The UK official National Cyber Security Centre (NCSC) is launching a new Cyber Incident Exercising (CIE) scheme. It’ll give organisations access to NCSC-assured exercising providers for the first time.
In August, the NCSC announced CREST and IASME as delivery partners for the scheme, to manage the assessment on behalf of the NCSC, and to bring in the assured exercising service providers. With those providers now in place, the scheme is opening. For a list of service providers visit the NCSC website: https://www.ncsc.gov.uk/schemes/cyber-incident-exercising/find-a-provider.
The scheme offers access to bespoke, structured table-top or live-play cyber incident exercises. The exercising companies will work alongside organisations to practise their responses in a safe environment. It sits alongside the NCSC’s free ‘Exercise in A Box’ tool that allows testing of incident response against generic cyber scenarios. The scheme assures companies to deliver two types of cyber exercises:
– Table-Top – discussion-based sessions where you talk about roles and responsibilities, activities and key decision points (in line with your organisation’s incident response plan) for a pre-agreed scenario.
– Live-Play – sessions where you carry out your roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Such exercises are best suited to mature organisations looking for in-depth validation of plans, the authorities suggest.
The exercises are designed to simulate incidents which have a significant impact, the NCSC adds. The scheme does not cover category 1 (a national emergency – disruption of UK essential services or affecting UK national security) and category 2 (‘highly significant’) incidents, as defined by the UK official cyber incident categories.
NCSC Director of Operations Paul Chichester said: “I’ve often said the first time you try out your cyber incident response plan shouldn’t be on the day you are attacked. So, if you do only one thing on a regular basis, incident exercising should be it. That’s why I’m delighted that the NCSC’s Cyber Incident Exercising scheme is now open and buyers can use it to find trusted providers that can help prepare for when the worst happens. Exercising in a safe and supportive environment will allow all the relevant teams and individuals to properly understand their roles and maximise their effectiveness during an incident. In turn this will help to minimise harm and improve the resilience of both individual organisations and the UK as a whole.”
CREST Head of Accreditation, Jonathan Armstrong, said: “CREST is committed to ensuring the highest standards across the cyber security industry and to supporting buyers through the NCSC’s scheme. Using Assured Providers will ensure they are getting services from credible suppliers who meet both ours and NCSC’s high standards.”
And Dr Emma Philpott MBE, CEO of IASME said: “We are thrilled to partner with NCSC to help deliver the Cyber Incident Exercising Scheme. Practicing what you would do in the event of a cyber security incident with the support of an experienced, expert team significantly enhances the resilience of any business. This initiative helps organisations of all sizes to identify the most suitable provider to work with, knowing that they are assured under the NCSC scheme.”
How to find
You can find a list of NCSC Assured Cyber Incident Exercising providers via the scheme’s “Find a Provider” page or the main “Verify suppliers” search on the NCSC website.
If you offer exercising services and are interested in joining the new Cyber Incident Exercising scheme, visit the scheme’s “Information for Service Providers” page, where you can find the CIE scheme standard and details of the fee structure and how to apply on the delivery partners’ websites: CREST and IASME.
