UK ICO and NCSC Set to Share Anonymized Threat Intelligence
The UK’s data protection regulator and its leading security agency have signed an agreement to cooperate more closely on cyber incidents, in a bid to make the country the safest place in the world to do business.
The memorandum of understanding (MoU) signed by the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) indicates closer collaboration on several fronts.
The ICO said it will encourage organizations reporting breaches to engage more closely with the NCSC in order to enhance incident response. It will also look for ways to demonstrate how “meaningful engagement” with the agency could help to reduce potential regulatory fines.
Perhaps most impactful will be a commitment from the ICO to share information on cyber incidents with the NCSC in order to help the latter keep pace with the evolving threat landscape. Such information will usually be shared “on an anonymized and aggregate basis,” although “incident-specific details” will also be handed over when a case is of “national significance,” the two said.
Read more on the ICO: UK Privacy Regulator Names and Shames Breached Firms
To minimize disruption to organizations in the aftermath of serious incidents, the ICO and NCSC also committed to “deconflict,” with the regulator set to advise companies to use the NCSC as their main contact in order to prioritize risk mitigation above regulatory matters.
Both parties have also agreed to work together on cybersecurity guidance and awareness-raising initiatives, and to provide ongoing feedback on the relationship in order to drive continuous improvement.
“This new MoU with the information commissioner builds on our existing relationship and will boost the UK’s digital security,” said NCSC CEO, Lindy Cameron.
“It provides us with a platform and mechanism to improve cybersecurity standards across the board while respecting each other’s remits.”
Information commissioner, John Edwards, explained that the ICO already works closely with the NCSC to offer cybersecurity advice and support.
“This memorandum of understanding reaffirms our commitment to improve the UK’s cyber resilience so people’s information is kept safe online from cyber-attacks,” he added.