East Midlands pioneers regional cyber threat response
Regional cyber threat prevention scheme expanded beyond public sector to include data sharing with local businesses
The East Midlands is expanding a pioneering regional cyber security scheme to allow both private enterprise and local authorities to collaborate with police, government and academics on sharing data to better prepare against potential threats to their operations.
The UK's Computer Emergency Response Team (CERT-UK) has worked with local law enforcement bodies to create the East Midlands "node" on the Cyber-security Information Sharing Partnership (CiSP) so both private and public sector organisations can anonymously or publically share details on cyber attacks.
With the East Midlands becoming the first of nine regionally-focused CiSP nodes to launch across England -through assistance from the Metropolitan Police's Regional Organised Crime Units (ROCUs) - private sector organisations in the area can now share data on cyber threats they are a facing with companies in the region.
CERT-UK said that after launching a CiSP node exclusively for local authorities and councils in May to allow organisations to better understand and protect themselves against compromising attacks, a separate focus had now commenced this month focused specifically on regional communities.
A CERT-UK spokesperson said that it had been important to create regional areas on CiSP so that any specific threats in areas of England can be shared more quickly and widely. It is also hoped the nodes will also allow information to be shared more widely with SMEs.
"Any information that a private sector body shares could be directly relevant to a public sector organisation for a variety of reasons (e.g. running the same software, having similar levels of staff understanding etc)," said the spokesperson. "Likewise, threat information public sector organisations are seeing can be just as useful to private companies."
CERT-UK claimed that despite the potential admin challenges arising from trying to extend data sharing between different organisations, the launch and subsequent expansion of the regional CiSP node had gone relatively smoothly so far.
However, in inviting private sector organisations to share data on cyber threats they have faced, CERT-UK said it was looking at overcoming challenges in how guidance can be provided in forms relevant to both larger companies and small and medium-sized enterprises (SMEs).
"For an organisation with less understanding of cyber issues, guidance is provided in a more basic format. CiSP is trying to help SMEs adapt by giving them access to this information and tailoring it to their level of understanding in this way," said the spokesperson.
Deputy chief constable Peter Goodman, national cyber crime lead at the Association of Police Officers (ACPO) and head of the East Midlands ROCU said that with SMEs serving as the backbone of local and regional economies, it was vital to prepare the wider private sector for potential online threats.
"There is much that companies can do to protect themselves. We know that basic 'cyber hygiene' steps can prevent around 80% of cyber-attacks," he said. "Similarly, we know that companies who have experienced and successfully dealt with a cyber-incident have knowledge and advice that others will find invaluable."