Feeds

UK.gov intros shiny CREST badge for cyber crime-scene cleanup squad

Been cyber-screwed? Call one of GCHQ's trusted helpers

High performance access to file storage

The UK has launched two cyber incident response schemes geared towards helping businesses cope better with the aftermath of malware outbreaks and other hacking attacks.

The schemes were launched on Tuesday by the Communications Electronics Security Group (known as CESG), the information security arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), in partnership with the Council of Registered Ethical Security Testers (CREST), the professional body representing security consultants who specialise in penetration testing.

Cyber-incident response services are necessary because, even with a well-thought-out corporate security policy, malware outbreaks and hacker attacks are more or less inevitable. The trick becomes to detect attacks early and thwart them before any real damage is done, which is where firms with computer forensics and cyber response skills come into play.

CESG ran a pilot scheme last November involving four hand-picked firms - BAE Systems Detica, Cassidian (the defence and security unit of EADS), Context Information Security and US-based Mandiant - providing cyber-incident response services to critical national infrastructure organisations such as banks, utilities and transport firms.

The aim was always to roll out similar services to a wider range of public sector firms. The results from the pilot led to the decision that a wider rollout was best accomplished using a twin track approach for certified Cyber Incident Response services.

At the top end comes a small and focused government-run Cyber Incident Response scheme, certified by GCHQ and CPNI, and designed to respond to "sophisticated, targeted attacks against networks of national significance".

Such a scheme would be overkill, not to mention too expensive, for mainstream business and e-commerce firms; hence a decision to also offer a second (more mainstream) scheme led by CREST and endorsed by GCHQ that's focuses on appropriate standards for incident response for industry, the wider public sector and academia.

Both schemes will offer a list of government-assured and certified providers of security response and clean-up services. Think Mr Wolf from Pulp Fiction, but take away the gory body part expertise and add computer forensics and malware eradication skills.

CREST will audit the service providers against standards for cyber incident response and ensure compliance through codes of conduct, which will be combined with professional qualifications for individuals. In the same way that SMEs look for a CORGI-certified gas fitter when they are seeking to install a gas boiler, the idea is that the CREST certifications will keep the cowboys out and help to ensure good standards in the tricky world of computer security incident response.

The government-endorsed twin track approach to offering certified cyber incident response services is designed to dovetail with wider government goals of making the UK more resilient to hacking attacks and cyber-espionage.

Chloë Smith, minister for cyber security said: "The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems and organisations want to know who they can reliably turn to for help."

"This scheme and others like it, together with the “10 Steps to Cyber Security” guidance for business launched last year, are an important part of our effort to provide assistance to industry and government in order to protect UK interests in cyberspace," she added. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.