Incident response diplomacy: UK to launch new capability to help attacked allies

Avatar

The British government will launch a new Cyber Incident Response Capability (CIRC) to offer assistance to partner countries dealing with cyberattacks.

The CIRC will be available to NATO allies through the alliance’s virtual cyber incident support capability — launched in the wake of the Iranian cyberattacks on Albania — as well as other non-NATO countries.

Speaking at the NATO Cyber Defence Conference in London on Monday, government minister Pat McFadden said the project was aimed specifically at countries responding to “attacks on their critical national infrastructure.”

McFadden said the CIRC would bring “together both the public and private sectors in the UK to offer their technical assistance on combating those attacks.”

According to the Foreign Office, £1 million ($1.3 million) has been budgeted to the project — taken from the country’s Integrated Security Fund — to procure a private sector contractor for incident response engagements.

The details of the contract are not yet public. Costs for incident response engagements can range substantially depending on whether the provider is on retainer, and on the complexity of the incident itself.

It is likely that nation-state attacks on critical infrastructure may require extensive forensic analysis alongside other efforts to ensure the attackers are removed from the system, and be among the most expensive incidents to respond to.

It comes as McFadden warned attendees at the London conference of the severe threat that Russian cyber operations posed to Western critical infrastructure.

He warned that “Russia can turn off the lights for millions of people,” although experts criticised the claim, saying it “inadvertently bolsters Russia’s image and perceived capabilities while unnecessarily spreading fears of a doomsday scenario.”

CybercrimeGovernmentLeadershipNation-stateNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

African cybercrime crackdown culminates in 1,006 captured and cuffed

Next Post

‘CyberVolk’ hacktivists use ransomware in support of Russian interests

Related Posts

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign
Avatar
Read More

Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense

Ransomware doesn’t hit all at once—it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it’s too late to stop the flood.  Each stage of a ransomware attack offers a small window to detect and stop the threat before it’s too late. The problem is
Avatar
Read More