Feeds

Meet the man who'll TAKE OVER if UK faces CYBER ATTACK

Chris Gibson to head up UK’s national Computer Emergency Response Team

High performance access to file storage

Digital Neighbourhood Watch

Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that national CERTs act as a peer to their international partners as well as co-ordinating response to cyber-security incidents nationally.

"There are a number of CERTS in the UK already but they may just be focusing on a particular industry or part of the government," Honan told El Reg. "A national CERT is the de facto CERT that CERTs in other countries would contact to help deal with a security issue."

"A CERT, Computer Emergency Response Team, is a service set up by organisations, industry bodies or governments to help their constituents deal with computer security issues. Typically many CERTs would act as coordination points to assist other CERTs deal with incidents. Other CERTs may offer devices such as alerting subscribers to vulnerabilities or targeted attacks, while others may also offer incident response services."

CERT-UK will provide a "core incident management response, lead international CERT engagement and provide cyber situational awareness and information sharing for the benefit of the UK as a whole," according to a Cabinet Office statement.

The recently advertised role of deputy director of operations at CERT-UK will include running the joint Government-Industry initiative CISP – the cyber security information sharing partnership - as well as leading a team of up to 25 network and security specialist at CERT-UK.

The practical difficulties involved in the seemingly straightforward task of sharing cyber information was highlighted during a round table discussion of programme committee members at the RSA Conference Europe late last month.

Coming together to blast internet nasties off the web

Researchers at antivirus firms have long shared malware samples with their peers at other vendors. But there's nowhere near this level of co-operation in sharing the details of software vulnerabilities and exploits, which have become a marketable commodity over recent years.

Threat sharing among commercial firms, meanwhile, has historically been limited to small communities where everybody knows each other, such as banking or academia, rather than through cross-industry partnerships. Damage to brand reputation if news about breaches or other security problems leak out has historically tended to inhibit even anonymous sharing of security threats outside closed groups.

The Cyber Security Information Sharing Partnership (CISP), launched back in March, aims to breaks down barriers to cross-industry information sharing.

Greg Day, RSA Conference programme committee member and chief technology officer at security vendor FireEye, said cyber sharing tends to happen within private clubs. Finding a tool or mechanism to share threat information that suits everyone will be difficult, according to Day.

John Colley, committee member and managing director of security training an certification outfit (ISC)2 in Europe, agreed that information sharing is based on trust. Colley relayed an anecdote that neatly illustrated how threat information sharing can be beneficial.

Barclays Bank shared information with a peer in the banking industry after its customers were targeted by a then-novel phishing attack in 2003, he said. This meant staff at NatWest were much better prepared to react when clients of the rival high street bank were targeted by a similar phishing scam two weeks later.

Earlier this week, EU cyber security agency ENISA called for better data-sharing and interoperability among European CERTs.

While such information sharing in and between small group such as universities and the banking sector is uncontroversial, wider sharing of information is a political hot potato, as demonstrated by controversy over the US Cyber Intelligence Sharing and Protection Act (CISPA).

CISPA allows private companies to share customer information with the NSA and others in the name of cybersecurity. The legislation has failed to get through Congress twice already since its first introduction in 2011 but was resubmitted earlier this month. The proposed law would also allow firms to share their customers' web traffic information - among other things - with the Feds. Privacy activists opposed the law long before the Snowden revelations made it even more controversial. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.