The National Cyber Security Centre (NCSC), the public face of UK spy agency GCHQ, has released a new framework for ranking cyber attacks in an effort prepare ministers, agencies and law enforcement for a major attack.
NSCS boss Ciaran Martin in January said the UK would be lucky not to have suffered a “category 1” attack by the of the decade. When it happens it will be important to “cauterise the damage”, he said.
The new framework is a high-level manual for emergency procedures, as well as less severe events, detailing the roles and responsibilities of ministers and cabinet, down to the NCSC, the National Crime Agency, and regional and local police.
“This is a hugely important step forward in joint working between law enforcement and the intelligence agencies," said chief constable Peter Goodman, the National Police Chiefs' council lead for cybercrime.
A category 1 attack, a national cyber emergency, must disrupt essential services and impact national security, or cause severe economic, social impacts, or loss of life. This is the only category ministers and cabinet must be strategically involved in, though they may be called upon in a category 2 incident.
NCSC classified May’s WannaCry attack that impacted dozens of NHS hospitals as a category 2 attack — the most serious event of 2017 for the UK — because there was no risk to life. As outlined in a report yesterday, NCSC responded to 34 incidents in the same category as WannaCry last year.
A category 2 attack is one that “has a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy.”
Category 3, 4, and 5 are determined by the size of private or public sector organisation impacted, from large and medium to small. Category 6 attacks refer to attacks on an individual or early activity aimed at a medium-sized organisation.
The framework will be put to the test in an upcoming live national cybercrime exercise that will test the nation’s police, security and intelligence agencies’ response to a large scale cyber attack.
The UK is investing £5m next year to ensure every local and regional police force has a dedicated cybercrime unit.
“This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face," said Paul Chichester, the NCSC’s director of operations.