Cyber security agencies overhaul grading system for online attacks

Britain’s cyber security agencies have launched a major overhaul of how they grade online attacks.

Incidents can now be classified in six categories, up from three under the previous arrangements.

The system has been designed to bring greater clarity and consistency to the response triggered when UK networks are targeted by hackers, online fraudsters or hostile states.

Officials described the new approach as a “step change” in how intelligence experts align with law enforcement to thwart hackers.

They said information processed by the new mechanism will ultimately be used to generate the most comprehensive national picture to date of the cyber threat landscape.

Paul Chichester, director of operations at the NCSC, said: “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.

“The new system will offer an improved framework for dealing with incidents.

“Individual judgments will of course still be applied to respond to incidents as necessary.”

The NCSC, which is part of intelligence agency GCHQ, has responded to more than 800 “significant” incidents since it was established in October 2016.

Among the most high-profile episodes was the global “ransomware” outbreak which affected dozens of NHS trusts in May last year.

Its incident category definitions give increased clarity on response mechanisms identifying what factors would happen to activate a specific classification, which organisation responds and what actions they would take, the NCSC said.

A category one incident is a “national cyber emergency” which causes sustained disruption to essential services or affects national security, leading to severe economic or social consequences, or loss of life.

A “highly significant” incident which has a serious impact on central government or a large proportion of the population would be classified in category two.

Category three covers “significant” attacks, such as those that have a serious impact on a large organisation or local government.

Substantial, moderate and localised incidents are logged in categories four, five and six respectively.

These would include attacks on medium sized or small organisations, or individuals.

Derbyshire Chief Constable Peter Goodman, the national policing lead for cyber crime, said: “Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.

“This is good news for the safety of our communities, business and individuals.”

Ollie Gower, deputy director at the National Crime Agency, said: “This new framework will ensure we are using the same language to describe and prioritise cyber threats, helping us deliver an even more joined up response.

“I hope businesses and industry will be encouraged to report any cyber attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK.”

The new categorisation scheme will be announced at the CYBERUK conference in Manchester.