Cyber attacks given new classifications by security agencies

Incidents can now be classified in six categories, up from three under the previous arrangements.

Press Association
Last updated: 12 April 2018 - 9.25am

Britain’s cyber security agencies have launched a major overhaul of how they grade online attacks.

Incidents can now be classified in six categories, up from three under the previous arrangements.

[Read more: What is ransomeware? Tips on prevention and what to do if you are affected] 

The system has been designed to bring greater clarity and consistency to the response triggered when UK networks are targeted by hackers, online fraudsters or hostile states.


Drawn up by the National Cyber Security Centre (NCSC), the new cyber incident framework spans the full range of threats from national crises to attacks against individuals.

Officials described the new approach as a “step change” in how intelligence experts align with law enforcement to thwart hackers.

They said information processed by the new mechanism will ultimately be used to generate the most comprehensive national picture to date of the cyber threat landscape.

Paul Chichester, director of operations at the NCSC, said: “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.

“The new system will offer an improved framework for dealing with incidents.

“Individual judgments will of course still be applied to respond to incidents as necessary.”

The NCSC, which is part of intelligence agency GCHQ, has responded to more than 800 “significant” incidents since it was established in October 2016.

Among the most high-profile episodes was the global “ransomware” outbreak which affected dozens of NHS trusts in May last year.


Cyber incidents in all sectors of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals are covered by the new framework.

Its incident category definitions give increased clarity on response mechanisms identifying what factors would happen to activate a specific classification, which organisation responds and what actions they would take, the NCSC said.

A category one incident is a “national cyber emergency” which causes sustained disruption to essential services or affects national security, leading to severe economic or social consequences, or loss of life.

A “highly significant” incident which has a serious impact on central government or a large proportion of the population would be classified in category two.

Category three covers “significant” attacks, such as those that have a serious impact on a large organisation or local government.

Substantial, moderate and localised incidents are logged in categories four, five and six respectively.

These would include attacks on medium sized or small organisations, or individuals.

Derbyshire Chief Constable Peter Goodman, the national policing lead for cyber crime, said: “Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.

“This is good news for the safety of our communities, business and individuals.”

Ollie Gower, deputy director at the National Crime Agency, said: “This new framework will ensure we are using the same language to describe and prioritise cyber threats, helping us deliver an even more joined up response.

“I hope businesses and industry will be encouraged to report any cyber attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK.”

The new categorisation scheme will be announced at the CYBERUK conference in Manchester.

Read more: 10 ways BT's free software keeps you safe online

More from BT