One of the tricks for impressing your customers is to under-promise and over-deliver, thereby ensuring you will exceed their expectations. It doesn’t work well in competitive markets where promises are the key to business. But it’s fine in monopoly situations. That probably explains why I was relatively pleased with the long awaited Digital Britain report. It’s far from perfect and promises few concrete actions, but, from a security perspective it’s a major improvement on the interim report, on which I submitted comments on behalf of the ISSA UK.
It looks like the Digital Britain team has responded to some of the points the ISSA raised. But I’d like to have seen it go much further on security. For me, the key points are that the report clearly recognises the importance of security, especially the need for consumer support and advice, and it endorses initiatives such as the Internet Governance Forum and Get Safe Online. The missing actions are the need for tougher, mandated security standards for critical infrastructure, and the urgent need for a big injection of resources to beef up security education and investigation.
Security is primarily driven by events, so I guess we’ll have to experience a few big incidents before the government bites the bullet and invests in better security. But at least the Digital Britain report is a step in the right direction.
By the way, Computer Weekly has a useful page that brings together a wide range of comments on the Digital Britain report.