The latest press cover on the BRC survey on the cost of e-Crime still misses the point. The biggest cost is lost business . And I do not mean hypothetical losses because of "piracy" but actual order abandoned because intrusive security or lack of confidence means, for example, that more transactions (by value) are abandoned than are completed. as in so many other areas, those concerned with the future of London as a global financial services are ahead of the curve (and in this case ahead of both government and most of their technology suppliers) in looking at the consequences.
How do you apply "My
word is my bond" to the on-line world.
Who am I? Which version of which translation of which
e-mail or tweet was my word? What is my bond worth? Does it matter (and if so, to whom) if the transaction is subject to irrevocable payment in advance or on delivery?
Which suppliers can you trust? Which credentials, regulators and enforcement agencies are trustworthy?
A fortnight ago I
attended a workshop to develop ideas for the TSB "Trusted Internet" Catapult. (the latest HMG funding initiative in the cybersecurity space. The timetable for the launch of the new facility parallels that for a competition for University Masters Students to look at some of the questions that need to be asked. The aim is to get those who will be designing the products and services of the future to throw rocks
into the stinky pools of introverted discussion on "trusted identities", "trusted
computing", "trust services" and "trusted intermediaries". Their generation will have to live with the consequences
of the decisions currently in prospect with regard to research priorities, business
plans and regulatory initiatives. They are also in a position to think the
unthinkable and be rewarded not punished.
After discussing the original proposal, the Director of one of the new UK Cyber Centres of Excellence said that the questions he would like to see his students tackle included:
"What constitutes lawful protest online and how can this essential aspect of a democratic space be reconciled with an online environment that promotes economic prosperity?"
"Which of the grooming techniques employed by online "phishermen" could be used to foster a beneficially greater sense of trust online and would it be ethical to use these methods?"
"How do you bring about behaviour change at board level regarding to the value of information, security strategies and budgets? What arguments, language and evidence are needed?
My first thoughts were: "Ouch", Ouch" and "Ouch". My second thoughts concerned those who I would like to see brought together to debate such questions. My third thoughts concerned the mix of academic disciplines that wwould need to be brought together to provide credible answers.
The competition appears to be gaining widespread support from some of those with difficult decisions to make over the next year or so as well as from those who wish to stretch the minds of their students across academic boundaries and those who wish to work with them on applied research and technology and/or subsequently recruit them. Over the next couple of months we will be looking to go firm on the organising team and sponsors, the support available to entrants and the prizes. But first we need to take a good look at the questions.