Governments must take a share of security burden

The IT industry cannot guarantee internet security. Market forces are not enough to safeguard the global communications...

The IT industry cannot guarantee internet security. Market forces are not enough to safeguard the global communications infrastructure, according to Scott Charney, chief security strategist at Microsoft and head of its Trustworthy Computing initiative.

“Just as you cannot make a market case for the cold war, the IT industry cannot spend substantial amounts to mitigate a small internet risk,” he said, calling on governments to stop delegating responsibility to the IT industry and to join with it in a concerted security effort.

UK IT leaders echoed his call. Guy Hains, head of government business at CSC UK, said the internet was becoming as critical to the national infrastructure as banking and transport. “Government has an essential role in establishing national regulation to enable provision of a secure infrastructure, and ensure that the benefits of the internet are not hijacked by criminal or malicious activity,” he said.

Ian Smith, UK managing director at Oracle, said, “The government needs to allay the fears of citizens and SMEs, while creating an environment where debate is encouraged.”

Tony Martin, UK managing director at Computer Associates, said, “The IT industry and the e-envoy need to discuss the roles government and the IT industry must play in creating a 20-year plan for securing the net.”

The Office of the E-Envoy said it was limited to offering best-practice guidelines, although e-envoy Andrew Pinder will lead a Parliamentary delegation to Washington next month to press US legislators to toughen up measures against spammers.

The DTI said it was already working to “global approaches to common issues such as information security.

Although international efforts are important, Philip Virgo, secretary general of IT industry parliamentary lobby group Eurim, said simple  steps such as testing for security competency under the European computer driving licence, could make a demonstrable difference.

Security: the cost to business

  • A major DTI/PwC survey put the average cost of a serious security breach at £30,000 and said the overall cost to the UK economy was “several billion of pounds.
  • UK firms spend more than £125m a year on IT security products and services, according to Gartner
  • This year Microsoft has issued 40 security patches for its software
  • The cost of the MS Blaster worm to business was estimated by Windows security mailing list Ntbugtraq at about £287 per PC.

What do you think?

E-mail us your comments >>

Read more on IT for government and public sector