The government has finally launched its Computer Emergency Response Team, aimed at building the UK’s defences against cyber threats ranging from hackers to state-sponsored attacks.
CERT-UK was first announced in December 2012 as a key element of the government’s £650million cyber security strategy, but plans to initially launch it by the end of 2013 were delayed.
The unit is responsible for coordinating the management of national cyber security incidents, and helping critical national infrastructure companies to become more resilient. It will also engage with international partners to manage cyber incidents that cross national borders.
Speaking at the launch of CERT-UK today, Cabinet Minister Francis Maude said that 93 per cent of large corporations had experienced a cyber breach in the past financial year, with each incident costing an average of between £450,000 and £850,000. One London-based company lost £800million worth of revenue because of an attack.
“Cyber threats to the UK are diffuse, unpredictable and generally anonymous. They could come from organised criminals based in another continent; or they could come from a teenage computer hacker closer to home,” said Mr Maude.
“The cyber hacker needs to succeed only once, but those protecting us must be successful all the time; around the clock, day after day, week after week. And of course, nothing in the digital world ever stands still. It’s forensic and painstaking work and it’s absolutely relentless. I have a very high level of confidence that we can achieve this.”
The Cyber Information Sharing Partnership (CISP), launched last year, will now be absorbed into CERT-UK, and the two teams will work together to promote awareness within British companies and help with the mitigation of threats.
Rob Cotton, chief executive of information assurance firm NCC Group said that the key to effective cyber incident management is good communication, co-ordination and technical ability.
“As the speed and scale of cyber-attacks grow it is essential for countries to provide a central co-ordination point and a greater focus on collaboration of threat intelligence sources,” he said.
“This is a smart move from the government, and comes at an important time as the threat of an attack on national infrastructure grows.”