A security operations centre is to be opened by the UK Government for its public sector network (PSN) to be able to respond to threats.
In an email to IT Security Guru, a Cabinet Office spokesperson confirmed that rather than a continuous diagnostics and mitigation (CDM) system, which the US Department of Homeland Security has installed for US Government departments, this solution is being offered.
“We are not offering a centralised CDM system for the UK Government but that, as part of the deployment of the public services network, we are creating a Security Operations Centre for the PSN which will monitor the network, respond to any incidents and issue alerts and advisories to PSN connected organisations,” a spokesperson said.
The PSN programme director’s interim update said that 151 customers were compliant with the PSN requirements at that stage, and the first stage of the security operations centre was set for launch in September of last year.
Speaking to IT Security Guru, Ross Brewer, vice president and managing director international markets at LogRhythm, said that concepts like this have been around for the two years that the Government Cyber Security Strategy have been in place, and it makes sense to ensure that systems are monitored.
He said: “It doesn’t matter who the provider is as everyone on the PSN is compliant to an agreed set of skills. This sounds quite advanced so I would expect this to have been in progress for two to three years.
“We get involved with the PSN and provide a service for detection and response, and the UK Government has got one of the more sophisticated systems in understanding the threat and seeing something in its environment.”
David Emm, senior security researcher at Kaspersky Lab, said: “As part of its Cyber Security Strategy, the Government has made it clear that defending its own systems, and those of UK businesses, is now critical. So I would see this development as a parallel initiative to UK-CERT and other elements of the Government’s security strategy.”
The CDM initiative was intended to offer better visibility into threats and was deployed in the United States to enable Government departments to expand their continuous diagnostic capabilities by increasing their network sensor capacity, automating sensor collections and prioritising risk alerts.
A statement by the US Department of Homeland Security (DHS) said that while increased connectivity has transformed and improved access to government, it also has increased the importance and complexity of shared risk as the growing number of cyber attacks on Federal government networks is growing more sophisticated, aggressive, and dynamic.
“The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, understand the relative risks and threats, and help system personnel to identify and mitigate flaws at near-network speed,” it said.
ForeScout announced that its visibility solution CounterACT product was being used as a cornerstone technology for 14 of the 17 recipients for the CDM initiative. Speaking to IT Security Guru, ForeScout chief marketing officer Scott Gordon said that the $6 billion concept is a great way to identify threats and incidents.
“The CDM ini
tiative is about continuous monitoring and I understand it is being adapted by the UK Government in a form to identify threats. Of the 17 contractors in the US, 14 of them are using ForeScout CounterACT. They are there to put the tools in; it could be McAfee, Symantec or IBM solutions, but we are part of the tool portfolio,” he said.
CDM works by Government agencies installing and/or updating their diagnostic sensors which begin performing automated searches for known cyber flaws. Results are fed into dashboards that produce customised reports, alerting IT managers to the most critical cyber risks and enabling them to readily identify which network security issues to address first. This enhances the overall security posture of agency networks as results can be shared within and among agencies.
