Security experts have been saying for some time that cyber attacks against critical elements of the national infrastructure are one of the biggest dangers we face today. And a growing number of governments are starting to listen.

Countries with technologically advanced economies are turning to central units to co-ordinate the response to potential digital attacks, in parallel with putting the provisions in place to meet physical threats such as terrorist attacks and sabotage.

The US InfraGard programme is the latest such initiative. The final stage of the FBI-run scheme, launched earlier this year, is based on the model of the UK’s Centre for the Protection of the National Infrastructure (CPNI).

About 90 per cent of US critical services are run by private companies, including transport, energy production, and distribution and emergency service communications.

A successful cyber attack at any stage of the chain could have devastating consequences and bring normal life grinding to a halt, Dr Phyllis Schneck, chairman of InfraGard’s board of directors, told Computing.

‘Cyberspace is the nexus. If you do not protect that, you endanger everything else,’ she said.

The point of a central unit is to ensure a coherent national response and a single point of contact when problems arise. InfraGard will provide some training for local police but the group’s main business is its education programme.

‘The premise is to build a trusted relationship between government agencies, the police and the 20,000 local companies that form our national infrastructure,’ said Schneck.

‘It means that if people are experiencing an attack they have a number to call and we will be able to investigate it, stop it, and then analyse it.’

Schneck says that the crucial aspect of the programme is its co-ordinated approach.

‘The nice thing is that all the different agencies, no matter how disjointed they appear to be, are connected and liaise on cybercrime,’ she said.

Schneck says there is also much to be learned from the CPNI, the UK’s equivalent agency.

The CPNI, which was established at the beginning of February, is an amalgam of the now-defunct National Security Advice Centre and the National Infrastructure Security Co-ordination Centre.

‘The CPNI is the government authority for protective security advice across the national infrastructure,’ said a spokeswoman for the Home Office.

‘It provides expert advice on physical, personnel and information security, to protect against terrorism and other threats. It sponsors research and works in partnership with academia, a number of other government agencies, research institutions and the private sector.’

The CPNI is run by MI5 and was allegedly created in response to a foiled Al Qaeda plot to attack the Telehouse internet hub in London last year.

Its main role is to share information between companies in key areas through a series of online warning, advice and reporting points. So far exchanges have been set up for the energy sector and the aerospace, defence, financial services, pharmaceuticals, transport and communications industries.

The information exchanges are confidential and are designed to build trust between members so that the reporting of incidents can be as widespread as possible without the fear of sensitive company information being exploited by competitors or exposed in the media.

The plan to merge the CPNI’s two predecessors into one organisation with a broader remit was conceived partly to increase awareness of the issues involved, says Jim Norton, senior advisor at the Institute of Directors.

‘One of the old bodies was responsible for physical security and the other was for electronic security,’ said Norton.

‘The government sensibly decided to take a holistic approach by bringing the two together, and to try to raise the profile

But critics say the CPNI’s MI5 backing makes it too secretive and shields it from the public scrutiny necessary to ensure it is doing its job.

The organisation has had little, if any, contact with the banking sector and does not have a structured training programme either for infrastructure companies facing cyber threats or the local police forces that may have to deal with their aftermath.

Conservative homeland security spokesman Patrick Mercer says his attempts to discover what the unit does have been frustrated.

‘The CPNI seems to be reactive rather than proactive. Both I and my business colleagues still find it difficult to gain access,’ said Mercer. ‘It is a significant concern because we have been told by Al Qaeda that it’s going to be an onslaught year and I’m sure there will be cyber attacks as well as physical attacks,’ he said.

See next page for how the UK and US compare