UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that • The Register Forums

Thursday 12th April 2018 10:50 GMT Voland's right hand

The table is bollocks

Just copy the homework from the Russian boy next to you. They have a better education system so they usually get their homework done to a higher standard.

Do we like it or not their critical national infrastructure legislation as voted 2 years ago is at the moment the best in class (until Israel comes up with theirs - there is a rumour they are working on it).

The criminal responsibility for people who fail to secure infra, the mandatory kill/disconnect switches by design to ensure that attack can be mitigated, the mandatory replicas of key systems like root servers, etc - you name it.

We may not like what it says (especially the possible anti-democracy and censorship secondary uses), but from the perspective of defending a country from a DEFCON1 level attack it actually says exactly the right things.

Just copy it and stop w*nking.

10 2 Reply
Thursday 12th April 2018 11:01 GMT Zippy's Sausage Factory

"I hope businesses and industry will be encouraged to report any cyber attacks they suffer, which in turn will increase our understanding of the cyber threat facing the UK.”

Yes but how do you prevent them, or deal with them when they're happening? How does this help with that? It feels like someone posted a lifesaving guide next to a river, which just has categories for how the person died...

"A bit dead"

"Quite dead"

"Very dead"

"Very very dead"

"Extremely dead"

"Concrete shoes"

"Might have been nibbled a bit by fishes"

"Even more dead than that"

"Just a skeleton, really"

22 0 Reply
1. Thursday 12th April 2018 11:20 GMT Voland's right hand
  
  Yes but how do you prevent them, or deal with them when they're happening?
  
  It is in the table - create a different level talking shop which has no powers to do anything besides having a circle-w*nk. None of the business, infrastructure, etc have been mandated to have some level of preparation so the only thing which they can is continue w*nking up to a QUANGO level and beyond.
  
  Actually doing something requires preparation and some of the preparations will need a very serious level of checks and balances to be enacted. You may need to flip the switch disconnecting a significant part of the country from the net, filtering brutally half of the traffic or even shutting down networks. Giving that ability without control to someone who is so desperately trying to be a pale copy of an "Iron Lady" is a recipe for disaster. Giving it to a lunatic taken out of a steam-punk novel (if god forbid he becomes a prime minister) - doubly so. This needs to be done properly and properly codified in law.
  
  8 1 Reply
  1. Thursday 12th April 2018 16:06 GMT Anonymous Coward
    
    None of the business, infrastructure, etc have been mandated to have some level of preparation
    
    Operators of Essential Services and Digital Service Providers will be mandated from 10 May 2018 when the NIS Regulations come into effect and enact an EU Directive we have been aware of for some time.
    
    OES will be required to report certain incidents and to adhere to standards.
    
    So some of us have actually been preparing for defence and for the mandatory audits for compliance.
    
    1 0 Reply
2. Thursday 12th April 2018 12:03 GMT Robert Helpmann??
  
  Going down for the last time
  
  Might have been nibbled a bit by fishes
  
  ...
  
  Just a skeleton, really
  
  Davy Jones has got his bones, but the fishes got his stones.
  
  5 0 Reply
3. Thursday 12th April 2018 13:37 GMT Gotno iShit Wantno iShit
  
  You missed one @ZSF
  
  Where does "Completely Norwegian Blue" fit on that scale?
  
  5 0 Reply
Thursday 12th April 2018 11:16 GMT Anonymous Coward

Strategic leadership from ministers/cabinet office.

Minster, we have a category level 1 National Cyber Emergency, what do we do?

Wibble.

Lets face it, it's not like they are known for their technological skills.

17 1 Reply
1. Thursday 12th April 2018 11:55 GMT Andytug
  
  Re: Strategic leadership from ministers/cabinet office.
  
  They'd probably respond "Switch the Internet off immediately!!!".
  
  10 1 Reply
  1. Thursday 12th April 2018 12:43 GMT Anonymous Coward
    
    Re: Strategic leadership from ministers/cabinet office.
    
    They'd probably respond "Switch the Internet off immediately!!!".
    
    At which point officially the question will be "How?"
    
    Unofficially, it will be a call to the LiNX CTO and the fact that there are "requirements for security clearance beyond the ones normally codified" will come in play. That is in the job spec, courtesy of Cameron+Cleggy coming to power by the way.
    
    So, do you like it or not - the Looney with Churchill/Thatcher delusions already has that power. The scary bit is that there is absolutely nothing as far as legal basis for exercising it and absolutely nothing as far the criteria when it should be applied. It is an "Amber Rudd Style Backdoor". It is all left to her to decide and correlate to her next attempt to remove the parliament out of the decision process. She failed to do that in the election (her posters of "Teresa May and the conservatives" with her name in font 4 times the size were lovely), she failed to do that with BrExit, she is trying it with Syria now.
    
    By the way - this is practically the only "level" she has at her disposal which is even scarier as she has to either go Nuclear or do nothing at all.
    
    6 0 Reply
2. Thursday 12th April 2018 12:53 GMT Rich 11
  
  Re: Strategic leadership from ministers/cabinet office.
  
  Lets face it, it's not like they are known for their technological skills.
  
  Not difficult. They already know they just have to go and talk to the people who know all the right hashtags.
  
  6 0 Reply
3. Thursday 12th April 2018 13:11 GMT Anonymous Coward
  
  Re: Strategic leadership from ministers/cabinet office.
  
  Cyber Level 1 Code name: Brown, quick raise the internet drawbridge, deploy the infantry to Telehouse Europe. Get BT on the phone stat, it's time for them to pay us back for all those sweet deals and lack of regulation.
  
  5 0 Reply
  1. Friday 13th April 2018 09:03 GMT Anonymous Coward
    
    Re: Strategic leadership from ministers/cabinet office.
    
    Ah yes. It all fits really well with the new Government Security Classification Scheme, where information is basically public, 'Official' (remember that "Official - Sensitive" is the same classification as Official, but just needs some 'different' handling, but not too 'different', because it is absolutely NOT the same as the old RESTRICTED) , or Secret or Top Secret.
    
    And we obviously still do not care about the Russians or Chinese knowing all about the lower level information (you know, like health records, school records, social media data),because no one could ever use that to, say, influence a referendum or election.
    
    There is an argument that the greatest harm done to the security of the UK post WW2 was this idea that security does not matter for most data. Thank you Mr. Maude.
    
    0 0 Reply
Thursday 12th April 2018 11:21 GMT TRT

Call it Cycon.

Pronounced the same as Psycon. Then you can announce the level nationwide by getting Brian Blessed to shout it from the top deck of The Shard.

3 0 Reply
Thursday 12th April 2018 11:41 GMT SVV

I see a flaw in the plan

"Any cyber attack which may have a national impact should be reported to the NCSC immediately"

Yeh, but how do do that if the internet's not working?

15 0 Reply
1. Thursday 12th April 2018 11:57 GMT Anonymous Coward
  
  Re: I see a flaw in the plan
  
  Beacons, worked for the Spanish Armada.
  
  9 0 Reply
2. Thursday 12th April 2018 12:25 GMT handleoclast
  
  Re: I see a flaw in the plan
  
  Yeh, but how do do that if the internet's not working?
  
  Telephone. The old-fashioned POTS.
  
  Oh, wait, BT plans to switch it all to VoIP.
  
  Looks like we have to use RFC 1149.
  
  12 0 Reply
  1. Thursday 12th April 2018 12:48 GMT TRT
    
    Re: I see a flaw in the plan
    
    Armada? What armada? I see no IPs...
    
    5 0 Reply
Thursday 12th April 2018 12:08 GMT Ali Dodd

shortform/acronyms

Shame they chose some names that the basic acronym is the same on two levels - stupid. So I propose the following in increasing severity order:

Cat 6. LOCI - one point incident basically

Cat 5. MODI - Moderate

Cat 4. SUBI - dangerous if underwater?

Cat 3. SIGI - Definitely need one if it gets worse..

Cat 2. HISIGI - Only type that'll calm you down if it gets this bad

Cat 1. NCE - takes the biscuit

3 0 Reply
1. Thursday 12th April 2018 12:49 GMT TRT
  
  Re: shortform/acronyms
  
  BIKINI state, surely.
  
  Although there is scope for confusion and a need for mind bleach if someone asks "The BIKINI... Is it Amber? Red?" and someone else slightly mishears it.
  
  4 0 Reply
  1. Thursday 12th April 2018 12:54 GMT Rich 11
    
    Re: shortform/acronyms
    
    CASE NIGHTMARE GREEN
    
    8 0 Reply
  2. Thursday 12th April 2018 15:57 GMT Korev
    
    Re: shortform/acronyms
    
    What happens if the bikini code is yellow & polkadot? I guess it'd only be teeny weeny so would be easy to miss...
    
    4 0 Reply
Thursday 12th April 2018 12:17 GMT Heavy Soil

But how do we know?

The question in your headline made me follow the bait and click to find out... but there's no answer there. If there's a top-severity attack later today, how do I as an IT manager find out about it?

I read the page on the NCSC site and there isn't an alert email list to sign up to, nothing of the sort... I understand the need for categorisation of this stuff so defences and responses can be planned, but communication with members of the public who have a vested interest should be a big part of it.

2 0 Reply
Thursday 12th April 2018 12:17 GMT Bob Wheeler

Permanent status

From looking at the table I can see that we will be permanently at level 4 or at least level 5

6 0 Reply
Thursday 12th April 2018 12:27 GMT Hans Neeson-Bumpsadese

I never got past the first row in the table. I read as far as the bit that says "co-ordinated cross-government response" and then started laughing so hard that I now can't read through the tears.

13 0 Reply
Thursday 12th April 2018 12:44 GMT Craigie

level 1 response

'strategic leadership from ministers'. - nothing actually useful then.

8 0 Reply
Thursday 12th April 2018 16:05 GMT marjorysnicket

Cyber attacks, incidents, or just poor healthcare?

They haven't specified whether they are attempting to categorise a 'successful' cyber attack, or just an 'attempted' cyber attack.

If an attempted one - then do they really have the resources to respond to every attack on small to medium sized organisations?! Do they realise how many there are every minute of every day?

If a successful one only - then really they are just responding to the impact of the attack and doing nothing to prevent one. In which case, surely they are already have procedures for dealing with the impact on people and infrastructure? Isn't that called a DR / BC plan?

Plus - what if a regular old 'outage' had a similar impact to a level 1, 2, or 3 cyber attack? We know that public sector infrastructure is aged and failing. Would that not require a similar coordinated response?

And when is a cyber attack and 'attack'? The major outage for NHS last year was as a result of a virus being let loose and their infrastructure not having the antibodies because of poor IT healthcare! I don't see that as an 'attack' as much as I see it as poor health management!

I'm going to stop before I really get into a rant. :)

2 0 Reply
Friday 13th April 2018 06:14 GMT gymychoo

Defcon

No because in UK defence Defcon more prosaically means defence contract - I'm ex MOD.

2 0 Reply
Friday 13th April 2018 07:32 GMT Slabfondler

What of the...

All your Interwebs are belong to us level incident?

2 0 Reply
Friday 13th April 2018 16:54 GMT Anonymous Coward

Surely the government would just unplug the modem?

0 0 Reply