Initially announced as part of the UK government's cyber-security strategy back in 2012, CERT-UK was subsequently hit by various delays before it finally launched earlier this year, on 31 March.
The group had been running secretly for two months before then and is headed up by Chris Gibson, the former director of e-Crime at Citigroup and global chair of the International Forum of Incident Response and Security Teams (First).
The idea behind the group was simple; it would be tasked with liaising with public and private sector – as well as national CERTs - on cyber-security issues, and would place a special emphasis on protecting those working in the critical national infrastructure.
The UK government's Cyber Security Information Sharing Partnership (CiSP) is integrated as part of the group – in a bid to facilitate the sharing of threat information - while CERT-UK also works closely with the National Cyber Crime Unit (NCCU) and Janet Computer Security Incident Response Team (Janet CSIRT).
Speaking at the launch, Gibson detailed how his main job was to improve business awareness around cyber-security. "Cyber-situational awareness is at the heart of what we'll do,” he said, adding that this is “greater than our remit for incident handling.”
Six months, and various security advisories and reports later, and Gibson took to the Cyber Security Summit in Westminster last month to speak candidly about the issues facing the group, including awareness and facilitating greater collaboration between the public and private sector.
Gibson said that CERT-UK was ‘very much still in phase one' – a process of combining government capabilities and ‘banging it into one place', before aiming to further develop its capacity and capabilities over the next 18 months.
He stressed that a UK-based CERT had been crucial, especially with various other countries already having their own computer emergency response teams, but admitted that the awareness piece will be difficult considering there are reported to be some 4.9 million small-and-medium-sized enterprises (SMEs) in the UK.
“I am not sure we'll get there in my time-frame,” said Gibson at the conference.