UK’s NCSC Launches Cyber Incident Exercising Scheme to Enhance Organizational Cyber Resilience

The UK’s National Cyber Security Centre (NCSC) has introduced a groundbreaking Cyber Incident Exercising (CIE) scheme, offering organizations access to NCSC-assured Exercising providers for the first time. The initiative is designed to enhance cyber resilience by allowing companies to practice and refine their responses to cyber incidents through structured table-top or live-play exercises.

Key Highlights:

  1. Assured Service Providers: The NCSC has collaborated with CREST and IASME, naming them as Delivery Partners to manage assessments and onboard assured exercising service providers. With multiple Assured Service Providers now in operation, the CIE scheme is officially open for business.
  2. Access to NCSC Assured CIE Providers: The scheme provides organizations with access to NCSC-assured CIE service providers capable of designing tailored, structured table-top, or live-play cyber incident exercises. The goal is to facilitate robust practice of responses in a secure environment.
  3. Two Types of Cyber Exercises: Assured Cyber Incident Exercising companies will deliver two types of exercises:
    • Table-Top: Discussion-based sessions where participants talk about their roles, responsibilities, activities, and key decision points for a pre-agreed scenario.
    • Live-Play: Sessions where participants execute their roles in close to real-time, responding to a controlled feed of information, representing a pre-agreed scenario. Live-play exercises are ideal for mature organizations seeking in-depth plan validation.
  4. Excluded Incidents: The scheme focuses on simulating incidents with a significant impact on a single client organization. It does not cover category 1 and category 2 incidents, as defined by the UK cyber incident categorization system.

Quote from NCSC Director of Operations Paul Chichester: “I’ve often said the first time you try out your cyber incident response plan shouldn’t be on the day you are attacked. So, if you do only one thing on a regular basis, incident exercising should be it. That’s why I’m delighted that the NCSC’s Cyber Incident Exercising scheme is now open and buyers can use it to find trusted providers that can help prepare for when the worst happens.”

How to Find an NCSC Assured Cyber Incident Exercising Provider:

  • Visit the scheme’s [“Find a Provider” page](link to the “Find a Provider” page).
  • Utilize the main “Verify suppliers” search on the [NCSC website](link to the NCSC website).

Become an Assured Service Provider:

  • If your organization offers exercising services, visit the scheme’s [“Information for Service Providers” page](link to the “Information for Service Providers” page) for details on the CIE scheme standard, fee structure, and application process.

Collaboration with Industry: The NCSC works with industry through schemes like the Cyber Incident Exercising initiative to assess industry services against best-practice standards, contributing to the overall improvement of cybersecurity resilience. Currently, over 400 companies offer services on behalf of the NCSC.