Original URL: https://www.theregister.com/2013/11/22/uk_cert_analysis/
Meet the man who'll TAKE OVER if UK faces CYBER ATTACK
Chris Gibson to head up UK’s national Computer Emergency Response Team
Posted in Security, 22nd November 2013 16:39 GMT
The delayed launch of the national Computer Emergency Response Team (CERT) is getting back on track with the appointment of its new director, Chris Gibson. This comes after the project was delayed until next year.
The organisation was due to be up and running this year but recruitment and other issues meant its launch was put back until early 2014.<
CERT-UK, a pillar of the government's £650m National Cyber Security Strategy, is designed to co-ordinate responses to online attacks on a national level.
However things are finally moving along with the announcement of Gibson's appointment as the director CERT-UK. Gibson joins the government having previously been director of e-Crime at Citigroup and after serving for the last two years as chair of the international Forum of Incident Response and Security Teams.
In a statement, Francis Maude, the minister for Cabinet Office, said: “Chris Gibson brings with him a wealth of experience in cyber incident response in the private sector, both in the UK and internationally. His first-hand knowledge and understanding of cyber security will be invaluable as he leads the national CERT.
“We set out in our national Cyber Security Strategy the importance of strengthening our response to cyber incidents. By establishing CERT-UK we will build on and complement our existing CERT structures. This will help improve national co-ordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security. CERT-UK will be the expert single point of contact for other national CERTs around the globe," he added.
Gibson said: “I am delighted to join CERT-UK as we enter this exciting phase, with implementation underway and the leadership team now being appointed I am looking forward to the task of bringing together Government, industry, law enforcement and academia to establish the CERT as a team of professionals forming a world-class response to cyber threats to the UK.”
Idea from industry
The UK has had industry-specific CERTs for years (such as Janet CSIRT for university networks, and comparable organisations within government and for the UK defence forces) but has been slow to set up a national CERT, designed to co-ordinate response across all public and private sectors. CERT-UK will provide a comparable function to US-CERT, which has been operating for 10 years since 2003.
A Cabinet Office spokesperson explained that it is hoped that CERT-UK will be up and running early next year, once suitable accommodation is secured and a team is recruited. “In December 2012 HMG announced its intention to move towards a National Computer Emergency Response Team. This decision followed lessons learned from the Olympics which have informed our Cyber Security National Incident Management policy," it said.
“The new CERT will build on and complement existing structures within government, extending beyond government to industry and academia to provide a core incident management response for the benefit of the UK as a whole. Currently, the design of the new national CERT is complete and the implementation is underway with a particular focus on securing appropriate accommodation, technology and staff. We are continuing to consult with a wide range of stakeholders and are working to ensure CERT-UK is operational early next year.”
Digital Neighbourhood Watch
Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that national CERTs act as a peer to their international partners as well as co-ordinating response to cyber-security incidents nationally.
"There are a number of CERTS in the UK already but they may just be focusing on a particular industry or part of the government," Honan told El Reg. "A national CERT is the de facto CERT that CERTs in other countries would contact to help deal with a security issue."
"A CERT, Computer Emergency Response Team, is a service set up by organisations, industry bodies or governments to help their constituents deal with computer security issues. Typically many CERTs would act as coordination points to assist other CERTs deal with incidents. Other CERTs may offer devices such as alerting subscribers to vulnerabilities or targeted attacks, while others may also offer incident response services."
CERT-UK will provide a "core incident management response, lead international CERT engagement and provide cyber situational awareness and information sharing for the benefit of the UK as a whole," according to a Cabinet Office statement.
The recently advertised role of deputy director of operations at CERT-UK will include running the joint Government-Industry initiative CISP – the cyber security information sharing partnership - as well as leading a team of up to 25 network and security specialist at CERT-UK.
The practical difficulties involved in the seemingly straightforward task of sharing cyber information was highlighted during a round table discussion of programme committee members at the RSA Conference Europe late last month.
Coming together to blast internet nasties off the web
Researchers at antivirus firms have long shared malware samples with their peers at other vendors. But there's nowhere near this level of co-operation in sharing the details of software vulnerabilities and exploits, which have become a marketable commodity over recent years.
Threat sharing among commercial firms, meanwhile, has historically been limited to small communities where everybody knows each other, such as banking or academia, rather than through cross-industry partnerships. Damage to brand reputation if news about breaches or other security problems leak out has historically tended to inhibit even anonymous sharing of security threats outside closed groups.
The Cyber Security Information Sharing Partnership (CISP), launched back in March, aims to breaks down barriers to cross-industry information sharing.
Greg Day, RSA Conference programme committee member and chief technology officer at security vendor FireEye, said cyber sharing tends to happen within private clubs. Finding a tool or mechanism to share threat information that suits everyone will be difficult, according to Day.
John Colley, committee member and managing director of security training an certification outfit (ISC)2 in Europe, agreed that information sharing is based on trust. Colley relayed an anecdote that neatly illustrated how threat information sharing can be beneficial.
Barclays Bank shared information with a peer in the banking industry after its customers were targeted by a then-novel phishing attack in 2003, he said. This meant staff at NatWest were much better prepared to react when clients of the rival high street bank were targeted by a similar phishing scam two weeks later.
Earlier this week, EU cyber security agency ENISA called for better data-sharing and interoperability among European CERTs.
While such information sharing in and between small group such as universities and the banking sector is uncontroversial, wider sharing of information is a political hot potato, as demonstrated by controversy over the US Cyber Intelligence Sharing and Protection Act (CISPA).
CISPA allows private companies to share customer information with the NSA and others in the name of cybersecurity. The legislation has failed to get through Congress twice already since its first introduction in 2011 but was resubmitted earlier this month. The proposed law would also allow firms to share their customers' web traffic information - among other things - with the Feds. Privacy activists opposed the law long before the Snowden revelations made it even more controversial. ®