Digital Neighbourhood Watch
Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that national CERTs act as a peer to their international partners as well as co-ordinating response to cyber-security incidents nationally.
"There are a number of CERTS in the UK already but they may just be focusing on a particular industry or part of the government," Honan told El Reg. "A national CERT is the de facto CERT that CERTs in other countries would contact to help deal with a security issue."
"A CERT, Computer Emergency Response Team, is a service set up by organisations, industry bodies or governments to help their constituents deal with computer security issues. Typically many CERTs would act as coordination points to assist other CERTs deal with incidents. Other CERTs may offer devices such as alerting subscribers to vulnerabilities or targeted attacks, while others may also offer incident response services."
CERT-UK will provide a "core incident management response, lead international CERT engagement and provide cyber situational awareness and information sharing for the benefit of the UK as a whole," according to a Cabinet Office statement.
The recently advertised role of deputy director of operations at CERT-UK will include running the joint Government-Industry initiative CISP – the cyber security information sharing partnership - as well as leading a team of up to 25 network and security specialist at CERT-UK.
The practical difficulties involved in the seemingly straightforward task of sharing cyber information was highlighted during a round table discussion of programme committee members at the RSA Conference Europe late last month.
Coming together to blast internet nasties off the web
Researchers at antivirus firms have long shared malware samples with their peers at other vendors. But there's nowhere near this level of co-operation in sharing the details of software vulnerabilities and exploits, which have become a marketable commodity over recent years.
Threat sharing among commercial firms, meanwhile, has historically been limited to small communities where everybody knows each other, such as banking or academia, rather than through cross-industry partnerships. Damage to brand reputation if news about breaches or other security problems leak out has historically tended to inhibit even anonymous sharing of security threats outside closed groups.
The Cyber Security Information Sharing Partnership (CISP), launched back in March, aims to breaks down barriers to cross-industry information sharing.
Greg Day, RSA Conference programme committee member and chief technology officer at security vendor FireEye, said cyber sharing tends to happen within private clubs. Finding a tool or mechanism to share threat information that suits everyone will be difficult, according to Day.
John Colley, committee member and managing director of security training an certification outfit (ISC)2 in Europe, agreed that information sharing is based on trust. Colley relayed an anecdote that neatly illustrated how threat information sharing can be beneficial.
Barclays Bank shared information with a peer in the banking industry after its customers were targeted by a then-novel phishing attack in 2003, he said. This meant staff at NatWest were much better prepared to react when clients of the rival high street bank were targeted by a similar phishing scam two weeks later.
Earlier this week, EU cyber security agency ENISA called for better data-sharing and interoperability among European CERTs.
While such information sharing in and between small group such as universities and the banking sector is uncontroversial, wider sharing of information is a political hot potato, as demonstrated by controversy over the US Cyber Intelligence Sharing and Protection Act (CISPA).
CISPA allows private companies to share customer information with the NSA and others in the name of cybersecurity. The legislation has failed to get through Congress twice already since its first introduction in 2011 but was resubmitted earlier this month. The proposed law would also allow firms to share their customers' web traffic information - among other things - with the Feds. Privacy activists opposed the law long before the Snowden revelations made it even more controversial. ®