Digital Britain needs better security

One of the tricks for impressing your customers is to under-promise and over-deliver, thereby ensuring you will exceed their expectations. It doesn’t work well in competitive markets where promises are the key to business. But it’s fine in monopoly situations. That probably explains why I was relatively pleased with the long awaited Digital Britain report. It’s far from perfect and promises few concrete actions, but, from a security perspective it’s a major improvement on the interim report, on which I submitted comments on behalf of the ISSA UK.

It looks like the Digital Britain team has responded to some of the points the ISSA raised. But I’d like to have seen it go much further on security. For me, the key points are that the report clearly recognises the importance of security, especially the need for consumer support and advice, and it endorses initiatives such as the Internet Governance Forum and Get Safe Online. The missing actions are the need for tougher, mandated security standards for critical infrastructure, and the urgent need for a big injection of resources to beef up security education and investigation.

Security is primarily driven by events, so I guess we’ll have to experience a few big incidents before the government bites the bullet and invests in better security. But at least the Digital Britain report is a step in the right direction.   

By the way, Computer Weekly has a useful page that brings together a wide range of comments on the Digital Britain report.  

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Totally agree. OWASP submitted suggestions along these lines too:
As a private individual I do appreciate that my PC may have been taken over and that I am now a Bot. However, I haven't been able to find any simple method of checking whether or not my PC has been taken over. I appreciate the problem for other users and the whole of the Internet - but from my perspective - or that of any elderly user who only uses their PC for email to grandchildren - it may not be my first consideration. Could Computer Weekly provide an Idiots' Guide on "How do I know whether my computer is a Bot - and what to do about it" for Aunt Ethel or provide a suitable link?