Government urged to step up fight against cybercrime

The government has been urged to create one-stop-shops to allow businesses to report computer crimes and share confidential...

The government has been urged to create one-stop shops to allow businesses to report computer crimes and share confidential intelligence about cyberattacks with other organisations.


The lack of reliable intelligence on computer criminals and a shortage of hard statistics on the impact of computer crime, is placing businesses at risk, industry/government lobby group Eurim claimed in a wide-ranging discussion paper published this week.


The group’s warning comes as the Home Office is preparing a national e-crime strategy that is likely to have far-reaching consequences for the police, government and computer users.


“There is a real lack of information on the extent to which e-crime is undermining trust in the information society,” Eurim warned. “We need to make sure that we have adequate skilled resources and processes in place to report, investigate and prosecute e-crime when it occurs.”


Businesses and the government should collaborate to ensure that the public and small businesses have access to better information about computer security, said Eurim, which is seeking comments from IT professionals on its proposals.


This would protect larger businesses by helping to slow down the spread of viruses and making it harder for hackers to use vulnerable computer systems as a staging post to attack large companies.


The paper also called for certification schemes to be developed for forensic invesitagors so that in the future, business will find it easier to find qualified staff to investigate security breaches.


“We do need to think seriously about the whole security area and treat it much more as a profession with all that it entails, with codes of practice and continuous development,” said security consultant Chris Sundt, who contributed to the Eurim report.


It called for a campaign to persuade software and hardware suppliers to provide products with the security turned on by default. Suppliers should also offer small firms ready-to-go security packages and low-cost security audits to help them protect their systems, the report said.


The paper also called for a government review of computer crime law, including strengthening of the Computer Misuse Act against denial-of-service attacks, and the implementation of past recommendations by the Law Commisison.


Main recommendations

  • Government should create one-stop shops to report computer crime and exchange intelligence between industries

  • Government and industry bodies should work more closely to gather better intelligence and eliminate duplicated effort

  • Retailers and IT suppliers should offer ready-to-use security packages and low-cost security audits for small firms.

  • IT user courses should be extended to cover basic security practices

  • Government and industry to develop codes of practice and consider an accreditation scheme for e-crime investigators

  • Voluntary accreditation scheme for security consultants

  • Government should strengthen the Computer Misuse Act and consult on other legal reforms identified by the Law Commission

  • Government should ensure that industry has an early input into development of global co-operation on e-crime and international legislation.

Read more on IT legislation and regulation