Britain’s brand new Computer Emergency Response Team (CERT-UK) has finally been launched, the latest and most high-profile part of the Government’s long-running overhaul of UK cyber-defences.
Predictably late given the complexity of its brief – UK-CERT was supposed to have been up and running in 2013 – the organisation will act as the important anchor point for any national response to major cyber-incidents, particularly those against critical national infrastructure.
The organisation will also act as an coordination point for incidents that span national boundaries as many are sure to do in future.
“Of course, we will never be able to eradicate cyber threats completely, but you can lessen the impact. Only by working closely together – at home and overseas - can we increase awareness and build resilience to reduce the impact of cyber threats,” said Cabinet Office Minister, Francis Maude during the launch event in London.
“Government can’t do this by itself. I think CERT-UK shows our intent on where we want to go: ever closer coordination between government, business and academia to share insights and share advice; better cooperation with our international partners,” he said.
Under its head Chris Gibson, appointed last November after a career at Citigroup, the new body is a major upgrade of the old UK national CERT that had operated in a low-key way since 2003. The genesis of the new CERT-UK was the experience of the 2012 Olympics and Paralympics which came under sustained cyber-attack that required well-resourced co-ordination to repel.
For some time there has been a widespread agreement that the UK needed a properly-resourced body to coordinate defence in such situations. What CERT-UK is expected to bring is the official muscle to force change or action where that is needed.
It will also sit at the middle of a web of other security bodies, including the Centre for the Protection of National Infrastructure (CPNI), GovCertUK, and National Cyber Crime Unit (NCCU).
“It is vital that the Government takes a strong lead and provides an efficient infrastructure that allows the security community to collaborate and share vital information. It’s only by working together that we will rise to the challenge the cyber threat presents and the establishment of CERT UK is a positive step forward,” responded Martin Sutherland, Managing Director of BAE Systems Applied Intelligence.
One concern is the extent to which CERT-UK will function as a useful resource for organisations and individuals beyond its high-level peers. Despite it being early days, the omens from the new website, cert.gov.uk, aren’t encouraging. Although no less functional than the US-CERT site on which it seems to have been based, neither is exactly full of alert data. CERT-UK's role will be behind the scenes.