The government has finally unveiled its UK Computer Emergency Response Team (CERT-UK) as part of its strategy in the fight against cyber crime.
The unit, which had been expected to launch earlier this month, is intended to develop the UK’s cyber defences against threats ranging from hackers and cyber criminals to state-sponsored cyber attacks.
CERT-UK will be responsible for coordinating with industry in order to protect national infrastructure, energy supplies and other critical systems from cyber threats.
Launched by Chris Gibson, director of CERT-UK, and Natalie Black, deputy director for the Office of Cyber Security & Information Assurance at the Cabinet Office, the unit is considered to be one of the most important parts of the government’s £650m cyber security strategy.
However, one expert warned Computing that the figure isn’t sufficient.
Nonetheless, Nick O’Kelly, head of Cyber Incident Response at Deloitte, welcomed the launch of CERT-UK, arguing that it will help business and industry in the fight against cyber crime.
“The UK government’s Cyber Emergency Response Team is launching at a critical time, where the increased threat from cyber-attacks are forcing businesses and government to rethink their security and protection strategies,” he said.
“The creation of a national CERT will facilitate a more co-ordinated and effective response to major cyber incidents.
“It will also provide a capability for the distribution of advice and support from different parts of the public and private sector, as well as internationally.”
However, with the number of cyber attacks on the rise, Mike Ellis, CEO of identity management software company ForgeRock, questioned whether the launch of CERT-UK would be enough to keep the UK protected against digital threats.
“With a strong leadership team and some key partnerships, CERT is well positioned to develop the UK’s cyber defences against state-sponsored and criminal attacks on critical systems, such as the energy grid and power stations.
“The major problem, however, is that there is a major glitch in the current IT landscape, an integral flaw that needs to be addressed,” he said, warning of the increased use of machines, rather than people, in industry.
He added: “Today’s enterprise identity platforms and network security platforms inhabit disparate worlds without any real connection or collaboration between the two.
“With a rise of internet-enabled machine-to-machine (M2M) communication, more devices are dealing with and sharing user credentials without any direct action from the individuals involved.”
Ellis argued that many companies are still “leaving their doors open” to data theft through cyber attacks and shouldn’t be relying on government to solve the problem for them.
He concluded: “Cyber security needs to be taken as seriously as every part of business protection. Cyber breaches are one of the most pressing and potentially damaging issues that can happen to a company. They cannot rely on the government or task forces to protect their interests, businesses must take security into their own hands.”