UK national cyber attack response and investigation is a well-defined and rehearsed process, but the responsible agencies say they are building more capability and closing the gaps.
The UK’s National Crime Agency (NCA), National Police Chiefs’ Council (NPCC) and National Cyber Security Centre (NCSC) are tasked with responding to different aspects of cyber attacks.
“Of course these areas overlap, but that is why we work so closely together on a formal basis and daily through our investigators working together and talking to each other,” said Oliver Gower, deputy director of the NCA and head of the NCA’s National Cyber Crime Unit (NCCU).
The NCA investigates the most serious and complex attacks hitting the UK, and coordinates and supports the entire UK policing response and provide specialist high-end technical support to that response, at a national or a regional level.
The NCSC, which is part of GCHQ, protects critical services from cyber attacks, steps in to help victims mitigate the effect of attacks and manage major cyber incidents, and improves UK internet security.
Police regional organised crime units (ROCUs) lead investigations into multi-jurisdictional cyber crime, and have dedicated roles to prevent cyber crime and to increase the overall level of resilience in their region. They are resourced by local police forces, but operate as standalone teams at a regional level.
At the local level, policing leads the response to cyber crime, investigating cases referred by the National Fraud Intelligence Bureau (NFIB), distributing advice to victims and the vulnerable, and feeding the national intelligence picture.
