Internet service providers and manufacturers of
operating systems should be providing more secure services and
software for the public because of the
rise in e-fraud, a member of the House of
Lords Science and Technology Committee has said.
Lord Broers, chairman of the sub-committee for investigating
personal internet security, said the
responsibility for staying safe online is currently divided and
unbalanced and the emphasis is on users to take measures to
protect themselves rather than on suppliers, who might be better
placed to manage the risk in the first place.
“Responsibility for online security - which at the moment is a
mixed bag – cannot continue to be pushed onto the end user. It is
an issue that cannot be ducked in the long term and as technology
matures. At the moment the balance isn’t right,” he said.
Broers said that users currently relied mainly on the goodwill
of ISPs and software developers to provide security, but that the
committee had been examining the possibility of persuading
companies to take more responsibility though regulations and even
specific laws.
The government committee has recognised the importance of proper
internet security measures has never been greater because of the
growing use of home computers, the spread of broadband, and the
rise in internet banking and commerce.
Phil Cracknell, UK president of the Information Systems Security
Association, said software suppliers should be held to account by
legislation for the quality and security of their software.
“Airline and car manufacturers are subject to legislation – why is
software the exception?” he said.
The results of a government inquiry, due to be published in
July, will provide the first in-depth parliamentary study of the
current state of internet security.
Identifying responsibilities for emerging online threats and
determining the adequacy of regulations and criminal laws for
addressing cyber crimes are also on the agenda.
Liaising with other international government departments such as
the US Department of Justice and the FBI has formed part of the
committee’s investigation. Broers said that while the FBI had a
strong ability to conduct internet security forensics, in
comparison, the UK’s Metropolitan Police had a much smaller
capacity.
“However, in spite of the US having stronger resources to
investigate cyber crimes, the Department of Justice had not made
that many prosecutions,” he said.
The UK government’s ability to measure the true scale of cyber
crime will also be addressed in the report.
“Implementing a reliable reporting system to track the number of
internet-based attacks is necessary too, as measuring the scale of
the problem at the moment is difficult owing to a lack of reliable
data. The methods for currently detecting and recording incidents
is totally unsatisfactory,” said Broers.
He cited a general reluctance from victims of cyber crimes to
report incidents, which needed to be overcome.
Vast majority concerned about data security
>>
Apacs and Visa grilled over online crime
>>
Mail order firms 'most at risk' from ID fraud
>>
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated
with managing security
Stuart King’s risk management blog
>>
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk