E-Crime Petition approaching critical mass

The petition on the No 10 calling for urgent action on an NHTCU replacement has been signed by two of the House of Lords Committee on Personal Internet Safety, many leading lights of the ICT world and not a few journalists

Industry commentators may have been upset by the cautious Government response to the House of Lords report, but connoisseurs of “Whitehall Speak” recognised a definite “maybe”. Some were willing to put money on most of the recommendations coming to pass inside the year.

The petition is now well inside the top quartile of petitions on Business and Industry topics and is approaching the point where officials have to post a comment in response. And that has been achieved inside five days of posting and we still have not reached the time of the meeting at which the were due to plan the launch. I did not know when I was told the petition was one the website and have had to apologise for “leaking” the story.

In my previous blog I particularly asked for reasons for not signing. I have received only one – that “the current MPS plans are far too modest and do not include co-operation on reporting, remedial action and enforcement.”

My understanding is, however, that the original ACPO-MPS proposal was tailored for the Government funding then in prospect. Since then HMG has allocated rather more significant amounts for action on fraud and money laundering and now now faces very much more in damage limitation spend. The petition explicitly calls for “a similar scale to equvalent operations in the United States, with additional funding from other government departments and industry”.

The US equivalent is an inter-locking triumvirate of operations (one leg of which is even lower profile than the SOCA e-Crime team, but much better funded) which co-ordinates activity against all forms of e-crime (from attacks on the Internet itself through denial of service and phishing to support for e-Crime prevention programme). The collective budgets are unclear but the Federal Government contribution, from a variety of budgets including DoD, Homeland Security and FBI, is said to be in excess of $500 million.

Industry (including Financial Services, e-Commerce players and ICT suppliers who want their customers to transact on-line) are said to have much more than matched that $500 million (including with technical support and “reservists”/”special constables”) in return for the operation giving the same priority to attacks on their brands, services and IPR that it does for “probing” attacks by other Governments on Federal agencies and defence contractors. More-over the triumvirate is beginning to inter-operate with the other agencies involved in the US Presidential Taskforce on ID theft.

Those who balk at the sums spent in the US should be aware that UK industry already spends well over £3 billion a year on electronic security – over a billion of that with outside contractors.

There are mixed views as to whether that is too much or too little but what is certain is that the current fragmentation of effort in the UK means that many do not get good value for money and the ACPO-MPS plans could provide an overdue focus for partnership – in much the same way as the NHTCU was able to punch well above its weight.

Section 4.1 and 4.2 of the technical appendix, “Cybercrime Reporting and Intelligence: How do we know what is happening“, for the recent Parliament and Industry conference summarises the US organisations and structures and their current UK equivalents, where these exist.