The launch of the first national computer emergency response team is a key milestone in the development of the UK’s cyber security capabilities, says Chris Gibson, director of CERT-UK.
“We will build trust, foster collaboration and both encourage and lead on sharing of information to develop the level of situational awareness we need to stay ahead of our adversaries,” he said.
Gibson explained that CERT-UK’s main constituency will be the Critical National Infrastructure (CNI) companies.
However, he said the organisation will also work more broadly across industry through the government‘s Cyber Security Information Sharing Partnership (CISP), now an integral part of CERT-UK.
Gibson said the national CERT will work with other national CERTs when the UK is being affected by activity originating in other countries and will assist other national CERTs, including through working with the UK National Crime Agency (NCA) when activity is tracked back to the UK.
He said CERT-UK has three main objectives: to promote cyber situational awareness throughout the UK, to be an international point of contact, and to manage national cyber incidents.
More on CERT-UK
Gibson called on UK companies to join the CISP. He said it has already proved valuable to members and CERT-UK is going to push for more sectors to join so they can improve their cyber security.
“We will use the information we gather from CISP and other providers to produce timely, actionable and usable information to businesses to allow them to defend themselves,” he said.
As part of CERT-UK’s responsibility for national incident management, Gibson said he plans to run exercises with other sectors of CNI similar to the Waking Shark II security exercise, which tested the financial sector’s contingency plans for cyber attack in November 2013.
“Through this we aspire to improve the ability of the UK to respond to incidents,” he said.
Gibson noted that while CERT-UK is not responsible for any infrastructure beyond its own network, the organisation will work closely with other CERTS that are such as GovCERT for the government networks, MoDCERT for defence networks, and JANET for education institutions.
CERT-UK aims to improve UK incident response by co-locating the CISP and the situational awareness team.
“National incident management is improved as we see incidents from the beginning rather than only once they have become national,” said Gibson.
“CNI incident handling is improved as they see the whole picture. Incident coordination overall is improved as we bring the two groups together with all their knowledge, expertise and many, many years of experience,” he said.
More on national CERTs
Gibson said that although some of the teams within CERT-UK existed previously, they were in separate locations.
“They did extremely good work, but the synergies and benefits to be gained by co-locating under one roof and one management structure cannot be denied,” he said.
Gibson also underlined the importance of CERT-UK’s connections with industry, academia and other parts of government.
“We will do what we can to increase cyber resilience in the UK, but I am acutely aware that the government owns very little of the CNI,” he said.
For this reason, Gibson said CERT-UK’s engagement team will be leading in strengthening existing partnerships and building new ones as required.
“Some partnerships will be operational and some will be purely information sharing - we will ensure that these are bilateral and we share as much as we possibly can with each other,” he said.
Gibson revealed that CERT-UK has been operating for a number of months ahead of the official launch.
“What has taken time is taking the various processes, systems and procedures and melding them into a single, cohesive whole,” he said.
Moving forward, Gibson said CERT-UK plans to increase its interaction with business. “This is not a finished piece of work, it is a work in progress,” he said.