The rising
tide of cybercrime could result in more intrusive regulation and
legislation of IT, corporate security chiefs have been
warned.
Speaking at
Compsec, the UK's main IT security conference, Dame Pauline
Neville-Jones, chair of defence technology agency Qinetiq, said
advances in networking technology had raised new headaches over IT
security and how to improve it.
Neville-Jones, who
was a recent chair of the government's Joint Intelligence
Committee, said that rising fears over cybercrime increased the
likelihood of government intervention in a bid to bolster trust in
e-business.
"I am not
advocating tighter regulation," she said, arguing that better
dialogue between security specialists, lawyers and legislators
would lead to more resilient systems and less intrusive
legislation.
Neville-Jones added that the main underlying issue is to ensure
trust in future IT systems. "All freedom depends on trust," she
said. "That is a central feature of a democracy."
Elsewhere at the
conference, Peter Kaye, the Bank of England's Security Advisor,
said that no one solution could ensure strong IT security.
IT security is
bespoke and solutions will all be specific to each company, Kaye
said.
"There will be a
synergy of elements used in different emphases relating to
different people in different situations," he said. "Security
problems tend to be very specific."
Kaye's formula for
assessing risk is to calculate the impact and probability of a
security breach on the organisation and balance that against
countermeasures in place.
He advised
companies adopting the classic military "OODA" approach (To
observe, orientate, decide, and then act) to keep one step
ahead.