Public Services > Central Government

NCSC to implement new cyber incident prioritisation framework

Matteo Natalucci Published 13 April 2018

New Cyber Attack categorisation system aims to beef up UK response to cyber incidents


The government has launched new cyber attack categorisation designed to improve response to security incidents.

The categorisation was launched at the final day of the National Cyber Security Centre’s (NCSC) conference CYBERUK 2018 in Manchester.

The NCSC now defines a cyber security incident as:

  • A breach of a system’s security policy in order to affect its integrity or availability.
  • The unauthorised access or attempted access to a system.

Activities commonly recognised as cyber incidents are:

  • Attempts to gain unauthorised access to a system and/or to data.
  • The unauthorised use of systems and/or data.
  • Modification of a system's firmware, software or hardware without the system-owner's consent.
  • Malicious disruption and/or denial of service.

The new approach will see the NCSC, a part of GCHQ, working hand-in-hand with law enforcement agencies to defend against the growing threat.

The NCSC said it has responded to more than 800 significant incidents since October 2016, and their incident responders will now classify attacks into six specific categories rather than the previous three.

The changes, which are effective immediately, are aimed at improving consistency around the incident response and enabling better use of resources to extend support to more victims.

The incident category definitions aims to improve response mechanisms for incidents by identifying what factors would happen to activate a specific classification, which organisation responds and what actions they would take.

The framework encompasses cyber incidents in all sectors of the economy, including central and local government and industry.

The existing system of three categories of incident broadened to six detailed classifications.


Paul Chichester, the NCSC’s Director of Operations, said, “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.”

Chichester said, “The new system will offer an improved framework for dealing with incidents, especially as GDPR and the NIS Directive come into force shortly. Individual judgements will of course still be applied to respond to incidents as necessary.”

The data processed by the new framework will be used to generate “the most comprehensive national picture to date” of the cyber threat landscape, spanning the full range of incidents from national crises to cyber attacks on individuals.

The cyber security agency stressed the need to report immediately any cyber attack which may have a national impact should be reported to the NCSC. Depending on the incident, the NCSC may be able to provide direct technical support.

National Police Chiefs' Council Lead for Cybercrime, Chief Constable Peter Goodman, said, “This is a hugely important step forward in joint working between law enforcement and the intelligence agencies

“Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response. This is good news for the safety of our communities, business and individuals,” Goodman said.

Ollie Gower, Deputy Director at the National Crime Agency said, “The NCA and wider law enforcement already work hand in hand with the NCSC to provide a strong, coordinated response to cyber incidents targeting the UK.

Gower added, “This new framework will ensure we are using the same language to describe and prioritise cyber threats, helping us deliver an even more joined up response. I hope businesses and industry will be encouraged to report any cyber attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK”.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.