The UK is opening a cyber-crime center to fight the “astonishing” number of hack attacks on Britain. The initiative follows an EU plan that forces companies to disclose hacked data, potentially damaging reputations and share prices.
The new initiative will combine information from government
communications headquarters GCHQ, MI5, the police and various
businesses. The idea behind the body is to orchestrate quicker
responses to cyber-attacks that hit UK companies.
The so-called Cyber Security Information Sharing Partnership
will share information between governments and businesses to gather
a more complete picture of the attacks being carried out on
computer systems in the UK.
Currently, 160 companies are involved in the initiative, from
the fields of finance, defense, energy, telecommunications and
pharmaceuticals.
UK companies have previously voiced concerns over releasing data
on cyber-attacks, fearing that such information would damage their
credibility and share prices if it were disseminated publically.
“The government is understandably wary about divulging
information to outsiders about cyber threats which has been derived
from secret sources and agencies,” cyber-security expert Nigel
Inkster told the Financial Times.
However, the UK government has insisted that the statistics
paint a clear picture of the growing threat and the need to act.
Last year, MI5 head Jonathan Evans called the cyber-threat to
Britain “astonishing,” and said that one anonymous
UK company had lost over $1 billion in an act of intellectual
property theft.
And the year previous, cyber-security specialist BAE Systems
Detica estimated that British companies lost around $40 billion a
year in revenues through hacking attacks.
EU fears
At first glance, it appears the UK is following a recent EU
draft bill that seeks to force companies to declare when they fall
victim to a cyber-attack. However, the UK initiative differs by
giving businesses the choice of whether to participate.
David Garfield, managing director of cyber security at BAE
Systems Detica, told the Financial Times that the EU measure could
end up being counterproductive: “The real effect of a system of
compulsory disclosure might ultimately be to encourage companies to
turn a blind eye to attacks, pretending they have not seen
them.”
The European Commission’s ‘Open, Safe and Secure Cyberspace’
plan would be a massive operation involving 42,000 companies
dealing with banking, transport, energy, health, the Internet and
public administrations.
The companies would be required to immediately inform EU
authorities in the event of a hack attack, “to share early
warnings on risks and incidents through a secure infrastructure,
cooperate and organize regular peer reviews.”
UK officials have voiced concerns over the bill, saying they
would be uncomfortable with a law making it mandatory for companies
to disclose data on attacks.