NCSC publishes cyber attack categorisations

Six categories included in guidance on how to respond to cyber incidents and apply to public and private sectors

The National Cyber Security Centre (NCSC) has published a new cyber attack categorisation scheme aimed at providing more consistent responses to incidents and a better use of resources.

'cyber attack' on digital screenIt provides category definitions to clarify how organisations should respond to threats and takes in all sectors of the economy including central and local government, industry, charities, universities, schools, small businesses and individuals.

The six categories are: national cyber emergency; highly significant incident; significant incident; substantial incident; moderate incident; and local incident. Each is accompanied by a definition with a guide to who should respond and the basics of what they should do.

The NCSC said that any cyber attack which might have a national impact should be reported to it immediately. This includes attacks likely to harm UK national security, the economy, public confidence, or public health and safety.

Strengthening response

Paul Chichester, the NCSC’s director of operations, said: “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.

“The new system will offer an improved framework for dealing with incidents, especially as GDPR and the NIS Directive come into force shortly.

“Individual judgements will of course still be applied to respond to incidents as necessary.”

The NCSC has responded to more than 800 significant incidents since October 2016. It defines an incident as a breach of a system’s security policy to affect its integrity or availability; of unauthorised access or attempted access to a system.

Image from iStock