CERTs loss is the United Kingdoms gain. NGSS two weeks ago inked a deal with the British government to provide that countrys top cyber-security office with access to NGSS research on an advance basis, something the Litchfields said they will not offer CERT or the DHS.
CERT joins a growing list of agencies close to, and within, the U.S. government that, while demanding rising volumes of data from the private sector, have not set an example for an efficient flow of information, experts say.
Still, the thirst for increased data, even to a government body reluctant to share it, could hinder security efforts, according to Bob Collet, vice president for engineering at AT&T Corp.s Government Solutions division, in Washington.
"In the wrong hands, this compilation of critical infrastructure assets only increases vulnerability," Collet told the House Government Reform committee last week. Collet added that sensitive network data should be closely guarded by individual providers.
That attitude has the owners of the popular Zone-h.org security portal taking a similar tack. Two weeks ago, the group announced plans to set up a private, restricted-access repository for exploit code. Also under development is a companion forum, which will be open to the public. No time frame was announced, however.
"We decided to use this scheme so that our exploit database will not be used by crackers or defacers to get access to other systems. Basically, we want to know whos who before granting access," said Roberto Preatoni, administrator at Zone-h, based in Tallinn, Estonia. "Only when we trust somebody will we let him in. Everybody will have the possibility to gain our trust and get access, but it will not be an easy task."