back to article UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that

The UK government has launched a new cyber attack categorisation that is designed to improve response to incidents – sadly it doesn't go up to 11.* Categorisation into bands ranging from six down towards one (the most severe) will span the full range of incidents from localised attacks against individuals or SMEs up to " …

  1. Voland's right hand Silver badge

    The table is bollocks

    Just copy the homework from the Russian boy next to you. They have a better education system so they usually get their homework done to a higher standard.

    Do we like it or not their critical national infrastructure legislation as voted 2 years ago is at the moment the best in class (until Israel comes up with theirs - there is a rumour they are working on it).

    The criminal responsibility for people who fail to secure infra, the mandatory kill/disconnect switches by design to ensure that attack can be mitigated, the mandatory replicas of key systems like root servers, etc - you name it.

    We may not like what it says (especially the possible anti-democracy and censorship secondary uses), but from the perspective of defending a country from a DEFCON1 level attack it actually says exactly the right things.

    Just copy it and stop w*nking.

  2. Zippy's Sausage Factory

    "I hope businesses and industry will be encouraged to report any cyber attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK.”

    Yes but how do you prevent them, or deal with them when they're happening? How does this help with that? It feels like someone posted a lifesaving guide next to a river, which just has categories for how the person died...

    "A bit dead"

    "Quite dead"

    "Very dead"

    "Very very dead"

    "Extremely dead"

    "Concrete shoes"

    "Might have been nibbled a bit by fishes"

    "Even more dead than that"

    "Just a skeleton, really"

    1. Voland's right hand Silver badge

      Yes but how do you prevent them, or deal with them when they're happening?

      It is in the table - create a different level talking shop which has no powers to do anything besides having a circle-w*nk. None of the business, infrastructure, etc have been mandated to have some level of preparation so the only thing which they can is continue w*nking up to a QUANGO level and beyond.

      Actually doing something requires preparation and some of the preparations will need a very serious level of checks and balances to be enacted. You may need to flip the switch disconnecting a significant part of the country from the net, filtering brutally half of the traffic or even shutting down networks. Giving that ability without control to someone who is so desperately trying to be a pale copy of an "Iron Lady" is a recipe for disaster. Giving it to a lunatic taken out of a steam-punk novel (if god forbid he becomes a prime minister) - doubly so. This needs to be done properly and properly codified in law.

      1. Anonymous Coward
        Anonymous Coward

        None of the business, infrastructure, etc have been mandated to have some level of preparation

        Operators of Essential Services and Digital Service Providers will be mandated from 10 May 2018 when the NIS Regulations come into effect and enact an EU Directive we have been aware of for some time.

        OES will be required to report certain incidents and to adhere to standards.

        So some of us have actually been preparing for defence and for the mandatory audits for compliance.

    2. Robert Helpmann?? Silver badge

      Going down for the last time

      Might have been nibbled a bit by fishes


      Just a skeleton, really

      Davy Jones has got his bones, but the fishes got his stones.

    3. Gotno iShit Wantno iShit

      You missed one @ZSF

      Where does "Completely Norwegian Blue" fit on that scale?

  3. Anonymous Coward
    Anonymous Coward

    Strategic leadership from ministers/cabinet office.

    Minster, we have a category level 1 National Cyber Emergency, what do we do?


    Lets face it, it's not like they are known for their technological skills.

    1. Andytug

      Re: Strategic leadership from ministers/cabinet office.

      They'd probably respond "Switch the Internet off immediately!!!".

      1. Anonymous Coward
        Anonymous Coward

        Re: Strategic leadership from ministers/cabinet office.

        They'd probably respond "Switch the Internet off immediately!!!".

        At which point officially the question will be "How?"

        Unofficially, it will be a call to the LiNX CTO and the fact that there are "requirements for security clearance beyond the ones normally codified" will come in play. That is in the job spec, courtesy of Cameron+Cleggy coming to power by the way.

        So, do you like it or not - the Looney with Churchill/Thatcher delusions already has that power. The scary bit is that there is absolutely nothing as far as legal basis for exercising it and absolutely nothing as far the criteria when it should be applied. It is an "Amber Rudd Style Backdoor". It is all left to her to decide and correlate to her next attempt to remove the parliament out of the decision process. She failed to do that in the election (her posters of "Teresa May and the conservatives" with her name in font 4 times the size were lovely), she failed to do that with BrExit, she is trying it with Syria now.

        By the way - this is practically the only "level" she has at her disposal which is even scarier as she has to either go Nuclear or do nothing at all.

    2. Rich 11 Silver badge

      Re: Strategic leadership from ministers/cabinet office.

      Lets face it, it's not like they are known for their technological skills.

      Not difficult. They already know they just have to go and talk to the people who know all the right hashtags.

    3. Anonymous Coward
      Anonymous Coward

      Re: Strategic leadership from ministers/cabinet office.

      Cyber Level 1 Code name: Brown, quick raise the internet drawbridge, deploy the infantry to Telehouse Europe. Get BT on the phone stat, it's time for them to pay us back for all those sweet deals and lack of regulation.

      1. Anonymous Coward
        Anonymous Coward

        Re: Strategic leadership from ministers/cabinet office.

        Ah yes. It all fits really well with the new Government Security Classification Scheme, where information is basically public, 'Official' (remember that "Official - Sensitive" is the same classification as Official, but just needs some 'different' handling, but not too 'different', because it is absolutely NOT the same as the old RESTRICTED) , or Secret or Top Secret.

        And we obviously still do not care about the Russians or Chinese knowing all about the lower level information (you know, like health records, school records, social media data),because no one could ever use that to, say, influence a referendum or election.

        There is an argument that the greatest harm done to the security of the UK post WW2 was this idea that security does not matter for most data. Thank you Mr. Maude.

  4. TRT Silver badge

    Call it Cycon.

    Pronounced the same as Psycon. Then you can announce the level nationwide by getting Brian Blessed to shout it from the top deck of The Shard.

  5. SVV Silver badge

    I see a flaw in the plan

    "Any cyber attack which may have a national impact should be reported to the NCSC immediately"

    Yeh, but how do do that if the internet's not working?

    1. Anonymous Coward
      Anonymous Coward

      Re: I see a flaw in the plan

      Beacons, worked for the Spanish Armada.

    2. handleoclast

      Re: I see a flaw in the plan

      Yeh, but how do do that if the internet's not working?

      Telephone. The old-fashioned POTS.

      Oh, wait, BT plans to switch it all to VoIP.

      Looks like we have to use RFC 1149.

      1. TRT Silver badge

        Re: I see a flaw in the plan

        Armada? What armada? I see no IPs...

  6. Ali Dodd


    Shame they chose some names that the basic acronym is the same on two levels - stupid. So I propose the following in increasing severity order:

    Cat 6. LOCI - one point incident basically

    Cat 5. MODI - Moderate

    Cat 4. SUBI - dangerous if underwater?

    Cat 3. SIGI - Definitely need one if it gets worse..

    Cat 2. HISIGI - Only type that'll calm you down if it gets this bad

    Cat 1. NCE - takes the biscuit

    1. TRT Silver badge

      Re: shortform/acronyms

      BIKINI state, surely.

      Although there is scope for confusion and a need for mind bleach if someone asks "The BIKINI... Is it Amber? Red?" and someone else slightly mishears it.

      1. Rich 11 Silver badge

        Re: shortform/acronyms


      2. Korev Silver badge

        Re: shortform/acronyms

        What happens if the bikini code is yellow & polkadot? I guess it'd only be teeny weeny so would be easy to miss...

  7. Heavy Soil

    But how do we know?

    The question in your headline made me follow the bait and click to find out... but there's no answer there. If there's a top-severity attack later today, how do I as an IT manager find out about it?

    I read the page on the NCSC site and there isn't an alert email list to sign up to, nothing of the sort... I understand the need for categorisation of this stuff so defences and responses can be planned, but communication with members of the public who have a vested interest should be a big part of it.

  8. Bob Wheeler

    Permanent status

    From looking at the table I can see that we will be permanently at level 4 or at least level 5

  9. Hans Neeson-Bumpsadese Silver badge

    I never got past the first row in the table. I read as far as the bit that says "co-ordinated cross-government response" and then started laughing so hard that I now can't read through the tears.

  10. Craigie

    level 1 response

    'strategic leadership from ministers'. - nothing actually useful then.

  11. marjorysnicket

    Cyber attacks, incidents, or just poor healthcare?

    They haven't specified whether they are attempting to categorise a 'successful' cyber attack, or just an 'attempted' cyber attack.

    If an attempted one - then do they really have the resources to respond to every attack on small to medium sized organisations?! Do they realise how many there are every minute of every day?

    If a successful one only - then really they are just responding to the impact of the attack and doing nothing to prevent one. In which case, surely they are already have procedures for dealing with the impact on people and infrastructure? Isn't that called a DR / BC plan?

    Plus - what if a regular old 'outage' had a similar impact to a level 1, 2, or 3 cyber attack? We know that public sector infrastructure is aged and failing. Would that not require a similar coordinated response?

    And when is a cyber attack and 'attack'? The major outage for NHS last year was as a result of a virus being let loose and their infrastructure not having the antibodies because of poor IT healthcare! I don't see that as an 'attack' as much as I see it as poor health management!

    I'm going to stop before I really get into a rant. :)

  12. gymychoo


    No because in UK defence Defcon more prosaically means defence contract - I'm ex MOD.

  13. Slabfondler

    What of the...

    All your Interwebs are belong to us level incident?

  14. Anonymous Coward
    Anonymous Coward

    Surely the government would just unplug the modem?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019