The UK Government's national technical security authority is attempting to woo private sector companies to help it slash the cost of computer security.
The Communications Electronic Security Group (CESG), which is part of GCHQ, also hopes to protect the nation's critical national infrastructure, which includes the computer networks of utilities and transport organisations, by ensuring that such networks are secure and interoperate with each other.
Harvey Mattinson of CESG said at the Infosecurity 99 conference in London on Wednesday that the organisation was trying to forge partnerships with the computer industry via three initiatives - Check, the CESG Listed Advisor Scheme, and the CESG Assisted Product Scheme.
Check, which is CESG's newest initiative, is currently in pilot and is due to be launched in August. Under the scheme, CESG approved companies carry out a raft of security checks based on publicly known vulnerabilities and common configuration faults to test computer systems for security weaknesses.
The checks were drawn up by CESG and the Defence Evaluation Research Agency (DERA).
The results are then provided to the organisations involved in a report, which details vulnerabilities and recommends effective security counter measures.
CESG/DERA will continue to provide health checks directly for organisations that have systems carrying government data that is classified as secret or higher, however, rather than rely on third parties.
Last October, CESG also launched the CESG Listed Advisor Scheme, which licenses private sector experts to represent it and provide computer security advice that is consistent with the Government's security policies. Customers include Government departments and other organisations that process sensitive material.
Mattinson said the primary aim of the scheme was to ensure that private sector security advisors understood the risks to official systems, the techniques that were available to combat them, and current policy and guidance. There are now 68 accredited consultants operating in 34 countries worldwide.
The last programme is the CESG Assisted Product Scheme (CAPS), which provides private sector companies with technical advice enabling them to develop their own cryptographic products for government use.
CAPS provides vendors with help in product design and development and includes government cryptographic algorithms that they can incorporate into their products. Proprietary algorithms can also be used for certain security classification levels, however.
To comment on this story, email [email protected]
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all