Akamai Diversity

The Akamai Blog

CERT-UK: The place to go (for security) in Great Britain

As of 31 March 2014, the UK officially has a governmental Computer Emergency Response Team (CERT) that is responsible for being the central point for communication between a variety of governmental and business within the confines of the UK, as well as beyond. While this is the 'birthday' of CERT-UK, the organization has already been working hard since November to create infrastructure and hiring personnel, this was simply an official date to say "We're open for business."

Led by Chris Gibson, former head of the e-crime unit at international bank Citigroup, this group has two main responsibilities. The first of these is to provide situational awareness of the current and developing threats from the Internet that face the UK. In this role, CERT-UK will be the authoritative voice to communicate with the numerous existing CERTS for the UK's critical national Infrastructure.

The second mission is to build a partnership between business and government in order to safeguard both. Part of this mission has been accomplished by bringing the Cyber Security Information Sharing Partnership (CISP) under the umbrella of CERT-UK. CISP's mandate as an information sharing partnership directly supports the responsibilities of CERT-UK.

Cabinet Office Minister Francis Maude, one of the primary sponsors in making CERT-UK a reality, opened the proceedings by drawing attention to the cost of attacks on Britain, which average between £450,000 and £850,000, with one security breach in the UK that cost the company "over £800m worth of revenue". "Cybersecurity isn't a necessary evil, it's an essential feature of, and a massive opportunity for, the UK's economic recovery." Drawing on lessons learned from the Olympics, he stated that better coordination between government and business was vitally important to the UK.

In his speech, Chris Gibson observed that there is a great need for situational awareness that is timely, actionable and relevant to the many CERTS within UK businesses and government agencies. Not only will CERT-UK help provide this, they'll also be a location for international organizations to reach a central point of contact within the UK.

Larry Zelvin, visiting from US organization, National Cybersecurity and Communications Integration Center (NCCIC), complimented the speed with which the UK brought CERT-UK into existence. He also echoed Cabinet Office Minister's point that "cyber attacks are one of the top four threats to the UK." He stressed the need to "plug the whole, making sure it doesn't reappear", meaning long term solutions need to be created to the problems facing both government and businesses in the security landscape.

The creation of the CERT-UK is only the first step in making the UK Internet landscape safer for governments, businesses and individuals. The organization has an long road ahead of it in creating awareness, gaining trust and enabling information sharing between it's many member organizations. The hardest of these to gain and maintain will be trust, but with his long experience amongst the incident response community, Chris Gibson is uniquely qualified for the challenges ahead of him.