Government launches cyber security information-sharing partnership

'What you've done in two years has taken us about 17,' says former Whitehouse cyber security co-ordinator

The government has launched a Whitehall and industry partnership to share information and intelligence on cyber threats.

A pilot of the Cyber Security Information Sharing Partnership (CISP) was launched by Prime Minister David Cameron in February 2011 and involved 80 companies from five sectors including defence, pharmaceuticals, telecommunications, finance and energy. The initiative was later expanded to 160 firms.

The CISP incorporates a new virtual "collaboration environment" where government and industry partners can exchange information on threats and vulnerabilities in real-time. In addition, a "fusion cell" will be supported by government agencies GCHQ, the National Crime Agency and the Security Service; it aims to encapsulate and analyse the cyber threats facing the UK for the benefit of all partners.

Speaking at the launch, Cabinet Office minister Francis Maude said "cyber security is topping the policy agenda".

"We need to team up to fight common enemies and that is what CISP is about, it is about government and business working closely together to build a comprehensive picture [of cyber threats] and come up with the best answers," he added.

Maude said that the success of the scheme will depend on its participants.

"This service will be what partners make of it. It is up to all of the members to share the information. The more volume and traffic there is, the more useful it will be to all partners, the more information each organisation gives, the richer the knowledge base," he said.

Richard Horne, managing director of cyber security at Barclays, told delegates organisations are now realising that they cannot protect themselves in isolation.

"We are part of a system and we have to act in a collaborative way. Government and industry saw ourselves as separate entities, but adversaries see us as a connected system. The first thing you'd do if you were them is map out the system, it is broader than the individual entities," he explained.

'What you've done in two years has taken us about 17,' says former Whitehouse cyber security co-ordinator

Horne said that collaboration is important for two main reasons: the first is because as the threat is fast moving, dynamic and broad, no one can get a full picture of the threat. So organisations and government have to work together like a neighbourhood watch, he said.

"The other reason is if there is a breach of one organisation, it is shared by other organisations. It is like me keeping my car keys at a neighbour's house, and they get burgled, and I lose my car. This is why it is a significant step," Horne stated.

Robin Southwell, CEO of EADS UK, one of the private sector partners of the scheme, added that the CISP is an important part of the overall Cyber Security Strategy.

"The CISP will provide an effective forum, not only for organisations to defend themselves but for the UK itself to reinforce its goal to be the safest place in the world to conduct online business," he said.

The former Whitehouse cyber security co-ordinator, Howard Schmidt, told delegates that after a cyber-attack that had affected a financial services firm in the US, it took 102 days to notify other companies in the sector of the issues that the firm had encountered.

"We could have given information about the malware, the type of attacks and so on to the other firms without mentioning the firm in question but there are constitutional issues we have to deal with. Obama has signed the order where he has now said that the default is to share information, unless someone comes up with a very, very good reason for [a company] not to. So that within 24 hours, the private sector, especially if it concerns critical national infrastructure, should be notified," he said.

Schmidt ended by congratulating the UK government for the CISP launch.

"What you've been able to do in two years has taken us about 17 years to do," he said.