expertise in investigating sophisticated, targeted attacks by highly skilled threat actors against networks deemed to be of national significance. Companies have been assessed against a set of specific requirements set jointly by CESG, GovCertUK and CPNI demonstrating amongst other things:
- A clear understanding of cyber threats and techniques, specifically those posed by highly skilled threat actors and related to networks of national significance.
- Evidence of methodology, track record and experience of full incident response lifecycle focused on sophisticated threat actors.
- An ability to develop tools and techniques.
- An understanding of (HM Government, wider Public Sector, HMG supply chain and Critical National Infrastructure) environments.
- Compliance with the HMG Security Policy Framework for use-storage of protectively marked material
- A secure company environment that is well protected against known threats and has sufficient instrumentation to detect a compromise.
There will be a phased introduction within 12-18 months of mandated Cyber Professional qualifications for service providers certified under both CESG/CPNI and CREST CIR Schemes.
At this stage CESG/CPNI do not plan to charge potential service providers to apply for or hold certification.
You can download the requirements for companies wishing to apply for certification under the CESG/CPNI CIR Scheme. The scheme is now open for applications.