The Reconnection Framework Version 3 has now been published. To download this artefact without registering, please click here. 

An Enhanced Reconnection Framework for Safe Resumption After Cyber Attacks

The Cross Market Operational Resilience Group (CMORG) has released an enhanced and publicly available version of its Reconnection Framework. This is a voluntary, industry-developed guide designed to support UK financial sector participants in safely restoring connectivity following a significant cyber incident.

In today’s interconnected financial ecosystem, the ability to disconnect and reconnect securely as a result of a cyber-attack is critical. The framework provides a structured, phased approach to help compromised organisations and their clients navigate the complex process of technical integration and re-establishing trust after a malicious cyber event.

The framework outlines a four-phase process to reconnection: assess, remediate, assure and reconnect:

• Assess: Understand the nature and scope of the incident, engage with impacted clients and initiate communication.
• Remediate: Restore systems to a known, trusted state and implement enhanced controls.
• Assure: Provide formal attestation, supported by evidence and third party validation, that the organisation is ready to reconnect.
• Reconnect: Re-establish connectivity in a controlled, phased manner, including testing and heightened monitoring.

Each phase includes clear outcomes, technical considerations and communication expectations to support decision-making by both compromised and client organisations.

The Reconnection Framework complements CMORG’s broader suite of sector capabilities aimed at enhancing operational resilience. It is designed to be used alongside existing incident response plans and sector coordination mechanisms, including engagement with the Financial Services Cyber Collaboration Centre (FSCCC).