Warning, Advice and Reporting Points, otherwise know as WARP, is the equivalent of a neighbourhood watch scheme between different companies to help develop trust and to improve the security of information systems. Tony Proctor, WARP manager, University of Wolverhampton, explains.

Warning, Advice and Reporting Points (WARP) have been operating for five years since the launch of the London Connects WARP in April 2003. This was set up in order to trial the WARP concept and is now very well established.

It serves the 33 London boroughs and is part of the overall Information Security for London (ISFL) programme. There are now 15 WARPs in the UK. Last year saw the concept exported with the creation of the first overseas WARP by the electronics giant Hitachi in Japan.

The idea for WARP was developed by the National Infrastructure Security Coordination Centre (NISCC), now called the Centre for the Protection of the National Infrastructure (CPNI). This is the government department which has responsibility for the physical, personnel and information security of the entities deemed critical to the UK national infrastructure.

Anecdotally, WARP has been described as the 'Neighbourhood Watch of Information Security' or the 'outreach component of a Computer Emergency Response Team (CERT)'. Essentially, a WARP performs three major functions:

  • It issues warnings and news on information security threats, vulnerabilities and exploits. (These are automatically filtered so that members receive only the information that is relevant to them and often reworded to ensure that they are appropriate for their audience);
  • Advice via sharing of experiences, best practice and access to experts in the field;
  • A WARP is a place to report information security incidents.

These activities are all conducted within a community. This community approach has been adopted with the intention of developing sufficient trust amongst the members to enable a genuine sharing of experiences through an environment in which participants feel secure. In order to make this happen and for practical purposes, it is a recommendation that a WARP normally consist of no more than 100 members (however, these individual members may be representing a much larger constituency e.g. a Local Council).

A WARP community is simply a group that has some common requirements typically, operating within a common business sector, interest or geographic region. Currently there are a number of  WARPs operating within local government and other public sector bodies such as the NHS, the private sector (Anite, Hitachi, BT) and the voluntary sector, which includes the Radio Amateur's emergency network  (clearly a useful group to have on board in the event of a regional or national emergency).

The WARP operators are an eclectic mix. Some WARPs are operated directly by the organisations they represent. Some are run by volunteers. Higher education is also involved in operating WARPs.

This continues a precedent set by Carnegie Mellon University in the US, who created the first Computer Emergency Response Team (CERT) in partnership with the US Government. At the University of Wolverhampton we are involved in delivering WARPs to local government in both the West and East Midlands. We are also piloting an NHS WARP and are working on extending the concept to the smaller business sector.

WARP is a developmental concept and will, therefore, evolve over time in order to effectively meet the needs of the members. The development's in technology and the ways in which it is used means that there is a growing requirement for everyone to mitigate their risks whilst continuing to take advantage of the benefits. WARP is an excellent way of informing as well as listening to all varieties of computer user on these issues.

Whilst the majority of the information will be cascading downwards from external sources, there will be occasions (for example, zero day exploits) where incidents are experienced at ground level first and reported upwards. We already have some experience of this.

As chair of the Operators' Forum, I lead the quarterly meetings of the WARP Operators that take place. The regular attendees are the operators, WARP Member Representatives, GovCERTUK (the Computer Emergency Response Team for the UK) and representatives from other government departments. Invites are offered to representatives from industry and other interested parties as required.

This 'face to face' forum is one of a number of methods that are used for sharing information between WARPs. Others include an electronic forum and peer-to-peer arrangements for information exchange on a daily basis.

With a basic tennent of information sharing, the WARP concept relies heavily on regular, effective communication between WARP operators. In many ways the Operators' Forum is an extension of the local WARP networks.

It is the place to share not only experiences but also to disseminate local developments to the group, to raise problems and attempt to find their solutions. An effective operator's forum helps to assist with the development of WARP in a coordinated manner. It also allows all operators the opportunity to contribute to and comment on activity.

The Annual WARP Forum (being held in London on June 3rd this year) attracts a broader audience including international attention. The event in Leeds last year attracted delegates from as far afield as Japan, Estonia, Greece, Switzerland and Holland. The annual forum includes expert presenters and workshops.

Whilst CPNI supports the national activities related to WARP, members have to pay a fee to their local operator in order to join. However, since WARP is operated on a not for profit basis, it is anticipated that the cost can actually reduce once the critical mass required to finance the infrastructure / service has been reached.

For more details contact: t.proctor@wlv.ac.uk