NCSC Launches Cyber Incident Exercise Scheme

The UK’s National Cyber Security Centre (NCSC) has ramped up efforts to encourage firms to run incident response exercises, with a new scheme to certify assured providers.

The agency said it has chosen long-time partners CREST and IASME to be its delivery partners. They will assess the suitability of organizations to become Assured Service Providers in a new Cyber Incident Exercising (CIE) scheme.

They are both now ready to accept enquiries from UK-based providers of cyber-incident exercise services.

“We are determined that companies of any size can apply to join any of our schemes. We particularly welcome companies located in or serving geographically remote or under-represented areas,” the NCSC said in a blog post.

“Similarly, if your company is working hard to address issues of under-representation in the cybersecurity workforce, we’d love to see your application.”

Read more on incident response: #RSAC: ISACA’s New Ransomware Incident Checklist to Aid Cyber Pros

Companies will be assessed in their ability to deliver two types of incident response exercise.

Tabletop exercises are discussion-based sessions, involving conversations between participants about their roles and responsibilities, activities and “key decision points” for a pre-agreed scenario.

What the NCSC calls “live-play sessions” involve responding in real-time to a pre-agreed incident scenario, although these are more suited to mature organizations looking for detailed validation of their plans, the agency said.

These exercises are only intended to simulate incidents involving a single organization, rather than a national emergency or something impacting a large section of the population, the NCSC clarified.

Incident response remains a key part of any best practice-based security strategy. The NCSC argued that frequent exercise sessions like the ones described here “can transform an organization’s preparation and response to a cyber incident.”