Oct 02 2013
The UK has been following the US government lead on a number of things. Earlier this year they launched a plan called the Cyber Information Sharing Partnership (CISP) to promote information sharing between the UK government and critical infrastructure providers within the UK. This somewhat mirrors the long term efforts in the US under the umbrella of the Information Sharing and Analysis Center (ISAC) that has been going on for some time. In both cases the goal seems to be enabling a communication channel that allows government to share information with industry insiders in order to protect themselves better. If this follows the US patter, the CISP program will spend much of its first few years building up trust with the participating companies. However, the relationship between business and government is slightly different in the UK, something I’m finding out up close and personally, which might change the equation in favor of building that trust much faster.
Two additional efforts that mirror things happening in the US. The first is a plan to create a cyber defence force in the UK called the Joint Cyber Reserve Unit (I wonder if they’ll call it ‘J Crew’). The JCRU will have the ability to protect UK computer systems and if needed perform “cyber strikes” against ‘enemies’, though both of those terms are poorly defined at this point in time. The US has been working on a similar capability in the military for a number of years and there have been stories about a non-military version of this effort, but very little news of what is really being done in the US has leaked out. I strongly suspect that the UK version of this effort will be similarly quiet, working almost entirely behind the scenes.
The second effort is an accreditation program run by the UK’s GCHQ (the equivalent of the US NSA) to perform testing of security professionals in the form of a CESG Certified Professional. There are six types of certification ranging from Practitioner to IT Security Officer. It’s unclear exactly what will be tested for without a lot of digging, but it looks like an interesting effort. It’s got to be better than the US efforts that basically state security professionals need to have their CISSP. I plan on taking a much longer look at this in order to see if any of the accreditations are appropriate for me to apply for personally.
Our governments are obviously sharing a lot of experience on the spying front, but it’s nice to see them sharing information on the security front as well. Maybe the US can learn a little from the UK’s efforts at accreditation. I’m not going to hold my breath though.