"The partnership includes the introduction of a secure virtual ‘collaboration environment’ where government and industry partners can exchange information on threats and vulnerabilities in real time," says the Cabinet Office. "The Cyber Security Information Sharing Partnership will be complemented by a ‘Fusion Cell’ which will be supported on the government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors."
This is all part of the UK government's Cyber Security Information Sharing Partnership (CISP), which will also set new terms and conditions to facilitate effective sharing of information and provide the administrative support for it.
The sharing will be conducted on a secure web portal accessible only to authorized members, where information such as technical details of attacks, the methods used in setting them up and executing them, as well as mitigation strategies will be exchanged between the participants.
This system has already proved to be effective, as a pilot first including 80 then 160 companies from the defense, pharmaceutical, telecommunication, finance and energy sectors was started in February 2011.
At first the companies were cautious on what information they were sharing, which is understandable because of the damage such information can wreak on their public image. But once they established a trusting relationship with other participants, the sharing increased - especially between the various companies involved.
The participation in the program is not legally mandated, but the success of the pilot has proven to be a good draw. Once the 160 companies already involved are transferred to the new framework unveiled today, other firms will be able to apply for admission in this circle.