Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > Information exchanges

Information exchanges

The sharing of information about the risks facing networks is self evidently beneficial to both government and industry. If a mechanism can exist through which one company can learn from the experiences, mistakes, and successes of another, without fear of exposing company sensitivities to competitors and the media, then every participant can improve their level of assurance.

WARPs (http://www.warp.gov.uk/) are one way an organisation can share information with the centre from which the lessons can be abstracted and shared. CNI partners are working with CPNI in Information Exchanges.

These mechanisms are based upon the personal trust of representatives, sharing information in a confidential meeting, run under a version of the Chatham House Rule. Trust is built up slowly; representatives at Information Exchanges are expected to attend all meetings, which are held every two months. Meeting face-to-face, we are building up a trusted, relatively small community with a common interest. Each organisation can put forward a maximum of two representatives, and cannot send substitutes to attend; a stranger turning up at a meeting would inhibit the sharing of sensitive information.

In addition to the Information Exchanges facilitated by CPNI, other exchanges will be set up, both in the UK and internationally. CPNI is creating channels through which information in one Information Exchange is passed to others; a channel exists between the UK and US Network Security Information Exchanges.

Information Exchanges:

  • ADMIE
    The Aerospace and Defence Manufacturer's Information Exchange was formed in December 2006, to share confidentially mutually beneficial information regarding electronic security threats in the aerospace and defence sector. The ADMIE comprises UK-based organisations involved in this sector. Contact point for enquiries: admie@cpni.gsi.gov.uk
  • FSIE
    The UK Financial Services Information Exchange was formed in February 2003, to share confidentially mutually beneficial information regarding electronic security threats, vulnerabilities, incidents and solutions in the UK financial sector. The FSIE includes members from UK-based financial organisations including banking, insurance, securities, service providers, exchanges and CPNI. Contact point for enquiries: fsie@cpni.gsi.gov.uk
  • MSPIE
    The Managed Service Providers Information Exchange (MSPIE) consists of commercial organisations that supply IT services and security to UK CNI customers in the public and private sector. The main aim is to understand risks better and improve security to the benefit of customers, clients, stakeholder and UK national security through information sharing and cooperation. The MSPIE achieves this by facilitating the sharing of information in a confidential and trusted environment concerning threats, vulnerabilities and incidents of electronic attack between its membership. Contact point for enquiries: mspie@cpni.gsi.gov.uk.
  • NSIE
    The UK Network Security Information Exchange (UK-NSIE) was formed in April 2003 to share sensitive information in the information and communications technologies sector. It currently includes IP providers; core mobile operators; and traditional telecommunications providers, as well as CPNI. Participating companies now cover over 80% of the telecommunications market in the UK.  It is linked to NSIE in USA, of which BT is a member.  BT acts as the channel for information between the two Exchanges. Under the aegis of the NSIE, a number of working groups have been established, and several guidance documents and technical papers have been produced. These include: a guide to the procurement of resilient telecoms; best practice guidance on the secure implementation of BGP.  Contact point for enquiries: nsie@cpni.gsi.gov.uk
  • PIIE
    Pharmaceutical Industries Information Exchange was formed in September 2006 to share confidentially mutually beneficial information regarding electronic security threats, vulnerabilities, incidents and solutions in the pharmaceutical industry. All of the PIIE members are from global pharmaceutical corporations that have a significant UK interest. Contact point for enquiries: piie@cpni.gsi.gov.uk
  • SCSIE
    The SCADA and Control Systems Information Exchange is for those companies that are dependent upon SCADA (Supervisory Control and Data Acquisition) or other process control or telemetry systems.  Formed in October 2003, it shares confidential and mutually beneficial information regarding electronic security threats, vulnerabilities, incidents and solutions in the SCADA and process control environment.  The SCSIE includes members from UK-based energy, transport and water companies.  It has produced and is currently working on good practice guidance.  Completed guidance includes:  Implement secure architecture, understanding business risk, firewall deployment for SCADA and process control networks to name but a few.  Contact point for enquiries: scsie@cpni.gsi.gov.uk
  • E-SCSIE
    The European SCADA and Control Systems Information Exchange aims for European industry, government and research to benefit from the ability to collaborate on a range of common issues, and to focus effort and share resource where appropriate.  The outcome is a raised level of protection adopted across Europe's SCADA and Control Systems.   Contact point for enquiries: scsie@cpni.gsi.gov.uk     
  • TSIE
    The Transport Sector Information Exchange was formed in September 2006 and expanded coverage of the aviation sector Information Exchange to include other major transport methods. Contact point for enquiries: tsie@cpni.gsi.gov.uk
  • VSIE
    The Vendor Security Information Exchange (VSIE) was formed in January 2005 to share confidentially mutually beneficial information regarding electronic security threats among the major companies involved in the ICT industry. The VSIE comprises members of major international companies in the ICT sector. Contact point for enquiries: vsie@cpni.gsi.gov.uk
  • SRIE
    The Security Researchers Information Exchange (SRIE) was formed in November 2006 to share confidentially mutually beneficial information regarding electronic security threats in the penetration testing and security research sector. The SRIE comprises of members of UK penetration testing and security research companies. Contact point for enquiries: srie@cpni.gsi.gov.uk

Generic examples of Information Exchange Rules

18/02/2008
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |