Private firm sets up computer security service


FRUSTRATED AT the lack of response from the Government, a private company has established a national Computer Emergency Response Team (Cert) to warn Irish businesses about online security threats.

The Irish Reporting and Information Security Service (IRISS) has been established through sponsorship from US security training and certification organisation the Sans Institute and local firm BH Consulting and is manned by 15 volunteer computer security professionals.

Since its low-key launch on November 10th, over 100 Irish businesses have signed up to receive alerts from IRISS. The service sends out alerts specific to each firm's area of interest, eg Windows or Linux, as well as specific threats to the Irish internet space. Two such threats have been issued since the service launched - one about a domain renewal scam targeting the owners of ".ie" web addresses and an alert about a phishing e-mail that appears to come from the Irish League of Credit Unions.

"This is a service the community really needs," says Brian Honan of BH Consulting. "Think of it as an Irish neighbourhood watch for the net." In the three years Mr Honan has been attempting to establish an Irish Cert, he has built up relationships with similar services around the globe. This led to the French Cert notifying IRISS that 15 secure telnet accounts belonging to Irish firms had been compromised. IRISS will now endeavour to contact the owners and alert them to the problem.

The service also investigates security problems in Ireland that it is told about. The Irish Times has learned that one of the first reported incidents relates to a now defunct golf e-commerce site. Internet searches can show a link to a file on the site, seen by this reporter, which seems to include customers' credit card details.

Mr Honan won't discuss the details of individual cases as he says IRISS has to be trusted to keep information confidential.

"If a consumer comes across an issue we are happy to hear about it, but we are not in the business of advising consumers on security," says Mr Honan.

Once incidents have been investigated and resolved, they are published on the members' area of the website,

Given the lack of Government support, IRISS is built on a framework called Warning, Advice and Reporting Point (Warp), which was developed by Britain's Centre for the Protection of National Infrastructure and can be used free of charge for non-commercial ventures.

In 2006, it was reported that the Department of Communications was actively looking at establishing an Irish Cert and some preliminary meetings were held with interested parties. Ireland is one of the few western nations not to have a state-run national Cert.