UK cyber threat sharing ahead of target, says Cert-UK

Membership of the government’s Cyber Security Information Sharing Partnership (CISP) is well ahead of target, says Cert-UK

Membership of the government’s Cyber Security Information Sharing Partnership (CISP) is well ahead of target, says the national computer emergency response team (Cert-UK).

“We had set a target of 500 member organisations by the end of 2014, but we are already way beyond where we expected to be with more than 680,” said Chris Gibson, director of Cert-UK.

“Although initially focused on organisations that support critical national infrastructure, membership is free and open to any UK company with a network to defend,” he said.

The CISP – set up in March 2013 and hosted by Cert-UK since it was launched officially in April 2014 – uses a dedicated, online collaboration environment to enable government and industry members to share cyber threat and vulnerability information.

Members are able to share, publically or anonymously, information on cyber incidents they are seeing to help them help themselves to protect against cyber threats.

“The CISP is now very much the situational awareness platform within Cert-UK, with more than 1,850 individuals on the system,” Gibson told Computer Weekly.

Regular polls of CISP members indicate they are getting a real business benefit, with more than 70% indicating they “often” or “always” use the information they are receiving.

Initially, the remit of CISP was to focus on technical network-level defender issues for large organisations, but that is now being broadened to include small and medium enterprises (SMEs).

“This means that, in addition to technical information, we are now also pushing out more general information aimed at raising the level of awareness around cyber security topics,” said Gibson.

For the September Nato Summit in Wales, Cert-UK set up a CISP-style node for all those involved in the event, from Nato’s incident response teams down to the hotel where the summit was being held.

The Nato CISP members were also used as part of Cert-UK’s social media monitoring operations that were looking for any indicators of hacktivist activity.

Cert-UK also ran exercises for the organisations involved to work through various scenarios to ensure all parties understood their responsibilities and how things would work in the event of a cyber incident.

“This was a successful operation that proved good planning prevents poor performance by getting the right understanding, people and processes in place,” said Gibson.

“Everyone was so well prepared, having done things like infrastructure and supply chain security reviews, that hacktivists failed in all their attempts to disrupt the summit,” he said.

Cert-UK again used the CISP node model to set up an information-sharing portal for the Scottish companies involved in the 2014 Commonwealth Games in Glasgow.

“Since the games, this has become a node for all Scottish companies and currently enables around 70 companies to exchange cyber threat information,” said Gibson.

Regional CISPs have proved to be popular, he said, enabling companies to develop deeper trust relationships with partners they already know.

“Many companies find it far less intimidating to talk about cyber security issues in a regional context where other members are not totally unknown,” said Gibson.

These nodes bring together regional businesses and academics with police and government to share and report cyber security information.

In August, Cert-UK also set up an East Midlands node with the support of the police regional organised crime unit (ROCU).  

The initiative is in line with the development of ROCUs across England and Wales and supports Cert-UK’s goals of making the UK more resilient to cyber threats and a safe place in which to do business.

“With the East Midlands node coming to the end of its successful pilot, the plan is to expand to the other ROCUs around the UK,” said Gibson.

The next regional node will be in the south-east and is scheduled to be launched in November.

Although Cert-UK is ahead of the CISP target for 2014, Gibson said there is still a long way to go with 4.9 million SMEs in the UK.

“The CISP is a good way of enabling us to help people defend their networks better,” said Gibson.

“It not only enables us to talk to business and business to talk to us, but it also enables businesses to talk to other businesses, which has often turned out to be the most valuable content,” he said.

When new vulnerabilities arise, such as Heartbleed and Shellshock, Gibson said Cert-UK typically kicks of the conversation, but then members come in to broaden understanding and help each other get better by sharing their experiences.

“Not being off Windows XP before support ended is another good example, where members could ask for advice anonymously and then get practical advice from others on how to mitigate the risk,” he said.  

With Shellshock, the CISP enabled Cert-UK to give concise guidance on the nature of the problem and how to mitigate against the risk.

The members of the CISP provided additional information about the attacks they had seen that were aimed at exploiting the vulnerability.

Cert-UK was then able to pull out the most valuable information and consolidate it into a single page of guidance on how best to manage the risk.

“This enables organisations to source the information they need on how to respond without having to do the research for themselves by sifting through thousands of articles on the internet,” said Gibson.


Read more on Hackers and cybercrime prevention