New cyber-attack severity system designed to improve UK’s response to hackers
The severity of cyber attacks in the UK will now be graded under a new six-category system, which has been described as a “step change” in how intelligence experts align with law enforcement to thwart hackers.
Drawn up by the National Cyber Security Centre (NCSC), the new cyber incident framework spans the full range of threats from national crises to attacks against individuals.
The most severe ‘Category 1’ threats are described as ‘National Cyber Emergencies’, which cause “sustained disruption of UK essential services or affects UK national security”.
Attacks like the ‘Wannacry’ malware, which hit the NHS last year, could fall under this band or the slightly less severe Category 2.
Meanwhile, lowest severity ‘Category 6’ threats may concern an attack against an individual or “preliminary indications of cyber activity against a small- or medium-sized organisation”.
The system has been designed to bring greater clarity and consistency to the response triggered when UK networks are targeted by hackers, online fraudsters or hostile states.
Officials described the new approach as a “step change” in the fight against hackers in comparison to the three-stage system previously in place.
They said information processed by the new mechanism will ultimately be used to generate the most comprehensive national picture to date of the cyber threat landscape.
“The NCA and wider law enforcement already work hand in hand with the NCSC to provide a strong, coordinated response to cyber incidents targeting the UK,” said Ollie Gower, deputy director at the National Crime Agency.
“This new framework will ensure we are using the same language to describe and prioritise cyber threats, helping us deliver an even more joined up response.
“I hope businesses and industry will be encouraged to report any cyber attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK.”
The new system comes ahead of plans by the government to fine companies that are not taking sufficient measures to shore up their cyber security.
Derbyshire chief constable Peter Goodman, the national policing lead for cybercrime, said: “Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.
“This is good news for the safety of our communities, business and individuals.”