Drawing on experiences of a CESG/CPNI pilot running since October 2012, a twin track approach is being taken for certified Cyber Incident Response services:
- a broadly based scheme managed by industry professional body, endorsed by CESG and CPNI, and delivered by industry. This scheme focuses on appropriate standards for incident response aligned to demand from industry, the wider public sector and academia. Initially this scheme will be administered by CREST: additional professional body-led schemes may be added should they emerge in future.
- a small and focussed Government run Cyber Incident Response scheme certified by CESG and CPNI where capable industry partners deliver services focussed on responding to sophisticated, targeted attacks against networks of national significance. Organisations affected by such an attack should approach one of the CESG/CPNI certified CIR providers