LONDON — Nine leading British defense companies are collaborating with the government in a partnering scheme to prevent cyber attackers from stealing the industry’s secrets.
The Defence Cyber Protection Partnership (DCPP) has been working since May to bolster security in the defense supply chain here as concerns continue to grow about the activities and identities of cyber attackers.
The announcement follows hard on the heels of the Ministry of Defence’s announcement that it is setting up special cyber reserve units to harness the expertise of industry IT experts and others in protecting military secrets.
BAE, BT,CGI, EADS Cassidian, Hewlett Packard, Lockheed Martin, Rolls-Royce, Selex ES and Thales UK are teaming with the Government Communications Headquarters (GCHQ), the MoD and the Centre for the Protection of National Infrastructure to share best practices to meet the emerging cyber threat to the industry.
Trade associations are also involved. Jeegar Kakkad, policy director of lobby group ADS, said part of their role will be to help disseminate information and practice to the small- and medium-sized enterprises that proliferate the defense supply chain.
British defense companies have not publicly admitted to serious breaches of their security systems here, but Qinetiq and Lockheed Martin are among some of the big names in industry that have owned up to being compromised in the US.
Accountants PwC said in a survey for the British government earlier this year that 93 percent of large organizations and 87 percent of small businesses experienced a security breach of some kind last year.
The rise in breaches was particularly strong in the small business sector — up 11 percent on 2011.
The biggest challenge, said Cassidian cyber expert Andrew Beckett,is to persuade small businesses to report attacks without fearing that their reputations and share prices will suffer.
“This partnership agreement takes our approach to tackling cyber crime to a new level in that it is a clear indication from the government that more needs to be done to not just increase awareness but to also share valuable threat intelligence.
“Our biggest challenge is to educate and gain the confidence of small businesses to persuade them to report cyber attacks as there is still a reluctance to do so for fear that it could harm the reputation of their business in some way,” Beckett said.
The MoD said in a statement that the partnership aimed to counter the cyber threat in the defense supply chain by increasing the awareness of cyber risks, sharing threat intelligence and defining risk-driven approaches to applying cyber security standards.
“By sharing experience of operating under the constant threat of sophisticated cyber attack, the DCPP will identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole,” said the MoD.
The DCPP model could act as a useful template for other commercial sectors to improve resilience across UK industry, said the MoD.
Earlier this week, GCHQ Director Ian Lobban warned that the UK is seeing 70 complex cyber attacks a month.
He told a BBC Radio 4 program the attacks were reaching industrial proportions.
“We started a couple of years ago thinking this was going to be very much about the defense sector, but really it’s any intellectual property that can be harvested. People are going after IP then seeking to translate it into national gain,” said Lobban.
In many cases the cyber attacks were state-sponsored, he said.
The National Audit Office, the government spending watchdog, reported earlier this year that cyber crime was estimated to cost between £18 billion and £27 billion a year.
To help cope with the growing demand for cyber skills, BAE said last month that 44 percent of 293 graduates and trainees it plans to recruit in the UK this year will be destined for the company’s Detica security business.
The MoD highlighted the issue of scarce cyber skills here when it rolled out its plans Wednesday to substantially increase the number of reserve forces in response to personnel cuts to regular troops caused by continuing defense budget cuts.
The uplift in reserves includes the creation of specialist cyber units to combat attacks on military operations.
Recruiting cyber specialists, though, might prove taxing — it’s reckoned the sort of people that work in the industry “might not fit the traditional reservist profile,” said the MoD.
To try to counter that problem, the MoD is launching a pilot scheme next month to test how it might attract sector specialists.