Minister for the Cabinet Office Francis Maude opened the CERT-UK at a private press event, promising it will aid both the public and private sectors' cyber defence efforts in a variety of ways.
"At the sharp end, the CERT will take the lead in co-ordinating the management of national cyber-security incidents. One area where it will play a particularly important role is in providing support to our Critical National Infrastructure companies," he said.
"CERT-UK will provide an authoritative voice to those agencies and organisations that are helping the UK to become more resilient and to prosper in the internet age. It will also share information with companies to promote situational awareness and effective mitigation of threats."
Maude added that the cyber-defence team has a proactive international role and will work closely with foreign CERT teams to help spot and share information about emerging threats.
"CERT-UK will be the single point of contact for our international partners for CERT-to-CERT engagement, an increasingly important area of dialogue. It will manage incidents that cross national borders and it will share information that promotes situational awareness and effective mitigation of threats," he said.
Maude said the UK's existing Cyber Security Information Sharing Partnership (CISP) will be integrated into CERT-UK. CISP is an opt-in initiative designed to facilitate and promote information-sharing between the public and private sector. It was originally launched in March 2013 with around 100 participating companies. Maude said since launching, the number of companies participating in the CISP programme has skyrocketed.
"We started with fewer than 100 individual members, but there are now over 1,000, and over 350 businesses and organisations have registered," he said.
Despite Maude's positive comments, the security industry has been less positive about the CISP initiative. Experts from the International Information Systems Security Certification Consortium (ISC2) and FireEye said at the RSA conference in October 2013 that, despite positive work, CISP is failing to support small to medium-sized businesses (SMBs).
The UK government also launched a new SMB-focused Cyber Assist programme alongside CERT-UK to help address the problem. The Cyber Assist programme will be managed by Nominet and will offer guidance regarding cyber strategy and attack-mitigation specific to SMBs.
Maude said the initiatives are an essential step in the government's ongoing cyber strategy, warning that more than 90 percent of businesses have fallen victim to hackers over the past year, despite the government's efforts.
"93 percent of large corporations had a breach over the past financial year. The average cost of each one is somewhere between £450,000 and £850,000, although we know of one London-based company which lost £800m worth of revenue because of an attack," he said.
The CERT-UK launch has been welcomed by the technology industry. Martin Sutherland, managing director of BAE Systems Applied Intelligence, said he expects CERT-UK to play a vital role in combating cyber threats.
"It's only by working together that we will rise to the challenge the cyber threat presents and the establishment of CERT-UK is a positive step forward, which emphasises the importance of effective incident-response and information-sharing to protect vital UK assets. CERT-UK will also be valuable in increasing international collaboration on cyber incidents," he said.
CERT-UK's opening comes during a tense period within the cyber security space. The tensions began in June 2013 when whistleblower Edward Snowden leaked documents to the press indicating that the National Security Agency (NSA) had mounted a sophisticated hack campaign called PRISM, acting against numerous foreign governments.
The revelation led to a dissolution of trust within the international community. The Chinese CERT team issued a recent report claiming that more than a third of cyber attacks targeting the country originated from the US.
No comments:
Post a Comment