UK spy agency GCHQ will begin sharing intelligence on breaking threats with private firms, in a bid to better protect the country’s critical infrastructure from cyber attack and support economic growth.
Outgoing director Iain Lobban will announce the ambitious project today at GCHQ’s IA14 conference in London.
The details are vague at the moment but the plan is for a pilot to be set up which will involve information sharing between GCHQ and government communication service providers (CSPs). It will then be extended in time to include CNI firms.
The plans could be seen as building on the government’s CISP (Cyber Security Information Sharing Partnership) initiative launched last year to promote better info sharing between public and private sector.
Cabinet Office minister, Francis Maude, told attendees at IA14 on Monday that CISP already boasts over 450 member organizations, who notify fellow members of around 215,000 “abused IP addresses” each day in the voluntary scheme.
He claimed that already BT has been notified by another CISP member about stolen employee credentials which appeared on the web.
“The value of CISP was really brought to the fore in responding to Heartbleed,” he added. “CISP rapidly warned members of the threat, providing signatures that could be used to detect abuse.”
Brian Honan, security consultant and special advisor to Europol’s European Cybercrime Centre (EC3), welcomed GCHQ’s plans.
“The complex nature of these threats means that many of these organizations cannot simply rely on a reactive response to security threats and must take a more proactive approach to dealing with them. The most effective way to do this is with information sharing,” he told Infosecurity.
“However, key to that information sharing is that it must be timely and actionable in order for organizations to be able to use it effectively. It will be interesting to see how this initiative evolves and hopefully over time participation may be extended to other parts of the economy.”
Will Semple, VP research and intelligence at Alert Logic, argued that while GCHQ is showing "strong leadership" with the new initiative, building a broader base of support will be key to the program's long-term success.
"It will be important for GCHQ to reassure the general public as well as the business community that the intelligence that will be shared is purely of bad actors and campaigns that can cause damage to our economy," he told Infosecurity.
"Winning the trust of key business communities and continualy re-inforcing the message of transparency will be difficult but not impossible."
The news comes just a fortnight after the government launched Cyber Essentials - a new scheme designed to improve baseline security for SMBs.
Then, last week, info assurance organization CREST announced CBEST, a new initiative set to improve the security posture of financial institutions by sharing threat intelligence.