From: Lexology

John Wilson, Eversheds LLP (UK)

PrĂ©cis– The Cyber Incident Response Scheme will provide public sector organisations, as well as organisations forming part of the UK’s critical national infrastructure, with access to companies certified by CESG and CPNI, with knowledge and experience to respond effectively to cyber attacks.

What? Launched by the Communications-Electronics Security Group (“CESG” -the Information Assurance arm of GCHQ), and the Centre for the Protection of National Infrastructure (“CPNI”), four companies have been selected as part of a pilot scheme that will seek to protect against, monitor and respond to serious cyber security incidents. Those companies are BAE Systems Detica, Cassidian, Context IS and Mandiant. During the pilot scheme the four companies will work in partnership with CESG and CPNI to develop a set of future standards for cyber response services. Although aimed at the public sector, it is anticipated that the private sector will, in time, be able to utilise cyber response services.

So what? The Cyber Incident Response Scheme is a component of the Government’s UK Cyber Security Strategy and builds on the recently published ’10 steps to Cyber Security’ guidance on how businesses can reduce the risk of vulnerability to attack, and is a step towards the development of the cyber incident response industry.

According to BAE Systems Detica, since the start of 2011 there has been a ten-fold increase in cyber attacks, and the Scheme comes at a time when the internet is increasing central to the functioning of the economy, putting at risk the protection of intellectual property, the safeguarding of financial systems, and the protection of commercially sensitive information. The scale of our dependence on the internet, and the potential threat posed by cyber crime, places cyber security at the heart of both national security and economic strategy.