British intelligence agency Government Communications Headquarters (GCHQ) has started a pilot response scheme for organisations that have suffered a cyber attack.
BAE Systems Detica, Cassidian, Context IS and Mandiant have been accredited to sell services under the 'Cyber Incident Response' scheme which will see them perform clean-up operations in the wake of a cyber attacks, a GCHQ spokesperson told SC.
"The companies will respond to an incident by analysing and then containing the incident, and then cleaning it up," they said.
"They will produce an incident report describing the incident and recommend actions to prevent a recurrence."
Victims would choose and contract with response companies directly.
The scheme would run as pilot until February next year and was aimed at public sector and critical infrastructure bodies and private organisations.
Offensive cyber capabilities would not be part of the scheme.
Cyber attack victims that contact Detica could expect an initial discussion followed by forensic analysis of systems, a Detica spokeswoman told SC.
"Our cyber analysts would scope out the problem using specialist tools, forensic skills and knowledge of previous attackers' methods to uncover and investigate the problem and analyse it," the spokeswoman said.
"We then work out how to contain it and suggest appropriate action to remove the threat, making sure the attacker is removed with no back door left open for them to return."
British cyber security minister Chloë Smith said in a statement that some attacks on organisations were bound to be successful.
"The growing cyber threat makes it inevitable that some attacks will get through either where basic security is not implemented, or when an organisation is targeted by a highly capable attacker," Smith said.
The four cyber response companies were accredited by Communications-Electronics Security Group (CESG), the information assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure.
CESG would develop working practices with the four companies during the pilot, and publish requirements so that other interested companies can apply to be part of the scheme.
