The order of interaction of cyber security entities during response to cyber incidents/cyber attacks was unanimously approved at a meeting of the NCCC
The order of interaction of cyber security entities during response to cyber incidents/cyber attacks (hereinafter - the Order of Interaction) was unanimously approved at the meeting of the National Cyber Security Coordination Center on September 22, 2022.
The document was developed by the working group created under it, which included representatives of all the main subjects of the national cyber security system, as well as the Ministry of Digital, the Ministry of Foreign Affairs and the National Institute for Strategic Studies.
The order of interaction, among other things, provides for the creation of a permanent Joint Response Group for cyber incidents and cyber attacks, and regulates the issue of information exchange, coordination and joint actions of cyber security entities during response to cyber incidents/cyber attacks.
The document defines the principles on which the application of this Procedure will be based. One of the main ones is a common goal, because the private sector and state bodies must jointly ensure the security of their own information and communication systems and the cyber security of the state as a whole. In addition, interaction will be based on the principles of:
respect for enterprises, institutions and organizations that have experienced a cyber incident/cyber attack;
unity of effort;
prioritization of activity recovery measures.
Depending on the degree of negative consequences that may occur as a result of the implementation of a cyber incident/cyber attack, six levels of criticality are introduced, which were developed taking into account the best global practices: non-critical (white), low (green), medium (yellow), high (orange), critical (red) and emergency (black). According to the level of criticality, the document defines the algorithms of interaction during the response to threats.
You can familiarize yourself with the Procedure for the interaction of cyber security entities during response to cyber incidents/cyber attacks here.