MI5 and industry join forces to fight cybercrime
Fusion cell to be set up at secret location in London to analyse online threats to the UK
The Guardian / UK
March 27, 2013
Cyber-security experts from industry are to operate alongside the intelligence agencies for the first time in an attempt to combat the growing online threat to British firms.
The government is creating a so-called fusion cell where analysts from MI5 and GCHQ, the domestic eavesdropping agency, will work with private sector counterparts.
The cell is part of the Cyber Security Information Sharing Partnership (Cisp), launched on Wednesday, to provide industry with a forum to share details of techniques used by hackers as well as methods of countering them.
At any one time there will be about 12 to 15 analysts working at the cell, based at an undisclosed location in London.
“What the fusion cell will be doing is pulling together a single, richer intelligence picture of what is going on in cyberspace and the threats attacking the UK,” a senior official said.
“What we are trying to do is get that better intelligence picture and push it out to industry in a way that they can take action on, so it is very action-orientated.”
Although the industry representatives will not have direct access to classified intelligence material, they will face security vetting.
The Cisp initiative grew out of talks in 2011 between industry and David Cameron. It led to a pilot project last year involving 80 leading companies, codenamed Programme Auburn. It will be expanded to cover 160 firms from the finance, defence, energy, telecoms and pharmaceutical sectors.
With companies reluctant to discuss cyber-attacks or breaches of security in public, officials acknowledge that confidentiality is crucial, so companies involved will not be named.
“Everything about information-sharing has to be based on trust,” another official said. “Most companies still remain cautious about talking about the cyber threats they face in public.”
The firms will have access to a secure web portal, described as a “Facebook for cyber-security threats”, run on social network lines, where they can choose who they share information with.
It is expected that other firms will be invited to join as the scheme develops, although officials stressed that future expansion would be at a pace consistent with maintaining trust and confidentiality.
Launching the scheme, the Cabinet Office minister, Francis Maude, said the government was determined to make Britain one of the safest places to do business in cyberspace.
“We know that cyber-attacks are happening on an industrial scale and businesses are by far the biggest victims of cybercrime in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into billions of pounds annually,” he said.
“This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace.”