Incident response diplomacy: UK to launch new capability to help attacked allies

The British government will launch a new Cyber Incident Response Capability (CIRC) to offer assistance to partner countries dealing with cyberattacks.

The CIRC will be available to NATO allies through the alliance’s virtual cyber incident support capability — launched in the wake of the Iranian cyberattacks on Albania — as well as other non-NATO countries.

Speaking at the NATO Cyber Defence Conference in London on Monday, government minister Pat McFadden said the project was aimed specifically at countries responding to “attacks on their critical national infrastructure.”

McFadden said the CIRC would bring “together both the public and private sectors in the UK to offer their technical assistance on combating those attacks.”

According to the Foreign Office, £1 million ($1.3 million) has been budgeted to the project — taken from the country’s Integrated Security Fund — to procure a private sector contractor for incident response engagements.

The details of the contract are not yet public. Costs for incident response engagements can range substantially depending on whether the provider is on retainer, and on the complexity of the incident itself.

It is likely that nation-state attacks on critical infrastructure may require extensive forensic analysis alongside other efforts to ensure the attackers are removed from the system, and be among the most expensive incidents to respond to.

It comes as McFadden warned attendees at the London conference of the severe threat that Russian cyber operations posed to Western critical infrastructure.

He warned that “Russia can turn off the lights for millions of people,” although experts criticised the claim, saying it “inadvertently bolsters Russia’s image and perceived capabilities while unnecessarily spreading fears of a doomsday scenario.”