The government hasn’t done much to endear itself to our cyber selves recently. But, after many moons of uncertainty and delay, the UK’s Computer Emergency Response Team (CERT-UK) is finally and formally launched; think of it as a Ghostbusters team, helping to protect you from the things that go bump in the ‘net.
Cybersecurity is now ranked above nuclear dangers in terms of national threats, yet we have fewer safeguards in place for it. But now we have CERT, who supposedly will handle “cybersecurity incidents” of national significance, and keep us alerted to (if not safe from) cybercrims.
At the launch yesterday morning, Cabinet Office Minister Francis Maude said that 93% of large corporations had had “a breach” over the past financial year. When almost every corporation in the country has been hacked in such a short amount of time, it seems that we need CERT now more than ever. CERT will also integrate with the existing Cyber Security Information Sharing Partnership (CISP), launched in March 2013 to increase awareness of the cyber threat and (hopefully) reduce the impact on UK business.
Lots of countries around the world have some kind of incarnation of CERT, so the 55 person-strong organisation will also act as a point of contact for international operations. The cyber threat knows no borders, so hopefully this will mean better communication and pooling of resources in order to combat it.
The org has 4 main responsibilities that flow from the UK Cyber Security Strategy:
- national cyber security incident management
- support to critical national infrastructure companies to handle cyber security incidents
- promoting cyber security situational awareness across industry, academia and the public sector
- providing the single international point of contact for co-ordination and collaboration with other national CERTs
CERT-UK will also look to other sectors, such as industry, government and academia, to “enhance UK cyber resilience”; and hopefully widening their base of knowledge and experience should give them a better chance to manage the dangers. It’s a cyclical plan too, as they’re planning on promoting awareness across the industries simultaneously, creating a much-needed generation of people who understand just how present the problems are.
On the other hand, CERT technically has no law enforcement role or powers – it’s really just for connecting and sharing – so what the government chooses to do next with the information is another matter. But at least it’s a step in the right direction; people want to know something’s being done about the threat that seems to be all over our screens and worming its way into our businesses. And, after recent disappointments, it’s also a golden opportunity for the government to have a punt at our trust, and prove that it isn’t just a big bad web wolf in the cyber war. Watch this space.