Government urged to step up fight against cybercrime

12/12/2003 Written by Bill Goodwin

The gov­ern­ment has been urged to cre­ate one-​stop shops to allow busi­nesses to report com­puter crimes and share con­fi­den­tial intel­li­gence about cyber­at­tacks with other organisations.



The lack of reli­able intel­li­gence on com­puter crim­i­nals and a short­age of hard sta­tis­tics on the impact of com­puter crime, is plac­ing busi­nesses at risk, industry/​government lobby group Eurim claimed in a wide-​ranging dis­cus­sion paper pub­lished this week.



The group’s warn­ing comes as the Home Office is prepar­ing a national e-​crime strat­egy that is likely to have far-​reaching con­se­quences for the police, gov­ern­ment and com­puter users.



“There is a real lack of infor­ma­tion on the extent to which e-​crime is under­min­ing trust in the infor­ma­tion soci­ety,” Eurim warned. “We need to make sure that we have ade­quate skilled resources and processes in place to report, inves­ti­gate and pros­e­cute e-​crime when it occurs.”



Busi­nesses and the gov­ern­ment should col­lab­o­rate to ensure that the pub­lic and small busi­nesses have access to bet­ter infor­ma­tion about com­puter secu­rity, said Eurim, which is seek­ing com­ments from IT pro­fes­sion­als on its pro­pos­als.



This would pro­tect larger busi­nesses by help­ing to slow down the spread of viruses and mak­ing it harder for hack­ers to use vul­ner­a­ble com­puter sys­tems as a stag­ing post to attack large com­pa­nies.



The paper also called for cer­ti­fi­ca­tion schemes to be devel­oped for foren­sic invesitagors so that in the future, busi­ness will find it eas­ier to find qual­i­fied staff to inves­ti­gate secu­rity breaches.



“We do need to think seri­ously about the whole secu­rity area and treat it much more as a pro­fes­sion with all that it entails, with codes of prac­tice and con­tin­u­ous devel­op­ment,” said secu­rity con­sul­tant Chris Sundt, who con­tributed to the Eurim report.



It called for a cam­paign to per­suade soft­ware and hard­ware sup­pli­ers to pro­vide prod­ucts with the secu­rity turned on by default. Sup­pli­ers should also offer small firms ready-​to-​go secu­rity pack­ages and low-​cost secu­rity audits to help them pro­tect their sys­tems, the report said.



The paper also called for a gov­ern­ment review of com­puter crime law, includ­ing strength­en­ing of the Com­puter Mis­use Act against denial-​of-​service attacks, and the imple­men­ta­tion of past rec­om­men­da­tions by the Law Com­mi­si­son.



Main rec­om­men­da­tions

*
Gov­ern­ment should cre­ate one-​stop shops to report com­puter crime and exchange intel­li­gence between indus­tries

*
Gov­ern­ment and indus­try bod­ies should work more closely to gather bet­ter intel­li­gence and elim­i­nate dupli­cated effort

*
Retail­ers and IT sup­pli­ers should offer ready-​to-​use secu­rity pack­ages and low-​cost secu­rity audits for small firms.

*
IT user courses should be extended to cover basic secu­rity prac­tices

*
Gov­ern­ment and indus­try to develop codes of prac­tice and con­sider an accred­i­ta­tion scheme for e-​crime inves­ti­ga­tors

*
Vol­un­tary accred­i­ta­tion scheme for secu­rity con­sul­tants

*
Gov­ern­ment should strengthen the Com­puter Mis­use Act and con­sult on other legal reforms iden­ti­fied by the Law Com­mis­sion

*
Gov­ern­ment should ensure that indus­try has an early input into devel­op­ment of global co-​operation on e-​crime and inter­na­tional leg­is­la­tion.

www​.eurim​.org/​c​o​n​s​u​l​t​/​e​-​c​r​i​m​e​/​E​C​S​_​p​u​b​_​i​n​d​e​x.htm


Share this content: