NCSC teams up with CREST as first delivery partner for expanding scope of cyber incident response

In a move aimed at providing comprehensive support to victims of common cyber attacks driven by financial motives, the National Cyber Security Centre (NCSC) has unveiled plans to launch a new Cyber Incident Response Level 2 scheme. With the announcement of its first delivery partner, the NCSC is now inviting incident response providers to join this groundbreaking initiative.

Following the successful launch of the Cyber Advisor programme in April, which targeted small and medium-sized organisations, the NCSC is now expanding its incident response scheme to cater to a much broader clientele. Recognising the need for collaboration, the NCSC is pleased to introduce CREST as its inaugural Delivery Partner.

The existing Cyber Incident Response scheme, now known as Cyber Incident Response Level 1 (CIR L1), has long provided assurance to companies offering incident response services to central government agencies, Critical National Infrastructure organisations, and international entities. These CIR L1 providers have played a vital role in assisting clients in responding to and recovering from complex, targeted cyber attacks.

"However, we know that CIR Level 1 is not appropriate for, and doesn't have the capacity to help, most victims of cyber attack[s]. I am specifically thinking about most: private sector organisations; charities; Local Authorities; smaller public sector bodies; and organisations which operate predominantly in the UK. These groups are far more likely to face non-targeted, often financially-motivated attacks. But that doesn't make it any less difficult or damaging for the organisations involved and they too often need external help and advice to manage and recover from the incident," NCSC said in a statement.

To address this gap, the NCSC is launching the Cyber Incident Response Level 2 (CIR L2) scheme, leveraging the expertise of its Delivery Partners. The first Delivery Partner to join forces with the NCSC is CREST. As part of their role, Delivery Partners will handle the assessment, onboarding, monitoring, and offboarding of Assured Service Providers, ensuring compliance with the NCSC's stringent technical and organisational standards.

UK-based providers of incident response services can now approach CREST with their enquiries and submit applications to join the scheme. The NCSC's website provides access to the scheme standards, while CREST's website offers detailed information about the fee structure and application process. Once a sufficient number of companies have been accepted into the scheme, the NCSC will declare it open for business and publish relevant information for prospective buyers.

But there's more to come. In the months ahead, the NCSC plans to unveil a second Delivery Partner for CIR L2 and introduce a new initiative aimed at assuring companies that offer Cyber Incident Exercising Services. The organisation encourages industry stakeholders to stay tuned for further updates on these developments.

NCSC's statement further stated: "Once we have accepted enough companies into the scheme, we will announce that the scheme is open for business and publish information for buyers. But this isn't the end of the good news. Over the coming months, we anticipate announcing a second Delivery Partner for CIR L2 and launching a new initiative to assure companies offering Cyber Incident Exercising Services."

It's important to note that although the NCSC is currently working through Delivery Partners, they are committed to ensuring that companies of all sizes can apply to join their schemes directly. They particularly encourage applications from companies in geographically remote or underrepresented areas. Moreover, if any artificial barriers hinder prospective applicants from participating, the NCSC urges them to report the issue, as they are actively striving to eliminate such obstacles.

The NCSC's dedication to expanding the scope of cyber incident response demonstrates its commitment to safeguarding organisations across various sectors, enabling them to effectively navigate the ever-evolving cyber threat landscape.