27 Mar 2013

Cybersecurity: will plans for a ‘fusion cell’ be effective?

MI5 analysts are to work alongside industry experts in a bid to co-ordinate attempts to combat online criminality. But will this so-called fusion cell work, asks Geoff White?

Cybersecurity fusion cell.

A fusion cell might sound like something made up by the writers of BBC spy drama Spooks (or perhaps Jamie Oliver’s merchandising people). But the announcement of this and other government cybersecurity measures aims to tackle a problem which is far from fictional.

Government has realised for some time that it cannot tackle cyber attacks alone – there are simply too many in too many industry sectors. So the announcement by Cabinet Office Minister Francis Maude aims to pool the experiences of companies in an online, high-security forum to which government will also contribute.

The idea is to prevent a situation where a cyber-criminal can hit one company after another, safe in the knowledge that each victim will be too embarrassed (or wary of its share price) to tell anyone what happened.

A separate fusion cell will bring together GCHQ and the other intelligence services with industry analysts to look at the kind of threats companies are reporting. But it’s this separation between industry experience and government insight which may cause problems.

Security companies told me they felt the ‘sharing’ was all one way – government would soak up reports from industry, and give little in return.

When these information-sharing hubs were piloted in 2011, several security companies told me they felt the “sharing” was all one way – government would soak up reports from industry, and give little in return.

If government is relying on bosses’ altruistic desire to help their fellow man, this new scheme is likely to disappoint.

What chief executives crave in cyber-security is advice and protection. The Cabinet Office is trying deliver that through other initiatives, the success of which will be critical to whether business feel comfortable to open up about cyber attacks.