Feeds

UK.gov intros shiny CREST badge for cyber crime-scene cleanup squad

Been cyber-screwed? Call one of GCHQ's trusted helpers

Next gen security for virtualised datacentres

The UK has launched two cyber incident response schemes geared towards helping businesses cope better with the aftermath of malware outbreaks and other hacking attacks.

The schemes were launched on Tuesday by the Communications Electronics Security Group (known as CESG), the information security arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), in partnership with the Council of Registered Ethical Security Testers (CREST), the professional body representing security consultants who specialise in penetration testing.

Cyber-incident response services are necessary because, even with a well-thought-out corporate security policy, malware outbreaks and hacker attacks are more or less inevitable. The trick becomes to detect attacks early and thwart them before any real damage is done, which is where firms with computer forensics and cyber response skills come into play.

CESG ran a pilot scheme last November involving four hand-picked firms - BAE Systems Detica, Cassidian (the defence and security unit of EADS), Context Information Security and US-based Mandiant - providing cyber-incident response services to critical national infrastructure organisations such as banks, utilities and transport firms.

The aim was always to roll out similar services to a wider range of public sector firms. The results from the pilot led to the decision that a wider rollout was best accomplished using a twin track approach for certified Cyber Incident Response services.

At the top end comes a small and focused government-run Cyber Incident Response scheme, certified by GCHQ and CPNI, and designed to respond to "sophisticated, targeted attacks against networks of national significance".

Such a scheme would be overkill, not to mention too expensive, for mainstream business and e-commerce firms; hence a decision to also offer a second (more mainstream) scheme led by CREST and endorsed by GCHQ that's focuses on appropriate standards for incident response for industry, the wider public sector and academia.

Both schemes will offer a list of government-assured and certified providers of security response and clean-up services. Think Mr Wolf from Pulp Fiction, but take away the gory body part expertise and add computer forensics and malware eradication skills.

CREST will audit the service providers against standards for cyber incident response and ensure compliance through codes of conduct, which will be combined with professional qualifications for individuals. In the same way that SMEs look for a CORGI-certified gas fitter when they are seeking to install a gas boiler, the idea is that the CREST certifications will keep the cowboys out and help to ensure good standards in the tricky world of computer security incident response.

The government-endorsed twin track approach to offering certified cyber incident response services is designed to dovetail with wider government goals of making the UK more resilient to hacking attacks and cyber-espionage.

Chloë Smith, minister for cyber security said: "The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help."

"This scheme and others like it, together with the “10 Steps to Cyber Security” guidance for business launched last year, are an important part of our effort to provide assistance to industry and government in order to protect UK interests in cyberspace," she added. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.