The UK's National Computer Emergency Response Team (CERT-UK) has shown some promising signs in its first year, with the connected Cyber Security Information Sharing Partnership (CiSP) initiative looking to improve cross-sector information sharing on security threats.
Announced as part of the government's £860 million Cyber Security Strategy back in 2012, CERT-UK launched on 31 March 2014 and was set some challenging objectives, including liaising with public and private sector – as well as national CERTs – on emerging threats, and offering guidance and protection to companies working on the UK's national critical infrastructure.
Integration initiative tested
A key component, and early success, of the group has been the integrated CiSP initiative which – after being tested on 160 UK companies across a range of sectors in a pre-launch trial – has been set up to offer a secure virtual ‘collaboration environment' where government and industry partners can share real-time information on threats and vulnerabilities.
CiSP is supplemented by ‘Fusion Cell', a cyber-attack monitoring operation room in London. The British Security Service, GCHQ and the National Crime Agency are all involved in the project as well as a host of private sector companies.
Increase ahead of target
CiSP's membership rose to more than 700 in the just the first six months, despite been given a first year target of 500, and CERT-UK head Chris Gibson said that it is for all organisations - with even a primary school having joined the project.
“The most interesting stuff is on CiSP – so if you're not on CiSP, why not, get on CISP,” he told delegates at the Cyber Security Summit this past November.
Gibson admitted that there are challenges ahead - not least with security awareness in a country with 4.9 million SMEs - but his team are forging ahead with new initiatives including local CiSP intelligence ‘nodes' that will established around the country. But for now, it is receiving the plaudits from the wider industry.
Vital contribution to intelligence sharing
“CERT-UK will provide a vital service in cyber-threat intelligence information sharing,” said Ben Densham, CTO of pen-testing outfit Nettitude. “It's a service in its infancy but as it grows and develops in its capabilities and partnerships it will provide a vital service to the UK. I think its value will grow as we become much more dependent on the information they will provide.”