The UK has set up a cyber security “fusion cell” for cross-sector threat information sharing. The intention is to put government, industry and information security analysts side-by-side for the first time.
In another first, public and private sector analysts will be joined by members of intelligence agencies, law enforcement and government IT as they exchange information and techniques and monitor cyber attacks in real time.
The fusion cell – a cyber attack monitoring operations room at an undisclosed location in London – is one of three elements in a new government cyber security initiative.
The Cyber Security Information Sharing Partnership (CISP) will also comprise a secure web portal and programmes aimed at building cross-sector trust to underpin information sharing.
The web portal is based on a social networking structure, giving members of the CISP the freedom to choose who they wish to share information with in real time.
The CISP is to be launched officially in London on 27 March by Francis Maude, the Cabinet Office minister responsible for the UK national cyber security strategy published in 2011.
Read more about cyber security
The initiative is a key component of the strategy and builds on a pilot run in 2012 with representatives of the UK defence, telecoms, finance, pharmaceutical and energy sectors, including suppliers of critical national infrastructure.
The types of information shared included information about attack signatures, attack and reconnaissance methods and successful mitigation strategies.
The pilot stemmed from a meeting in 2011 between the prime minister and senior industry leaders to discuss how they could work together to address cyber security threats.
“At that meeting it emerged that no single entity or organisation has full visibility of what is happening in cyber space and associated threats,” said a senior government official.
Industry, IT security suppliers, government and intelligence agencies all have different perspectives, he said, but none has a full picture, and government believes there is real value in sharing information between all those parties to better co-ordinate responses to cyber threats.
The CISP guarantees that the names of the organisations involved and the information shared between them will remain confidential.
This view has been expressed most recently in US President Barack Obama’s executive order and the EU’s draft directive on network information security, he said.
Speaking about the pilot, Maude said that, by sharing information and resources, stakeholders can build a better picture of cyber threats and fight a common challenge collectively.
He said the UK seeks to follow the model used in Estonia, where government and business work closely together, with the CISP involving 160 big companies, up from 80 in the pilot.
This contrasts with models used in the US and elsewhere that tend to be tied to specific industry sectors or government departments.
“The UK’s CISP will cross sectors and tie in to the whole of government from the start, which the pilot showed was particularly powerful,” the senior government official said.
The pilot also demonstrated that, while most companies are cautious about talking about the cyber threats they face, once trust is established, it continues to grow and the volume of information shared increases, he said.
The pilot showed that while sharing information between government and industry, and across industry worked well, industry found that peer-to-peer sharing was the most valuable.
The lessons learned from the pilot led to government building infrastructure to support an expanded, more permanent information-sharing hub.
Once the 160 firms taking part in the CISP are moved over to the new framework, government plans to further expand the partnership.
But to ensure the basis of trust is maintained, this expansion will be incremental and risk-based to target the sectors that will benefit the most, the senior government official said.
The CISP is to be run purely on a voluntary basis with no regulation involved, he said, with sector specialist moving through on six- to nine-month secondments.
The launch of the CISP comes just two weeks after the government announced the Cyber Crime Reduction Partnership (CCRP), which also forms part of the UK cyber security strategy.
The CCRP is aimed at tackling the growing threat of organised and global cyber criminals, through the co-ordinated efforts of police, industry experts and academics.
The CCRP is to be led by security minister James Brokenshire and science minister David Willetts.
Announcing the CCRP, Brokenshire said it would provide a forum for government, law enforcement, industry and academia to meet regularly to tackle cyber crime more effectively.