GovWire

Report A Cyber Incident

Government Digital Service

June 9
08:23 2020

Service Standard assessment report

Report A Cyber Incident

From: Government Digital Service
Assessment date: 06/05/20
Stage: Alpha
Result: Met
Service provider: National Cyber Security Centre

Service description

The service allows UK organisations to report cyber incidents and crimes to law enforcement and the National Cyber Security Centre (NCSC). It simplifies the reporting landscape for users, removing the need to self-select between Law Enforcement and NCSC reporting channels. Guidance to organisations using the service will be offered and reports forwarded to relevant triage agencies based on incident information and policy. Organisations can submit a meaningful report using simple language while agencies will receive improved information. The service will integrate with a triage solution, which enables greater collaboration among law enforcement agencies and NCSC for report handling and onwards investigation.

Service users

The service will be available to anyone who wishes to report a cyber incident on behalf of an organisation and members of the public looking for advice and guidance on where to report when they have suffered a cyber incident.

Primary user groups:

  • small and medium sized organisation reporters: owners and managers of small businesses with a range of technical literacy and support needs
  • large organisation reporters: compliance managers, IT/Cyber security experts with high levels of technical literacy who are familiar with reporting benefits and obligations

Secondary user groups:

  • individuals reporting a cyber incident: members of the public who have suffered a cyber incident, needing advice and guidance on where and how to report this to authorities
  • triage agents from NCSC, NFIB and NCA: use the completed incident report forms to perform agency triage and dissemination to determine next steps

1. Understand users and their needs

Decision

The service met point 1 of the Standard.

What the team has done well

The panel was impressed that:

  • the team has done a significant amount of research with a very wide range of different users, in particular with reporters of cyber incidents. The team has also done some user research with internal users (agents etc)
  • the team have written user needs for priority and secondary users and been clear about how the service will work for them
  • the team have a good process and methodology in place for understanding the needs of reporters and testing the service with them
  • the team has done accessibility research on the service
  • the team has done lots of Discovery research to understand the pain points of a wide range of users

What the team needs to explore

Before their next assessment, the team needs to:

  • take the user research focus they have had for reporters and apply that to internal users impacted by the changes they are making
  • make a clearer distinction between business analysis and user research. Although the needs of internal users were considered in the Discovery much of the detail of this has been lost as the team has developed their Alpha. Agent needs havent been spelt out clearly so it is not clear how the service will be impacting them as users. This is also partly because the way the team is working means the distinction between business analysis and user research has become blurred. The team must acknowledge the agent needs which relate to the service they are building (the people who receive the data they are sending, those who step in when it does not work and those whose jobs they are trying to help). To do this they must write user needs for internal users and do research with them
  • the team must do ongoing user research with internal users. It is great that they are working with internal stakeholders, but internal teams are also users of the service (directly and indirectly) and so the team must prototype and test their assumptions with these users
  • the team should be clearer about the reporter user needs the service is meeting and how. This was very clear for primary users, but not clear at all for secondary users. For example individuals being redirected to action fraud is a user journey which should be tested and a user need which should be called out to see how well it is being met
  • the team should look more at users with low cyber literacy as well as expanding their accessibility research and thinking about other groups who the service might be excluding or making it hard for
  • demonstrate how the teams understanding of user needs is used to prioritise new work
  • consider broadening research methods to understand more about user needs and how well the service is working, like contextual research

2. Solve a whole problem for users

Decision

The service met point 2 of the Standard.

What the team has done well

The panel was impressed that:

  • the service sits across a number of different organisations in the Fortis group and one of the drivers for the project is enabling agency collaboration
  • the introduction of a single reference number has allowed shared visibility of a users incident report between agencies
  • the team are exploring prevention by understanding the value of sharing report data with other businesses
  • the services automated suggested severity triage has a success rate of 87%
  • the teams cross-agency discovery and alpha covered blockers to inter-agency collaboration, governance, service management, detailed process mapping, agreeing new processes for managing incidents and engagement to ensure all organisations were moving along on the journey together

What the team needs to explore

Before their next assessment, the team needs to:

  • understand and present agent user needs
  • demonstrate how they have been incorporating research and testing with agency users into their fortnightly sprint cycle
  • understand and present the needs of the novice user group who may be at risk of being excluded from the service because their digital capabilities are lower
  • make a plan to work with the agencies that issue updates to users about further action taken and understand whether or not it is sufficient to meet their needs
  • continue to work with Action Fraud to make sure that users (e.g organisation users) are routed correctly from the Action Fraud service to the NCSC service
  • think more about the users who are implicated in their minimum viable product, clearly articulate their needs and how the service is planning to meet them. And plan design and research activities to find the best way to meet these needs with the constraints the team has

3. Provide a joined-up experience across all channels

Decision

The service met point 3 of the Standard.

What the team has done well

The panel was impressed that:

  • the team have involved other cybercrime service providers and gathered analytical information about where users start their journeys
  • the team have conducted surveys with users about what names they give to things
  • if the service goes down it will still display guidance about reporting cyber incidents
  • the team understand the behaviour of users when communication channels have been compromised, defaulting back to personal email and using their mobile phones if the network has been affected

What the team needs to explore

Before their next assessment, the team needs to:

  • better understand low capability users and the channels they rely on
  • qualify the assumption that low literacy users will not want to report anything
  • provide the insight and evidence to back up the decision that they do not need a phone line into the service
  • understand the needs of users relying on the Action Fraud phone line (or provide evidence if this channel was investigated by the team in their discovery)

4. Make the service simple to use

Decision

The service met point 4 of the Standard.

What the team has done well

The panel was impressed that:

  • over the lifecycle of the project the team have tried different brands, experimenting with NCSC styles and eventually choosing the GOV.UK style

Related Articles

Comments

  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:
Comments:

Post my comment

Recent Comments

Follow Us on Twitter

Share This


Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: