Like other CERTs around the world, its main purpose will be in information-sharing and coordinating attack response.
"At the sharp end, the CERT will take the lead in co-ordinating the management of national cyber-security incidents,” said the UK's Minister for the Cabinet Office, Francis Maude, who opened the CERT-UK at a private press event. “One area where it will play a particularly important role is in providing support to our critical national infrastructure companies.”
Corporations are also a target for CERT-UK’s help, considering that 93% of large corporations have had a breach in the last year, costing on average between £450,000 and £850,000, he noted. "CERT-UK…will also share information with companies to promote situational awareness and effective mitigation of threats," Maude said.
Maude explained that the UK's existing Cyber Security Information Sharing Partnership (CISP) will be folded into CERT-UK. That program, created to promote information-sharing between the public and private sector last year, has more than 1,000 members and more than 350 businesses and organizations that have registered.
According to the BBC, the government says it has allocated £860m to the UK's cybersecurity efforts, including CERT-UK, which will be based in London and have a team of 55 people. Its director, Chris Gibson, was formerly the director of e-crime at global bank Citigroup.
CERT-UK will put out advisories that address cybersecurity issues being detected across government, industry or academia or that offer best practice updates and appropriate guidance in the event of a critical national cybersecurity incident.
The entity will also coordinate international responses to cybersecurity events.
"CERT-UK will be the single point of contact for our international partners for CERT-to-CERT engagement, an increasingly important area of dialogue,” Maude said. “It will manage incidents that cross national borders and it will share information that promotes situational awareness and effective mitigation of threats.”