Cyber non-profit enlists ex-NCSC head as technical chair

Ciaran Martin, the founding chief executive of the UK’s National Cyber Security Centre (NCSC), is to join the recently launched Cyber Monitoring Centre (CMC) non-profit as chair of its technical committee

The CMC is a partnership between law firm Weightmans and insurer CFC, and is described as a “first-of-its-kind” project to independently declare and classify systemic cyber attacks in a similar way to natural disasters such as earthquakes or hurricanes.

It uses a newly developed methodology to rank cyber incidents on a scale of one through five, with one representing the least severe incidents and five the most impactful, nationally disruptive cyber attacks.

It was set up at the beginning of January 2024, with the objective of helping cyber insurers improve how they cover systemic cyber incidents which affect multiple businesses simultaneously – such as compromises of third-party suppliers, such as recent incidents affecting the likes of Okta or Progress Software and, looking back a few years, SolarWinds.

The CMC said its work will also bring greater clarity and transparency to complex incidents and let UK organisations better prepare themselves for and respond to them.

“I am excited to be involved in the Cyber Monitoring Centre. It addresses a key challenge in UK cyber risk response, namely trying to quantify the impact of systemic cyber events as they are occurring,” said Martin.

“This whole area of measuring the severity of incidents has proved a really tricky one, but if we can crack it, we can hugely improve the way we deal with cyber security.”

Since leaving the NCSC in 2020, Martin has been working as professor of practice in the management of public organisations at the University of Oxford’s Blavatnik School of Government, and has become a cyber adviser to governments as well as a frequent and vocal commentator on security issues.

He will be working alongside a number of other security experts, including Sadie Creese, professor of cyber security at the University of Oxford; Dan Jeffery, managing director at Daintta and previously CISO for NHS Blood and Transplant and lead for the NHS’s National Cyber Programme; Jamie MacColl, research fellow in cyber security at the Royal United Services Institute (RUSI) thinktank; and Julian Williams, head of the department of finance at Durham University, and formerly director of the Durham University Institute of Hazard Risk and Resilience.

“Entirely independent of any one company, organisation or sector and made of individuals with extensive and different experiences, our Technical Committee is a vital component to ensure a trusted event categorisation,” said CMC CEO William Mayes.

“I am delighted that we have attracted such high calibre individuals to this innovative and valuable initiative and am confident that our committee will become viewed as a reliable, expert assessor of systemic cyber events.”

The CMC currently plans to be in an “incubation and development” phase for the remainder of 2024, and will not be making any of its assessments and determinations publicly available – no matter what may occur – with the goal of learning and improving its methodology, prior to a full launch in 2025.