With so much happening in cyber security around the world lately, we’re highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we’re in the UK to look at a key component of the government's Cyber Security Strategy…
Over a year ago, the UK government announced plans for a new national Computer Emergency Response Team (CERT), which is getting ready to become operational soon. CERT-UK's responsibilities will include national co-ordination of security incidents, as well as acting as the UK government’s international point of contact on cyber issues. Not to be confused with the existing UKCERT, an independent entity that provides best practice information to anyone interested in information security, the new CERT-UK will focus on collaborating with incident response teams across UK government agencies, critical national infrastructure, defence forces, and with other government-run CERTs around the world.
There are already 21 CERTs based in the UK, so what additional value can the new CERT-UK provide? Generally, government-run CERTs find it easier to interface with national agencies and other government-run CERTs than independent CERTs due to concerns about security clearances when discussing sensitive vulnerability and exploit details. For example, only government-run CERTs can participate in the European Government CERTs group, which cooperates on matters of incident response and facilitates information sharing related to cyber threats. Also, government-run CERTs usually have some influence over regulatory requirements for critical infrastructure systems to meet a minimum level of security.
A recent report found that the almost 200 CERTs across Europe are often are duplicating each other’s efforts due to legal and technical barriers, as well as a lack of trust, and information sharing needs to be improved to ensure effective incident response, particularly for cross-border cyber-attacks. Within the UK, the government set up the Cyber Security Information Partnership (CISP) in 2011 to address this very need. CISP provides public and private sector organizations, including small and medium enterprises, a secure platform to exchange information on current threats and vulnerabilities. CERT-UK’s ability to leverage this platform, and others like it around the world, to develop its cyber situational awareness will be critical to its success. Whether they can overcome a lack of trust and cooperation that is currently holding back CERTs from cross-border collaboration remains to be seen.
Thanks to Tod Beardsley for providing background information for this blog post.