At a glance
- The NCSC is the UK’s technical authority for cyber threats. It is part of the Government Communications Headquarters (GCHQ) and has several roles in NIS.
- It acts as the ‘computer security incident response team’ or CSIRT. This means it monitors incidents, provides early warnings, disseminates information, conducts cyber threat assessments and provides general technical support to competent authorities.
- It is also the ‘single point of contact’ (SPOC). In this role it receives information on NIS incidents from all competent authorities and co-ordinates with its counterparts in other Member States.
- The NCSC has published a ‘NIS guidance collection’, primarily for OES.
- What is the National Cyber Security Centre (NCSC)?
- What role does the NCSC have?
- How does this relate to the ICO’s functions in respect of the GDPR?
- What guidance has the NCSC released about NIS?
The NCSC is the UK’s ‘technical authority’ for cyber incidents. It is part of GCHQ, one of the UK’s security services, and was formed in 2016 to provide a unified national response to cyber threats. It was created out of a number of pre-existing organisations which included:
- GCHQ’s ‘Communications-Electronics Security Group’ (CESG), which was the national technical authority for information assurance and advises organisations on how to protect their network and information systems from threats;
- CERT UK, the former a computer security incident response team;
- the Centre for Cyber Assessment (CCA), also part of GCHQ, responsible for providing cyber threat assessments to UK government departments; and
- the cyber functions of the Centre for the Protection of the National Infrastructure (CPNI).
The UK’s National Cyber Security Strategy 2016-2021 outlines the Government’s intent behind setting up the NCSC. The strategy will also be used as the ‘NIS national strategy’ as required under Regulation 3.
Visit the the NCSC’s website for more information.
NIS does not mention the NCSC by name – a number of functions are assigned to GCHQ itself. These are carried out by the NCSC. It acts as the ‘single point of contact’ (SPOC) and ‘computer security incident response team’ (CSIRT).
Single point of contact (SPOC)
The SPOC’s role largely concerns cross-border co-operation where incidents affect more than one Member State. It also produces reports on incident notifications.
Regulation 4 of NIS designates the NCSC as the SPOC. It is required to:
- liaise with SPOCs, CSIRTs and competent authorities in other countries to ensure cross-border co-operation;
- consult and co-operate with relevant law enforcement authorities; and
- co-operate with the competent authorities when they undertake enforcement actions.
The SPOC must also submit reports to a ‘Cooperation Group’ at European level. These are based on annual reports that competent authorities provide to the SPOC about the number and nature of any NIS incidents.