CESG, the information security arm of GCHQ, has announced the companies that are going to be responsible for responding to and cleaning up some of the UK’s most serious cyber attacks.
Two schemes have been set up to help companies and those responsible for the UK’s national infrastructure better cope with the increasing challenges posed by cyber warfare.
CESG is working with the Centre for the Protection of National Infrastructure (CPNI), in collaboration with the Council of Registered Ethical Security Testers (CREST), the professional body representing the technical security industry.
The first scheme – Cyber Incident Response (CIR) - will deal initially with sophisticated, targeted attacks against ‘networks of national significance’, and will be supported by BAE Systems Detica, Context, Mandiant, MWR and SecureWorks.
Whilst a second scheme – Cyber Security Incident Response (CSIR) – is aimed at protecting against any other cyber attacks affecting both private and public sector organisations, and will initially be supported by BAE Systems Detica, MWR InfoSecurity, PwC and Verizon.
“The CSIR scheme gives the buying community confidence in the integrity and competence of the CREST certified companies they can turn to for help following an attack,” explains Ian Glover, president of CREST.
“I congratulate all of the companies that have now been accredited because it certainly hasn’t been a trivial, box ticking matter. The bar has to be set high if we are to ensure that cyber security incidents are dealt with properly and effectively.”
MPs on the Home Affairs Select Committee recently claimed that the UK is losing the war on online criminal activity and said that the government is too complacent in targeting cyber criminals. It has also been criticised for its vague response to some of the questions posed by January’s Defence Select Committee report on cyber-security.