Meet the man who'll TAKE OVER if UK faces CYBER ATTACK

Chris Gibson to head up UK’s national Computer Emergency Response Team

Digital Neighbourhood Watch

Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that national CERTs act as a peer to their international partners as well as co-ordinating response to cyber-security incidents nationally.

"There are a number of CERTS in the UK already but they may just be focusing on a particular industry or part of the government," Honan told El Reg. "A national CERT is the de facto CERT that CERTs in other countries would contact to help deal with a security issue."

"A CERT, Computer Emergency Response Team, is a service set up by organisations, industry bodies or governments to help their constituents deal with computer security issues. Typically many CERTs would act as coordination points to assist other CERTs deal with incidents. Other CERTs may offer devices such as alerting subscribers to vulnerabilities or targeted attacks, while others may also offer incident response services."

CERT-UK will provide a "core incident management response, lead international CERT engagement and provide cyber situational awareness and information sharing for the benefit of the UK as a whole," according to a Cabinet Office statement.

The recently advertised role of deputy director of operations at CERT-UK will include running the joint Government-Industry initiative CISP – the cyber security information sharing partnership - as well as leading a team of up to 25 network and security specialist at CERT-UK.

The practical difficulties involved in the seemingly straightforward task of sharing cyber information was highlighted during a round table discussion of programme committee members at the RSA Conference Europe late last month.

Coming together to blast internet nasties off the web

Researchers at antivirus firms have long shared malware samples with their peers at other vendors. But there's nowhere near this level of co-operation in sharing the details of software vulnerabilities and exploits, which have become a marketable commodity over recent years.

Threat sharing among commercial firms, meanwhile, has historically been limited to small communities where everybody knows each other, such as banking or academia, rather than through cross-industry partnerships. Damage to brand reputation if news about breaches or other security problems leak out has historically tended to inhibit even anonymous sharing of security threats outside closed groups.

The Cyber Security Information Sharing Partnership (CISP), launched back in March, aims to breaks down barriers to cross-industry information sharing.

Greg Day, RSA Conference programme committee member and chief technology officer at security vendor FireEye, said cyber sharing tends to happen within private clubs. Finding a tool or mechanism to share threat information that suits everyone will be difficult, according to Day.

John Colley, committee member and managing director of security training an certification outfit (ISC)2 in Europe, agreed that information sharing is based on trust. Colley relayed an anecdote that neatly illustrated how threat information sharing can be beneficial.

Barclays Bank shared information with a peer in the banking industry after its customers were targeted by a then-novel phishing attack in 2003, he said. This meant staff at NatWest were much better prepared to react when clients of the rival high street bank were targeted by a similar phishing scam two weeks later.

Earlier this week, EU cyber security agency ENISA called for better data-sharing and interoperability among European CERTs.

While such information sharing in and between small group such as universities and the banking sector is uncontroversial, wider sharing of information is a political hot potato, as demonstrated by controversy over the US Cyber Intelligence Sharing and Protection Act (CISPA).

CISPA allows private companies to share customer information with the NSA and others in the name of cybersecurity. The legislation has failed to get through Congress twice already since its first introduction in 2011 but was resubmitted earlier this month. The proposed law would also allow firms to share their customers' web traffic information - among other things - with the Feds. Privacy activists opposed the law long before the Snowden revelations made it even more controversial. ®

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021