UK to get new cyber attack severity rating system
The Cyber Monitoring Centre is to start rating cyber incidents in the UK as part of efforts to boost understanding and response.
A new monitoring centre is to begin rating the severity of cyber events – including cyber attacks – in the UK as they happen, as part of efforts to help firms tackle and learn from such incidents.
From Thursday, the Cyber Monitoring Centre (CMC) will start to categorise cyber events that have a potential financial impact greater that £100 million, affect multiple organisations and where there is data or information available to allow for proper assessment.
It will rate incidents on a scale of one (least severe) to five (most severe), with the technical committee leading the monitoring chaired by former chief executive of the National Cyber Security Centre (NCSC), Ciaran Martin.
The UK has been hit by a wide range of high-profile cyber events in recent years, from online banking outages to cyber attacks on the NHS and the CrowdStrike IT outage last summer which knocked infrastructure, transport and healthcare systems offline.
Mr Martin said the new system could help businesses respond and recover.
“Measuring the severity of incidents has proved very challenging. This could be a huge leap forward,” he said.
“I have no doubt the CMC will improve the way we tackle, learn from, and recover from cyber incidents.
“If we crack this, and I’m confident that we will, ultimately it could be a huge boost to cyber security efforts, not just here but internationally too.”
Once an event has been categorised, the CMC will publish the event rating alongside a report, alerting organisations to important information which could help them protect themselves or recover if they have been impacted.
The CMC said it would include expert analysis from its technical committee – which also includes a professor of cyber security from the University of Oxford and the former director general for technology at GCHQ – free of charge.
Will Mayes, chief executive of the CMC, said: “The risk of major cyber events is greater now than at any time in the past as UK organisations have become increasingly reliant on technology.
“The CMC has the potential to help businesses and individuals better understand the implications of cyber events, mitigate their impact on people’s lives, and improve cyber resilience and response plans.”
“I would also like to acknowledge the support from a wide range of world-leading experts who have contributed so much time and expertise to help establish the CMC, and continue to provide data and insights during events.
“Their ongoing support will be vital and we look forward to add further expertise to our growing cohort of partners in the months and years ahead.”
