CERT and Cyber Reserve to be set up within the next year
The Coalition has announced plans to create two new cyber security teams, which will look to bolster the nation’s virtual defences.
In a statement to Parliament today, minister for the Cabinet Office Francis Maude announced the creation of a UK National CERT (Computer Emergency Response Team) and a Cyber Reserve within the Ministry of Defence (MoD). Maude also presented an update on the UK’s Cyber Security Strategy, which he introduced last year alongside an extra £650 million investment in the nation’s digital infrastructure.
Cyber security squads incoming
The CERT will “improve national co-ordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security,” promised Maude. To supplement the new force, a Cyber Incident Response scheme, recently launched by GCHQ’s information assurance arm CESG and Centre for the Protection of National Infrastructure (CPNI), will become fully operational in 2013.
The Cyber Reserve will “draw on the wider talent and skills of the nation in the cyber field”, letting the armed services call upon extra help when they need it. “The exact composition is currently in development and a detailed announcement will follow in 2013,” said Maude.
A separate Cabinet Office document revealed more about the reserve force: “The Services will engage additional experts to support their work in defending against the growth in cyber threats. These will be supporting roles to the Joint Cyber Units across the full spectrum of cyber and information assurance capability. A series of events are being held with industry on how the scheme will work.”
Industry onlookers have welcomed the two initiatives. Raj Samani, UK CTO for security firm McAfee, said the reservists would help fill the public sector skills gap when it came to cyber issues.
“From the cyber perspective, of course ideally we would all want a full time ready and able cyber team capable of addressing the issues facing the UK,” Samani told TechWeekEurope.
“However with the cyber security skills shortage facing all sectors, such an approach is absolutely necessary until we are able to have this full time capability. This of course places greater dependency on the need for cyber security training and getting the skills of reservists at the right consistent level.
“What this, and the new national CERT really emphasizes, however, is the need for a strong public-private partnership. Not only in terms of providing resources, but also the intelligence in terms of a real-time and global perspective necessary in understanding the threats facing the UK.”
Maude also noted the government was developing a permanent information sharing environment called CISP (Cyber-security Information Sharing Partnership), which will launch in January 2013. Both industry players and the government have been working on CISP, which will be initially open to critical national infrastructure sectors. Others will be able to benefit at a later date.
Furthermore, a joint ‘Cyber Growth Partnership’ with Intellect, the representative body for the UK technology industry, was announced. This will consist of a “high level group which will identify how to support the growth of the UK cyber security industry, with an emphasis on increasing exports”.
The government has also pledged to increase the proportion of cyber security contracts going to SMEs. “In line with Government targets, at least 25 percent of GCHQ’s procurement budget is to be spent through SMEs to gain access to the vibrant innovation of these firms.”
In the consumer space, HMRC is to automatically alert customers using out-of-date browsers and will direct them to advice on how that could hurt them.
During his speech, Maude had warned that “attacks on government departments continue to increase”.
Think you’re a security pro? Try our quiz!