* Pilot programme to improve internet defences
* Militant cyber threat against infrastructure seen rising
* UK spending $1 billion over four years on cyber defence
By Tim Castle
LONDON, Nov 25 Britain will try to bolster
defences against cyber attack by encouraging companies to
overcome their reluctance to admit computer security breaches
and share their experiences with each other, the government said
on Friday.
Companies from five strategic sectors - defence, telecoms,
finance, pharmaceuticals and energy - will take part in a pilot
with the government starting in December to exchange information
on cyber attacks and threats to their businesses.
Britain, where six percent of GDP is generated by the
internet, says cyber crime is being committed on an "industrial
scale" and costs its economy 27 billion pounds ($42 billion) a
year. Government networks are under siege from more than 20,000
malicious emails every month.
It hopes the cyber security "hub" linking government and
corporates will lead to greater openness about internet threats
and create a more effective shield against them.
A British official said the government's involvement would
mean companies could report cyber attacks without their identity
being revealed, a concern that has prevented many disclosures.
The pilot, part of a 650-million-pound ($1 billion)
programme over four years, will also help to raise protection
for critical infrastructure from an emerging threat of cyber
attack from militant groups, the government said.
Although militant groups mainly went online to spread
propaganda and communicate, British intelligence sources had
picked up "chatter" about using the internet to target
infrastructure such as energy grids, the official said.
"So far it has not been a big feature of what we see, they
still are more interested in covering the streets with blood,"
he added.
The Stuxnet computer worm attack on Iran's nuclear
programme, linked to Israel and the United States, has shown the
potential for launching assaults on key equipment through
cyberspace.
KEEP QUIET
The reputational risk of admitting a computer system
break-in, as well as the threat of legal action from
shareholders, has lead to many companies keeping quiet rather
than revealing their vulnerability to cyber crime.
"If you are a large international bank you don't want to
admit you found you were penetrated nine months ago, because
that implies you weren't paying attention," said Alan Calder,
chief executive of British private information security firm IT
Governance.
He doubted a voluntary project like the pilot would foster
greater co-operation among companies against cyber threats.
Unlike in much of the United States, there is no requirement
in Britain for companies to disclose data security breaches.
"I don't think it will work. The core target, the defence
and financial sector, are much more likely to say nothing unless
there is regulatory requirement to do so," Calder said.
A number of high profile online assaults this year on
international companies such as Sony, Citigroup and Lockheed
Martin, as well as against institutions like the International
Monetary Fund, have raised doubts about the security of
government and corporate computer systems.
Britain did not detail the companies taking part in the
pilot. Officials said Prime Minister David Cameron had discussed
the project in February with a group of firms including Barclays
bank, energy firm BP, telecoms group Vodafone and energy
supplier Centrica.
(Editing by Janet Lawrence)