What are the different levels of cyber attack?

We’re all well aware of the dangers posed by cyber attacks*, which can cause everything from mild irritation to a full-on international incident, but did you know that hacks are graded on their severity?

The National Cyber Security Centre (NCSC) – the part UK spy agency GCHQ we’re actually allowed to have sight of – has drawn up new framework for ranking cyber attacks in an effort prepare ministers, agencies and law enforcement for a major attack.

The six levels of cyber attacks

NCSC has put in place a new framework to act as a high-level manual for both emergency procedures and less severe events, which details the roles and responsibilities of ministers and cabinet, the National Crime Agency, regional and local police, and the NCSC itself.

What is a Category 1 cyber attack?

A Category 1 attack is defined as: “A cyber attack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.”

Although ministers may be called to act upon a Category 2  incident, Category 1 is the only classification ministers and cabinet must be strategically involved in.

The only examples of this type of attack to date are the alleged assaults by foreign nations on the US and French national elections.

What is a Category 2 cyber attack?

A Category 2 attack is defined as: “A cyber attack which has a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy.”

An well-known example of a Category 2 attack was the WannaCry attack that impacted dozens of NHS hospitals back in May — this attack was not classified as Category 1, purely because there was no risk to life. WannaCry was the biggest cyber attack the UK faced in 2017 (outlined in this report,) but NCSC responded to 34 incidents in the same category as WannaCry last year.

What is a Category 3 cyber attack?

Category 3, 4, and 5 cyber attacks are ranked according to the size of private or public sector organisation impacted, from large and medium to small. Category 3 is defined as: “A cyber attack which has a serious impact on a large organisation or on wider / local government, or which poses a considerable risk to central government or UK essential services.”

These attacks primarily target single companies, for example through large-scale ransomware or data breaches. To date, the NCSC knows of 762.

What is a Category 4 cyber attack?

A category 4 cyber attack is defined as: “A cyber attack which has a serious impact on a medium-sized organisation, or which poses a considerable risk to a large organisation or wider / local government.”

What is a Category 5 cyber attack?

A category 4 cyber attack is defined as: “A cyber attack on a small organisation, or which poses a considerable risk to a medium-sized organisation, or preliminary indications of cyber activity against a large organisation or the government.”

What is a Category 6 cyber attack?

A category 4 cyber attack is defined as: “A cyber attack on an individual, or preliminary indications of cyber activity against a small or medium-sized organisation.”

For more information, visit: https://www.ncsc.gov.uk/news/new-cyber-attack-categorisation-system-improve-uk-response-incidents

*If you’re not, the ConferenceCall.co.uk blog has a whole load of posts dedicated to cyber attacks.

Be First to Comment

Leave a Reply

Your e-mail address will not be published. Required fields are marked *