« Planning for the worst | Main | A new security blog »

Digital Britain needs better security

One of the tricks for impressing your customers is to under-promise and over-deliver, thereby ensuring you will exceed their expectations. It doesn't work well in competitive markets where promises are the key to business. But it's fine in monopoly situations. That probably explains why I was relatively pleased with the long awaited Digital Britain report. It's far from perfect and promises few concrete actions, but, from a security perspective it's a major improvement on the interim report, on which I submitted comments on behalf of the ISSA UK.

It looks like the Digital Britain team has responded to some of the points the ISSA raised. But I'd like to have seen it go much further on security. For me, the key points are that the report clearly recognises the importance of security, especially the need for consumer support and advice, and it endorses initiatives such as the Internet Governance Forum and Get Safe Online. The missing actions are the need for tougher, mandated security standards for critical infrastructure, and the urgent need for a big injection of resources to beef up security education and investigation.

Security is primarily driven by events, so I guess we'll have to experience a few big incidents before the government bites the bullet and invests in better security. But at least the Digital Britain report is a step in the right direction.   

By the way, Computer Weekly has a useful page that brings together a wide range of comments on the Digital Britain report.  

Bookmark and Share


Tags:

Posted by David Lacey on June 17, 2009 3:38 PM |

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/55446

Comments (2)

Clerkendweller:

Totally agree. OWASP submitted suggestions along these lines too:

http://www.owasp.org/index.php/Industry:Digital_Britain_Interim_Report

Posted by Clerkendweller | June 18, 2009 10:10 AM

Posted on June 18, 2009 10:10

Mary Hawking:

As a private individual I do appreciate that my PC may have been taken over and that I am now a Bot.
However, I haven't been able to find any simple method of checking whether or not my PC has been taken over.
I appreciate the problem for other users and the whole of the Internet - but from my perspective - or that of any elderly user who only uses their PC for email to grandchildren - it may not be my first consideration.

Could Computer Weekly provide an Idiots' Guide on "How do I know whether my computer is a Bot - and what to do about it" for Aunt Ethel or provide a suitable link?

Posted by Mary Hawking | June 19, 2009 7:21 PM

Posted on June 19, 2009 19:21

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on June 17, 2009 3:38 PM.

The previous post in this blog was Planning for the worst.

The next post in this blog is A new security blog .

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]