Anti-cyber threat alliance formed in the UK
The UK government has launched a new "Cyber Security Information Sharing Partnership" (CISP) to improve the UK economy's defence against cyber attacks. According to a report by the BBC, government authorities and companies within this partnership will cooperate to increase the speed at which threat information is shared and coordinated measures are taken. The UK police and the Security Service (MI5), as well as members of the GCHQ intelligence agency, are planned to be involved.
About 12 to 15 security analysts will work for the alliance at new headquarters, monitoring attacks on large screens and providing details of who is being targeted within the UK network in real time. However, the BBC says that this base will only operate during regular business hours.
According to the BBC, the cyber alliance will also offer a web portal that has been introduced as a "secure Facebook" for cyber threats. Access to this portal will be restricted to the 160 companies that have joined the initiative and to the security analysts, and the portal will serve for sharing information both ways. Information on potential attacks will remain within the network and won't necessarily be made available to the public. This is intended to make it easier for companies to report attacks on their own systems without impacting their reputation or, for example, their stock market value. The BBC says that the UK government is hoping that further companies will join the partnership soon.
Cyber attacks are said to cause billions of pounds worth of damage every year. As an example, the report mentions a listed company that incurred revenue losses of £800 million because it suffered a commercial disadvantage in contractual negotiations due to a cyber attack from a hostile state. The Telegraph says that Britain suffers an estimated 44 million cyber attacks a year, which is an average of about 120,000 a day. According to the newspaper, this is estimated to cost the country up to £27 billion a year.
The UK doesn't seem to think too highly of the draft directive to introduce a general obligation to report cyber attacks that was presented by the EU in February. According to the BBC, unnamed UK government officials say that they continue to be uncomfortable with the draft directive and advocate a voluntary partnership model for businesses.
There's also a lot of debate around this topic in Germany: the German Minister of the Interior, Hans-Peter Friedrich, as well as the German Society for Computer Science have repeatedly advocated a compulsory reporting duty. The German IT trade association, on the other hand, thinks that a legal obligation to report incidents is unnecessary. Companies voluntarily cooperate with the cyber security alliance that was founded in late 2012 and is sponsored by Bitkom and by the German Federal Office for Information Security (BSI); it is also possible to report incidents to this alliance anonymously. Germany's own National Cyberdefence Centre was launched as a platform to share information back in 2011 and is coordinated by the BSI.