The UK’s new national computer emergency response team (CERT-UK) is set to drive international cyber security collaboration once it becomes operational later in 2014.
“International liaison will be an important part of our work,” CERT-UK director Chris Gibson told the sixth International Forum on Cyber Security in Lille, France.
CERT-UK will be the UK’s international point of contact on cyber security issues as one of four main areas of responsibility.
It will also have responsibility for national cyber incident management, handling cyber incidents related to critical national infrastructure, and developing and sharing cyber threat situational awareness.
A team has been allocated for each of these areas, but Gibson emphasised that none can stand alone and must all form part of the CERT-UK team.
As well as collaborating with other national CERTS, CERT-UK will work with local CERTS that have been set up by industry sectors such as financial services.
“We will work to enhance all CERTS within the UK and plan to maintain close links with the new National Crime Agency (NCA) and its National Cyber Crime Unit (NCCU).
Another key relationship for CERT-UK will be the cross-industry threat information-sharing portal set up by the UK government ‘s cyber security information sharing partnership (CISP).
CISP delivers a key component of the UK national cyber security strategy in facilitating information-sharing on cyber threats.
The initiative – aimed at making UK businesses more secure in cyberspace – was launched in March 2013 after a pilot scheme involving over 160 companies across five key UK sectors.
“CERT-UK will use the information-sharing portal to help develop its situational awareness capabilities,” said Gibson.
In December 2012, the government announced plans for a CERT-UK based on lessons learned from the 2012 London Olympics that were fed into the UK Cyber Security National Incident Management policy.
That policy sets out the importance of strengthening the UK’s response to cyber incidents.
Confirming Gibson’s appointment in November 2013, Francis Maude, the Minister for Cabinet Office, said: “By establishing CERT-UK we will build on and complement our existing CERT structures for critical national infrastructure, which will help improve national co-ordination of cyber incidents.”
Alluding to the second cyber threat exercise in two years by UK major banks, to test their ability to survive a sustained online attack in October 2013, Gibson said CERT-UK will seek to drive similar exercises in other industry sectors.
“We believe cyber readiness exercises such as Operation Waking Shark 2 are extremely useful in improving the cyber health,” he said.
Many regard the establishment of a CERT-UK as being long overdue, but Gibson said he is confident of success as the preparatory works comes to an end.
“We are committed to doing this properly. I am not in this to fail,” he said.
22 Jan 2014