Cyber attack emergency service launched

News by Tim Ring

The Government's '999' emergency service to help companies and government agencies who suffer a cyber attack has kicked-off, almost three months after its official launch.

The Government's ‘999' emergency service to help companies and government agencies who suffer a cyber attack has kicked-off, almost three months after its official launch.

Five companies – BAE Systems Detica, Context Information Security, Mandiant, MWR InfoSecurity and Dell SecureWorks - have been cleared to help any of Britain's ‘critical national infrastructure' (CNI) organisations who suffer a state-sponsored or high-level criminal cyber attack.

The importance of the scheme was emphasised by Context CEO Mark Raeburn who, when talking to, warned that many CNI organisations – which include public sector agencies and Britain's biggest companies in key sectors like finance, defence, energy and transport – are still unaware of the level of threat they face from Chinese and other nation-state attackers.

Context and the four other firms have been selected for the Cyber Incident Response (CIR) scheme which is part of the UK Government's flagship £640 million National Cyber Security Strategy. It is being run by CESG, the information security arm of intelligence service GCHQ.

Meanwhile, a second set of suppliers has passed the exam for the Government's companion Cyber Security Incident Response (CSIR) scheme, to give emergency help to broader ‘non-critical' UK businesses, the wider public sector and academia. They include Detica and MWR, who are on both schemes, together with PricewaterhouseCoopers and Verizon UK.

This CSIR initiative is being run for the Government by CREST (Council of Registered Ethical Security Testers), the information security certification body.

CREST originally hoped to have some suppliers in place by the end of September but was thwarted when none of the applicants passed its audit first time round. Both the CIR and CSIR schemes were officially launched in August.

The notable missing ‘name' among the approved suppliers is consultancy firm Cassidian – the only firm from last year's extended CIR pilot scheme not to appear on either list. But a Cassidian spokesperson told that “our submission is now under evaluation by CESG. We are fully confident that we will be fully certified for both the CREST-led and CESG-led CIR schemes shortly”. The spokesperson said delays had arisen because Cassidian was not previously a full CREST member.

CREST president Ian Glover confirmed to that two more suppliers “are on the brink” of approval for his CSIR scheme. Approval is a rolling process, with companies being audited whenever they apply.

“The CSIR scheme gives the buying community confidence in the integrity and competence of the CREST-certified companies they can turn to for help following an attack,” Glover said.

However, Mark Raeburn at Context told that CNI organisations are far from aware enough of the cyber threat facing them. “Much more needs to be done. It's getting better but it's a long way off perfect,” he said.

“The defence industry is more aware than most. The areas that are probably in need of more awareness are the data aggregators - accountants, lawyers, M&A organisations, hedge funds - anywhere where if you go phishing there is generally going to be interesting information around business opportunities.”

Raeburn said CIR is “a formal process which provides some assurance to the customer that the person coming along has got some idea of what they're doing, to ensure the overall protection of the critical national infrastructure is maintained”.

He said the level of sophisticated attacks on Britain's core infrastructure is “probably fairly constant” but added that as well as the Chinese, “in the last four or five years we've watched other nation states decide that it's a good idea to play the same game”. He declined to name names.

Raeburn said currently the most common threats are watering hole attacks that use social engineering phishing to get people to visit the website, from where the malware can infect their networks.

Context has a 40-strong incident response team, about a third of the overall company.

At PwC, Kris McConkey said its CSIR service will be provided by the cyber incident response team which he leads and comprises around 100 professionals including ‘forensics' specialists focused on threat detection and response and threat intelligence. He told the CSIR approval process “was very robust. The bar was set very high but unless you do that, there is a risk of companies doing a very bad job.”

Noting how Incident response skills are currently in short supply, Alex Fidgen, director at MWR InfoSecurity, commented to “There is an increasing need of genuine, proven capability in this area – particularly in an age of increasingly complex cyber attacks. This scheme will help to professionalise this part of the industry and provide businesses and the Government with accredited services and qualified professionals."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews