The UK government has launched a scheme designed to promote greater information sharing on cross-sector cyber threats between businesses and government. The Cyber Security Information Sharing Partnership (CISP) will establish a cyber-attack monitoring operations room, known as a Fusion Cell, where cyber security experts from industry will operate alongside the experts from GCHQ, MI5 and the police for the first time in an attempt to combat the growing online threat to Britain’s firms. The Fusion Cell – is intended to provide industry with a forum to disseminate details of techniques used by online attackers as well as methods of countering them. It is understood that at any one time there will be around 12 to 15 analysts working at the cell, which will be based at an undisclosed location in London. Although the industry representatives will not have direct access to classified intelligence material, they will have to undergo security vetting. Companies have previously been reluctant to share information about cyber-attacks out of fear that it could damage their reputation and share price if investors realise they may have lost valuable intellectual property. However, Wieland Alge, VP and General Manager EMEA, Barracuda Networks, believes this rather narrow, short-sighted approach may be more damaging to businesses in the longer term, than being open and honest about cyber security breaches of their computer systems: “Businesses’ protests of nervousness of revealing publicly when they have been attacked due to the potential threat of revealing trade secrets and data confidentiality are quite unfounded. By focusing on their reputation and stock market value only, they forget that what’s at stake in an attack is their customers’ data.” Graeme Stewart, McAfee’s director of public sector strategy broadly welcomed the initiative, but stressed that it was vital to push the security threat intelligence down to smaller businesses as quickly as possible: “Information sharing is imperative to countering cyber threats. As cybercrime itself is global in nature, the need for a strong public-private partnership is critical. McAfee is broadly supportive of such initiatives; however, [we] would like to see the scheme provide outreach to include smaller and SME organisations. This sector makes up the supply chains of large corporate and government organisations, and therefore a substantial proportion of their risk comes from this supply chain failing to understand the threat posed by nefarious cyber activity.” In the opinion of Terry Greer-King, UK managing director of internet security firm Check Point, the initiative is crucial. Speaking to Cambridge News he stated: “This is a key step forward for both governments and businesses in fighting web attacks, and reducing their impact. It’s essential that organisations collaborate and share intelligence with each other to track emerging threats, mitigate their severity or block them before they cause damage. Fighting threats together is much more effective than fighting alone.”
“In 2012, our research found that 63 percent of organisations were infected with bots, and 54 percent were infected with malware that they didn’t know about. Any move which helps to reduce these figures is very welcome.”
If you would like help with security reviews, penetration testing or web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].