Cert-UK calls for better cyber threat data-sharing

Cert-UK has called for more UK firms to join the government’s Cyber Security Information Sharing Partnership

The national computer emergency response team has called for more UK firms to join the government’s cyber security information sharing partnership (CISP).

Despite being ahead of target for 2014, Cert-UK director Chris Gibson made repeated calls for greater participation from UK firms in the GovNet Cyber Security Summit 2014 in London.

“Membership is free and will help build the UK’s resilience to cyber attacks even further by combining the knowledge of even more organisations,” he said.

Gibson called on all UK organisations with a network to defend to join the CISP, which now has 700 member organisations, well ahead of Cert-UK’s target for 2014 of 500.

The CISP was set up by UK government and industry in March 2013 and has been hosted by Cert-UK since it was launched officially in April 2014.

Members can use the CISP’s secure web-based platform to share, publicly or anonymously, information on cyber incidents they are seeing and successful mitigation strategies.

Gibson said the power of the CISP was demonstrated with the valuable contribution made by many of the members in response to the discovery of the Shellshock vulnerability.

“The CISP proved to be a very effective way of crowdsourcing information to build a comprehensive picture of what was going on, and establishing guidelines for mitigating the threat,” he said.

READ MORE ABOUT CERT-UK AND CISP

Cert-UK expands horizons for CISP

Although the CISP was set up primarily with providers of critical national infrastructure in mind, Gibson said Cert-UK now seeks to build as wide a membership as possible.

Cert-UK is focusing on small and medium sized enterprises (SMEs) in efforts to help the companies that comprise the bulk of the UK economy to improve their ability to deal with cyber attacks.

“It is almost certain that, at some point, every company will get hacked; the differentiator will be how quickly they detect an intrusion and how well they respond,” said Gibson.

Although Cert-UK provides general guidelines on threats such as Shellshock on its website, he said members of the CISP get access to a wider range of more specific information.

In 2014, Cert-UK began establishing the first regional CISPs to enable companies to talk about cyber issues in a regional context.

In July, Cert-UK set up an information-sharing portal for the Scottish companies involved in the 2014 Commonwealth Games in Glasgow.

Since the games, this has become a node for all Scottish companies and currently enables around 70 companies to exchange cyber threat information.

In August, Cert-UK set up an East Midlands node with the support of the police regional organised crime unit (ROCU).  

The initiative is in line with the development of ROCUs across England and Wales and supports Cert-UK’s goal of making the UK more resilient to cyber threats and a safe place to do business.

With the East Midlands node coming to the end of its successful pilot, the plan is to expand to the other ROCUs around the UK, with the next regional node planned for the south-east.

Next Steps

Learm about the International Cybersecurity Principles

Read more on Hackers and cybercrime prevention