NCSC’s response to the Parliamentary Counsel Office and Parliamentary Service cyber incident

In August 2021, the Government Communications Security Bureau’s (GCSB) National Cyber Security Centre (NCSC) became aware of malicious cyber activity affecting the Parliamentary Counsel Office (PCO) and the Parliamentary Service.

The GCSB’s Director-General, Andrew Clark, says the investigation and response confirmed that parts of the PCO network and the Parliamentary Service network had been compromised by a malicious cyber actor.

“The NCSC provided extensive support to the victim organisations to reduce the impact of the compromise and delivered advice to other organisations potentially at risk by association,” he says.

“Analysis of the tactics and techniques used by the actor enabled us to confidently link the actor to a People’s Republic of China (PRC) state-sponsored group known as APT40.”

“This link has been reinforced by analysis from international partners of similar events in their own jurisdictions.”

Mr Clark says the NCSC worked with both affected organisations to develop a comprehensive remediation plan and understands that further improvements to their networks have since been made.

He says there are a range of measures organisations can take to increase their resilience to cyber incidents. The NCSC has developed a cyber security framework that can help to guide organisations risk assessment and cyber resilience plans.

The framework is built around five key focus areas: Guide and Govern, Identify and Understand, Prevent and Protect, Detect and Contain, and Respond and Recover.  It provides questions in each of these areas for organisations to consider when setting their cyber security priorities. Details of the framework are available on the NCSC website.

ENDS