Cyber-security Information Sharing Partnership (CiSP)

cisp-logo

The Cyber-security Information Sharing Partnership (CiSP), part of CERT-UK, is a joint industry government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business.

CiSP allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information.

CiSP members are also able to receive network monitoring reports. This free service allows users to receive tailored feeds of information from CERT-UK covering any malicious activity that we see on your network.

Users can sign up for this service when they join CiSP or register your interest and a member of the team will get back to you when you have the necessary information.

Fusion Cell

CiSP members receive enriched cyber threat and vulnerability information from the ‘Fusion Cell’, a joint industry and government analytical team who examine, analyse and feedback cyber information from a wide variety of data sources – ultimately adding value to CiSP members and helping those organisations of all levels of cyber maturity. The Fusion Cell also provides a range of products and services including alerts and advisories, weekly and monthly summaries, as well as a capability to conduct bespoke malware and phishing email analysis on behalf of CiSP members.

Since the launch of CiSP in March 2013 the value of this collaboration has been recognised by industry, with CiSP continuing to grow considerably with over 2225 organisations and 6150 individuals signed up for this free service as of May 2016.

Our partners include:

CiSP members benefit from:

  1. Engagement with industry and government counterparts in a secure environment
  2. Early warning of cyber threats
  3. Ability to learn from experiences, mistakes, successes of other users and seek advice
  4. An improved ability to protect their company network
  5. Access to free network monitoring reports tailored to your organisations’ requirements

To become a registered CiSP member you must be:

  • A UK registered company or other legal entity which is responsible for the administration of an electronic communications network in the UK
  • Sponsored by either a government department, existing CiSP member or a trade body/association

Before starting your CiSP application please make sure you have read, and agreed to, the terms and conditions.

Members of CiSP have access to an online collaboration tool that provides a trusted and functional environment for industry and government to share cyber threat and vulnerability information, best practice and appropriate mitigations.

Before starting your CiSP application please make sure you have read, and agreed to, the terms and conditions.

 

Prospective organisations and individuals will need a sponsor; this could be a member of CERT-UK, a member of an Industry Information Exchange or a trusted member as authorised by CERT-UK.   The sponsor will testify that the new applicant is genuine and has a bone fide reason for joining CiSP.

 

Becoming a member of CISP requires a two-step process:

  1. The organisation needs to join CiSP using the Organisation application.  The application will take no more than five minutes to complete and if successful, you will receive an invitation for your organisation to join CiSP within five working days.
  2. Once organisation membership is approved, each staff member of that organisation needs to use the Individual application forms to start using CiSP.

BT:

“Being a large network provider, BT are well aware of the ever-present threat of Denial-of-Service attacks. CiSP provides an environment where members can share details of attacks that have been observed (volumes, trends and techniques), and discuss effective controls to defend against DoS attacks. By understanding the anatomy of attacks that others are seeing we can assess our own mitigations and ensure that these remain effective for ourselves and for our customers.

A big benefit is that CiSP has created a diverse community, encouraging members to share information outside of their traditional sectors and with people and organisations they would otherwise have no interaction with. CiSP provides an environment from which we can work together, consolidating experience and knowledge and strengthening our ability to defend against current and future threats.”

A large UK based transport organisation:

“CiSP provided clear and concise data on the Heartbleed vulnerability. When the Heartbleed vulnerability was unveiled, CiSP detailed actionable and credible information that we used to support our infrastructure. The first 24 hours were crucial in understanding what Heartbleed meant to us. Getting the word out to our suppliers, beginning our analysis and remediation efforts were strengthened by the specific information we received from CiSP. CiSP is an important and reliable tool in our cyber work.”

Why is this CiSP initiative necessary?

The increased reliance on internet-based services brings with it an increased threat from criminals and hostile states who look to exploit vulnerabilities in security as an easier, more cost effective route to carrying out their activity. The level of activity suggests neither industry nor government can solve this problem on their own, so a collaborative approach has been sought.

 

Is there a subscription fee to join CiSP?

No. This initiative is funded by government through the National Cyber Security Programme and there remains a commitment to continue funding to at least April 2016.

 

Will any organisation be accepted as a CiSP member?

No. There is acceptance criteria and a level of governance around which organisations will benefit from, and add value to, the collaboration environment. All applications will be assessed fairly and independently.

 

Is CiSP membership individual or organisation based?

Organisations are required to join CiSP as an approved member before individual participants from within your company can apply to join. Participants are normally in roles associated with defending their organisation’s networks.

 

How do I know if my organisation is already a CiSP member?

If you are unsure if your organisation is already a member of CiSP please contact us.

 

How can I be confident the information I share on CiSP won’t be misused?

All CiSP members agree to a robust set of terms and conditions when joining the CiSP. Members are sharing sensitive cyber threat and vulnerability information and we need to ensure this information is handled correctly and is not misused.

In conjunction with this, we operate an Information Handling Scheme which allows our members to determine who they want to share their information with.

Finally, there is functionality to allow members to post information anonymously so they can receive the benefits of collaboration, but without necessarily attributing it to their organisation.

 

How secure is CiSP?

A full risk assessment of CiSP has been completed and suitable security controls and measures have been put in place. The CiSP platform is regularly scanned for vulnerabilities and is penetration tested. CiSP is hosted on an environment built to CESG security best practises and IL3 standards and is hosted in a secure UK datacentre.

 

Is CiSP subject to the Freedom of Information Act (FOIA)?

Yes. The Cabinet Office (CO) is a public authority which is subject to the requirements of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004. FOI requests can take many forms and we would deal with each enquiry based on its own merits; this would involve discussions with relevant members and our lawyers to consider if any of the exemptions to the Act are appropriate. We would ensure that we would meet our responsibilities under the terms of the Act whilst ensuring members’ sensitive information is correctly handled.

 

What information will I have access to inside CiSP?

The Fusion Cell provides a range of products and services to increase members’ situational awareness – these include alerts and advisories, weekly and monthly summaries and trend analysis reporting. The amount of information you see will depend on how much is posted and how the author has opted to share this information through the Information Handling Scheme. The more information available to the CiSP community the richer our knowledge becomes. Members are encouraged to share this as widely as it is securely possible.

 

What benefits will I expect to receive as a CiSP member?

CiSP aims to increase protection for all sectors against cyber threats by allowing us to be better informed of potential threats and vulnerabilities. This in turn allows us to act on the information provided in a timely manner and better protect our networks.

An example of the benefits (in addition to expertise available more widely from CiSP members and the products and services the Fusion Cell produce) members can expect to receive include: access to privileged information from our international partners and invitations to attend intelligence briefs.

 

How does the Fusion Cell add value to CiSP?

The Fusion Cell, consisting of government and industry analysts, provides a catalogue of products and bespoke services to its members for free. The team monitors CiSP, examines multiple open and closed sources of information, conducts analysis and as a result can feed back enriched cyber threat and vulnerability information to the CiSP community. In addition, the Fusion Cell conduct bespoke malware and phishing email analysis on behalf of CiSP members.

The Fusion Cell Analysts benefit from being co-located with teams responsible for incident handling and engagement with UK and international partners. What is an incident for one organisation may well become situational awareness for other members.

 

How do I establish contact with fellow industry partners?

The Fusion Cell will assist in connecting you to fellow industry partners and recommend groups that you may wish to participate in. Members are able to join groups on CiSP to facilitate information sharing that is relevant to particular business areas. Groups can be open (to all CiSP members) or closed (private).

CiSP is also in the process of looking at running workshops to encourage face to face interaction amongst CiSP members and build upon the trust to facilitate even better information sharing.

 

If you have any additional questions then please contact us.