The UK Government has unveiled a new Cyber Security Information Sharing Partnership (CISP), just as the global Internet is facing what some are calling the “biggest attack in history”.
The new partnership is designed to help businesses tackle cyber-security threats, and will share knowledge from industry analysts and security experts from businesses, MI5, the government’s signals intelligence agency GCHQ, and the Police.
The partnership is set to include a secure online collaboration environment where experts can collaborate in real-time by sharing responses to an ongoing attack.
The formation of the CISP comes in response to comments from the Director General of MI5, Sir Jonathon Evans, who said last year:
The extent of what is going on is astonishing — with industrial-scale processes involving many thousands of people lying behind both State-sponsored cyber espionage and organised crime.
The announcement comes as a distributed denial of service attack, similar to the one that brought IFSEC Global down last month, is being targeted at an organisation called Spamhaus.
The BBC has said that security experts are describing the attack on Spamhaus as “the biggest cyber-attack in history”.
Spamhaus is an international not-for-profit organisation that tracks internet spam, enabling service providers to effectively block spam from their networks.
They recently blocked servers maintained by Dutch host Cyberbunker, who Spamhaus claim are responsible for the attack in conjunction with criminal gangs from Eastern Europe, according to the BBC.
Spamhaus chief executive, Steve Linford, explained the scale of the attack, saying:
If you aimed this at Downing Street they would be down instantly. They would be completely off the internet.
These attacks are peaking at 300 gigabytes per second. Normally when there are attacks against major banks, we’re talking about 50 gigabytes per second.
The scale of the attack is slowing services down across the internet, so if you’re wondering why your connection is a bit slow today, now you know why.
Business imperative
The National Audit Office recently reported that the cost of cybercrime in the UK ranges between GB pound 18-27 billion (US$23-34 billion). The formation of the CISP has been welcomed by cabinet officials and former White House Cyber Security Adviser Howard Schmidt, who said:
In the US, we have seen the emphasis that President Obama has placed on cyber-security, and in particular, steps to protect our critical infrastructure. Many senior leaders in private sector companies are supporting it, and recognizing that it’s not only a security issue, but a business imperative. The launch of the UK CISP is an important step in forging an ongoing partnership between industry and government, promoting information sharing by providing the ability to analyze and redistribute information in a timely, actionable, and relevant manner.
The CISP is part of a GB pound 650m (US$830 million) Government investment into their National Cyber Security Programme over four years.
Another example of our vulnerability to hacking. Our banks, governments and employers are all vulnerable to this kind of attack. Unless defenses are improved, we will see more of these attacks – soon they will hit a site we are dependent on. What does it take to get us off our duffs and do what is necessary to stop this? Hackers are still viewed as some kind of Robin Hood hero, as long as they hit someone else. When they strike your bank account or your social security, it may be too late.
Robin Hood hero? If they’re stealing from the rich, who are the poor they’re giving to? I don’t necessarily thing that people are under too many illusions that the crime is usually selfish.
Rob… Well worth digesting the latest comments from the Chatham House Think Tank on the issue of cyber security in relation to both information sharing and international frameworks http://www.chathamhouse.org/media/comment/view/190547
These comments most certainly add to the debate that you’ve kick-started here.
CISP would go a long way. I think its a good step which should have been taken way back. we all know that cybercrime and online espionage is rife on the web. As the businesses are getting into cut throat competetion the vulnerablitites are correspondingly increasing for each stake holder. Various organization are using malicious softwares in order to have watch on rivals. Attacks taking place at 300 GBs per second should be an eye opener for all of us.
Interesting that Chatham House suspect North Korea, who, let’s be honest here, despite all of thei bluster and rhetoric are hardly a high-tech nation.
Spamhaus are probably one of the few organisations capable of staying online through such an attack.
Thanks for sharing that link, Brian. Makes for some good extra reading into the issue at hand.
With regards to hackers being viewed as some sort of Robin Hood… I beg to disagree. I don’t view them in that way at all. While some are trying to do good (through some very shady methods), the majority are just hacking for the heck of it.
Those of us in the business know better, but for the vast majority of outsiders, we are viewed as a tool of the “rich crooks running banks” and other large agencies. Any time someone takes them down a notch it is viewed as a victory for the little guy who is being victimized by “the system.” Even if they don’t give to the poor, it’s good to see the rich taken down a peg.
It’s the same reason Bonnie and Clyde and Dillinger were folk heroes in the thirties.
Any step towards cooperation between foreign powers on this subject is a good thing. Regardless of whether or not these attackers are viewed a fighting for the little guy. Hacktivism is one thing, attacking with the intent to do damage or theft is another and the platform to respond across borders to address it needs to be there. Hacking across international borders has been successful for so long because of the cost involved to investigate and pursue criminals is too great for a single law enforcement agency to cover. If it is going to be stopped then we have to… Read more »
Yesterday, Associated Press was hacked. A tweet was generated that indicated the White House was bombed and the President was injured. The stock market went down 140 points in two minutes, but recovered as quickly when AP reported that the tweet was bogus.
A lot of money changed hands in less than five minutes – if a person had known about this, they could have profited greatly. I wonder who made a killing.
I agree shipwreck what is the saying, if you want to know who is responsible follow the money… A coordinated effort and attack can make some one a lot of money.