From Ashley Madison to Talk Talk: time for "Partnership Policing" for the online world

It is now a decade since publication of the six papers produced in the course of the two year EURIM-IPPR into “Partnership Policing for the Information Society study”. Ministers welcomed the fifty or so recommendations: from awareness and skills to programmes of specialist constables and volunteers. Implementation was announced several times but vanished into the black hole of inter-departmental politics – even before reaching those of law enforcement itself. 

The came the 2010 Election and I remember hoping that James Brokenshire would be given a remit to bring the threads together – after he presided over the launch of Fighting Fraud Together at the Mansion House. But within months it became clear that responsibility was about to be fragmented even further, with the Home Office responsibilities being shared with the Ministry of Justice while over 90% of the government’s £ 600 million of additional security spend went towards surveillance and cyberwarfare capabilities.

A couple of weeks ago I spoke (*) to one of the Institute of Directors’ largest branches on the need for a pro-active approach, including for those under serious threat to put at least 10% of their security budgets into active co-operation with law enforcement to “take out” the predators using a mix of civil and criminal law to cross jurisdictional boundaries as necessary.

That recommendation is not new – it was to have been the basis of one of the Fighting Fraud Together portfolio of projects but I have heard nothing since, beyond an academic study. It has, however, been given a new urgency with the revelation that cyber risk is now being routinely deleted from Directors Liability, Theft and Business Disruption insurance and third party liabilities are no longer insurable at affordable cost. It also complements the approach to “asset recovery” that is being embedded in the latest generation of cyber risk policies. 

I recently drafted a short note on the need to rationalise the current muddle with a troika approach to cyber, built on close co-operation between the cyber tribes of digital (now being brought together under DCMS), warfare (cuts across MoD, FCO/GCHQ and Home Office – for anti-terrorism) and crime (yet to be brought together under who?). It is quite easy to name the three ministers who should be tasked with implementation, reporting to Cabinet. But I doubt they would thank me for handing them such poisoned chalices. Hence the need for an industry lead – as opposed to industry calling for Government to take a lead. 

Time is no longer on our side – if it ever was.  
(*) I plan to tidy the IoD script for a blog entry when I get a chance.