UK Government launches information sharing partnership on cyber security
New cyber partnership launched to help government and industry share information and intelligence on cyber security threats.
Francis Maude, Minister for the Cabinet Office, today launched a new government and industry partnership to share information and intelligence on cyber security threats.
The Cyber Security Information Sharing Partnership (CISP) delivers a key component of the UK’s cyber security strategy in facilitating the sharing of information on cyber threats in order to make UK businesses more secure in cyberspace. This follows a successful pilot scheme launched by the Prime Minister which included over 160 companies across a range of UK sectors.
The partnership includes the introduction of a secure virtual ‘collaboration environment’ where government and industry partners can exchange information on threats and vulnerabilities in real time. The Cyber Security Information Sharing Partnership will be complemented by a ‘Fusion Cell’ which will be supported on the government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors. They will work together to produce an enhanced picture of cyber threats facing the UK for the benefit of all partners.
Francis Maude, Cabinet Office Minister, will launch the new partnership alongside representatives from industry as well as Howard Schmidt, former White House Cyber Security Adviser, to an audience of over 200 senior representatives of some of the UK’s top companies.
As Cabinet Office Minister responsible for the Cyber Security Strategy, Francis Maude said: “We know that cyber attacks are happening on an industrial scale and businesses are by far the biggest victims of cyber crime in terms of industrial espionage and intellectual property theft with losses to the UK economy running into the billions of pounds annually.
This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace. The initiative meets a key aim of our Cyber Security Strategy to make the UK one of the safest places to do business in cyberspace. As part of our investment in a transformative National Cyber Security Programme; we are pleased to provide a trusted platform to facilitate this project.”
Howard Schmidt, former White House Cyber Security Adviser, welcoming the announcement, said: “In the US, we have seen the emphasis that President Obama has placed on cyber security and in particular steps to protect our critical infrastructure. Many senior leaders in private sector companies are supporting it and recognizing it is not only a security issue but a business imperative. The launch of the UK CISP is an important step in forging an ongoing partnership between industry and government, promoting information sharing by providing the ability to analyze and redistribute information in a timely, actionable and relevant manner.”
Welcoming the partnership with industry, Home Office Minister, James Brokenshire, Parliamentary Under Secretary of State responsible for Security said: “The Cyber Security Information Sharing Partnership complements the National Cyber Crime Unit, which will provide a single national lead to tackle the most serious, organised and complex forms of cyber crime.”
Notes to editors
Cyber attacks are one of the top four threats to UK national security alongside international terrorism (National Security Strategy 2010). A re-assessment in 2012 has maintained this categorisation.
The Cyber Security Strategy, published in November 2011, sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment.
A National Cyber Security Programme backed up by £650 million of Government investment over 4 years to help meet the objectives of the strategy has been put in place.
In December 2012, Francis Maude placed a written parliamentary statement in the Houses of Parliament reporting on progress against the objectives of the strategy documents.
Cyber Security Information Partnership
In February 2011, the Prime Minister hosted an event at Number 10 for leaders of UK companies to stress the importance of forging a partnership on cyber security to combat growing threats to UK businesses in cyberspace.
As a result of that meeting a pilot scheme was launched to test the feasibility of sharing information and intelligence between government and industry on cyber threats and mitigations. The pilot involved 80 companies from across 5 sectors of business including defence, pharmaceuticals, telecommunications, finance and energy; this was later expanded to 160 firms.
Building on the pilot, industry and government have co-designed the Cyber-security Information Sharing Partnership. The partnership delivers:
- a new secure ‘collaboration environment’
- a joint industry/government resourced ‘Fusion Cell’ to provide analysis and support to the initiative
- new terms & conditions to facilitate effective sharing; and the necessary administrative support
An interim capability was launched at the end of January to enable the signing-up of industry partners to begin user testing the environment and development of further functionality as we build towards full operating capability, to be launched on 27 March.
Around 200 senior representatives from industry have been invited to the event at Chatham House to mark the launch of the partnership and collaborative environment. Francis Maude is hosting the event and other speakers include Howard Schmidt, former White House Cyber Security Adviser, Richard Horne, Managing Director of Security at Barclays and Robin Southwell, CEO of EADS.
In June 2012, Jonathan Evans, DG of the Security Service stated “The extent of what is gong on is astonishing – with industrial-scale processes involving many thousands of people lying behind both State sponsored cyber espionage and organised crime”.
A recent National Audit Office report has put the cost of cyber crime to the UK as ranging from £18 to £27 billion per annum.