Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, for what reasons the mitigation of distributed denial of service attacks is not included in the Government's cyber essentials scheme.

The Cyber Essentials scheme is intended to provide a minimum level of good, basic cyber security for any organisation, of any size, in any sector. It sets out the measures which any organisation can implement itself to protect against the most common Internet threats. Distributed denial of service (DDoS) attacks are difficult to protect against in the same way. Including DDoS mitigation within Cyber Essentials would significantly raise the bar assessed by the scheme, adding significant cost to organisations, even if they were unlikely to ever be the subject of such an attack.

Organisations requiring protection from DDoS can consult guidance provided by the National Cyber Security Centre. They can also seek help from third parties offering these services (e.g. Internet Service Providers.)