The National Cyber Security Centre has launched a new cyber incident exercising scheme, giving organisations access to NCSC-assured exercising providers for the first time.

The new CIE Scheme provides organisations with access to NCSC-assured CIE service providers able to create structured table-top or live-play cyber incident exercises. It sits alongside the NCSC’s ‘exercise in a box’ tool which allows organisations to test their incident response against a range of generic cyber incident scenarios.

The scheme enables companies to deliver two types of cyber exercises: ‘table-top’ discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points for a pre-agreed scenario; and ‘live-play’ sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario.

The exercises are designed to simulate incidents which have a significant impact on a single client organisation. The scheme does not cover category 1 and category 2 incidents, as defined by the UK cyber incident categorisation system.

In August, the NCSC announced CREST and IASME as the delivery partners for the scheme to manage the assessment on its behalf, and to onboard the assured exercising service providers. The scheme now has a number of assured service providers in place.

Paul Chichester, NCSC director of operations, said: “The first time you try out your cyber incident response plan shouldn’t be on the day you are attacked. So, if you do only one thing on a regular basis, incident exercising should be it. That’s why I’m delighted that the NCSC’s cyber incident exercising scheme is now open and buyers can use it to find trusted providers that can help prepare for when the worst happens.

“Exercising in a safe and supportive environment will allow all the relevant teams and individuals to properly understand their roles and maximise their effectiveness during an incident. In turn, this will help to minimise harm and improve the resilience of both individual organisations and the UK as a whole.”

---