Byting back: UK govt to share hack data with businesses to fight cyber-crime

27 Mar, 2013 10:39 / Updated 12 years ago

The UK is opening a cyber-crime center to fight the “astonishing” number of hack attacks on Britain. The initiative follows an EU plan that forces companies to disclose hacked data, potentially damaging reputations and share prices.

The new initiative will combine information from government communications headquarters GCHQ, MI5, the police and various businesses. The idea behind the body is to orchestrate quicker responses to cyber-attacks that hit UK companies.

The so-called Cyber Security Information Sharing Partnership will share information between governments and businesses to gather a more complete picture of the attacks being carried out on computer systems in the UK.

Currently, 160 companies are involved in the initiative, from the fields of finance, defense, energy, telecommunications and pharmaceuticals.

UK companies have previously voiced concerns over releasing data on cyber-attacks, fearing that such information would damage their credibility and share prices if it were disseminated publically.  

“The government is understandably wary about divulging information to outsiders about cyber threats which has been derived from secret sources and agencies,” cyber-security expert Nigel Inkster told the Financial Times.

However, the UK government has insisted that the statistics paint a clear picture of the growing threat and the need to act. Last year, MI5 head Jonathan Evans called the cyber-threat to Britain “astonishing,” and said that one anonymous

UK company had lost over $1 billion in an act of intellectual property theft.

And the year previous, cyber-security specialist BAE Systems Detica estimated that British companies lost around $40 billion a year in revenues through hacking attacks.

EU fears

At first glance, it appears the UK is following a recent EU draft bill that seeks to force companies to declare when they fall victim to a cyber-attack. However, the UK initiative differs by giving businesses the choice of whether to participate.

David Garfield, managing director of cyber security at BAE Systems Detica, told the Financial Times that the EU measure could end up being counterproductive: “The real effect of a system of compulsory disclosure might ultimately be to encourage companies to turn a blind eye to attacks, pretending they have not seen them.”

The European Commission’s ‘Open, Safe and Secure Cyberspace’ plan would be a massive operation involving 42,000 companies dealing with banking, transport, energy, health, the Internet and public administrations. 

The companies would be required to immediately inform EU authorities in the event of a hack attack, “to share early warnings on risks and incidents through a secure infrastructure, cooperate and organize regular peer reviews.”

UK officials have voiced concerns over the bill, saying they would be uncomfortable with a law making it mandatory for companies to disclose data on attacks.