GCHQ pilots cyber response scheme

News by Tom Espiner

Intelligence agency GCHQ has started a pilot response scheme for organisations that have suffered a cyber attack.

Intelligence agency GCHQ has started a pilot response scheme for organisations that have suffered a cyber attack.

Four private companies have been accredited to sell services under the 'Cyber Incident Response' scheme: BAE Systems Detica, Cassidian, Context IS and Mandiant.

The companies will perform clean-up operations in the wake of a cyber attack, a GCHQ spokesperson told SC Magazine on Wednesday.

"The companies will respond to an incident by analysing and then containing the incident, and then cleaning it up," said the spokesperson. "They will produce an incident report describing the incident and recommend actions to prevent a recurrence."

Cyber attack victims will choose and contract with response companies directly, said the spokesperson.

The scheme, which will be in pilot until February 2013, is aimed at public sector and critical infrastructure bodies, but is also open to private organisations.

GCHQ and the response providers will not offer cyber offensive capabilities as part of the scheme, the spokesperson added.

Cyber attack victims that contact Detica can expect an initial discussion followed by forensic analysis of systems, a Detica spokeswoman told SC Magazine UK.

"Our cyber analysts would scope out the problem using specialist tools, forensic skills and knowledge of previous attackers' methods to uncover and investigate the problem and analyse it," said the spokeswoman. "We then work out how to contain it and suggest appropriate action to remove the threat, making sure the attacker is removed with no back door left open for them to return."

Some attacks on organisations are bound to be successful, UK cyber security minister Chloƫ Smith said in a statement on Wednesday.

"The growing cyber threat makes it inevitable that some attacks will get through either where basic security is not implemented, or when an organisation is targeted by a highly capable attacker," said Smith.

The four cyber response companies were accredited by CESG, the information assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI).

CESG will develop working practices with the four companies during the pilot, and publish requirements so that other interested companies can apply to be part of the scheme.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews