The UK government has announced a partnership with industry to share information and intelligence on cyber security threats.
Cyber attacks were rated as one of the top four threats to UK national security – alongside international terrorism – in the National Security Strategy of 2010 and a re-assessment in 2012.
A recent National Audit Office report has put the cost of cyber crime to the UK as ranging from £18bn to £27bn a year.
The Cyber Security Information Sharing Partnership (CISP) delivers a key component of the UK national cyber security strategy in facilitating information-sharing on cyber threats.
The initiative – aimed at making UK businesses more secure in cyberspace – follows a successful pilot scheme involving over 160 companies across five key UK sectors.
The pilot stemmed from a meeting in February 2011 between the prime minister and senior industry leaders to discuss how they could work together to address cyber security threats.
Read more about cyber security
Building on the pilot, industry and government have co-designed the CISP, which provides terms and conditions to facilitate effective information sharing and the necessary administrative support.
The CISP includes the introduction of a secure virtual "collaboration environment" where government and industry partners can exchange information on threats and vulnerabilities in real time.
Fusion cell initiative
The initiative also sees the introduction of a cyber security “fusion cell” that puts government, industry and information security analysts side-by-side for the first time to provide analysis and support to the initiative.
The fusion cell will be supported on the government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors.
Members of the fusion cell, to be rotated on six- to nine-month secondments, will work together to produce an enhanced picture of cyber threats facing the UK for the benefit of all partners.
The CISP was launched at Chatham House in London by Francis Maude, the Cabinet Office minister responsible for the national cyber security strategy, alongside representatives from industry as well as Howard Schmidt, former White House Cyber Security Adviser.
“Government, industry, business, families and households ignore cyber threats at their peril, with 93% of large UK corporations and 75% of small businesses having experienced a data breach in the past year,” Maude told an audience of 200 stakeholders.
“In this high-stakes, high-paced global battleground, no-one can afford to sit back. We need to team up to fight a common cause; that is what the CISP is all about – government and business working together to get the best possible picture of the threats.”
Maude described the CISP as a big step forward in fighting cyber threats in the UK. “Now we need to keep that momentum building,” he said.
Howard Schmidt, former White House cyber security adviser, welcomed the announcement of the UK CISP.
“US experience has shown the importance of leadership in business in fighting cyber threats, and that is why the UK CISP is important and will succeed,” he said.
Schmidt said he looked forward to following the progress of the CISP, which he said would benefit everyone, including US business and government.
Following the launch, the CISP will remain focused on the critical national infrastructure (CNI) community and broadening membership to those sectors not involved in the pilot.
The CISP will also seek membership among small and medium-sized enterprises (SMEs) and small public sector organisations, with some pilots already in place.
The next phase of the initiative will seek to broaden the membership of the CISP beyond the CNI community.
UK organisations are invited to register their interest in joining the CISP. All organisations that join will be required to sign a common set of terms and conditions.