The UK's first national 'CERT' is finally underway

Cabinet Office minister, Francis Maude has formally launched CERT-UK, the UK’s national Computer Emergency Response Team, led by former banking sector e-crime investigator, Chris Gibson.

The organisation is expected to take the lead in coordinating the management of national cyber security incidents and act as the UK central contact point for international counterparts in this field.

CERT-UK's brief is to work closely with industry, government and academia to enhance UK cyber resilience. This includes exercising with government departments and industry partners, sharing information with UK industry and academic computer emergency response teams and collaborating with national CERTs around the globe to enhance the UK's understanding of the cyber threat.

Francis Maude said government cannot do everything by itself. "CERT-UK shows we want closer coordination between government, business and academia to share insight and advice, as well as better cooperation with our international partners." 

CERT-UK will build on existing arrangements for supporting the critical national infrastructure, and incorporate the Cyber Security Information Sharing Partnership (CISP) which was launched last year and which the government says has proved effective as a means of collaborating with industry.

Ernest Hilbert, who heads up cyber investigations at cyber security expert, Kroll EMEA, described the launch of CERT-UK as an "enormous step forwards" in helping UK corporations overcome the three to five year deficit in cyber threat awareness and understanding that they currently experience, compared with their US counterparts.

"You cannot defend against what you don’t understand and only 30 percent of UK business managers are reportedly aware of cyber threats versus 80 percent of corporate management in the US, according to a recent report released by BT," he says.

"With 93 percent of the UK’s large corporations suffering breaches in the last year, centralised information sharing and security guidance at a national level is essential in helping to defend against cyber threats.

"The key now is for the business sector to be able to effectively understand and use the information CERT-UK will be providing. All the information and tech wizardry in the world is worthless unless people know how to use it and companies choose to employ it.”

Commenting on a recent report that suggests oil and gas companies are being targeted by cyber attacks just as much as retail organisations, Lancope CTO, Tim Keanini, says if you are connected to the Internet in any way possible, you are a target and must remain vigilant.

"The adversaries have sophisticated communication channels where they share knowledge and tools, and it's time that defenders do the same," he says.  "Both formal and non-formal channels work well but, in the end, trusted communication needs to happen early and often. Cybersecurity is everyone’s problem and the better we communicate, the harder we make it for the adversary. 

"The Energy sector in general must remember that they too are part of a complex supply chain that involves legal firms and geological firms. Every one of these are going to be targeted by the advanced threat.  It is not enough to secure their own firm, but they must secure their entire ecosystem."

Les Hunt
Editor