Internet service providers and manufacturers of operating systems should be providing more secure services and software for the public because of the rise in e-fraud, a member of the House of Lords Science and Technology Committee has said.
Lord Broers, chairman of the sub-committee for investigating personal internet security, said the responsibility for staying safe online is currently divided and unbalanced and the emphasis is on users to take measures to protect themselves rather than on suppliers, who might be better placed to manage the risk in the first place.
“Responsibility for online security - which at the moment is a mixed bag – cannot continue to be pushed onto the end user. It is an issue that cannot be ducked in the long term and as technology matures. At the moment the balance isn’t right,” he said.
Broers said that users currently relied mainly on the goodwill of ISPs and software developers to provide security, but that the committee had been examining the possibility of persuading companies to take more responsibility though regulations and even specific laws.
The government committee has recognised the importance of proper internet security measures has never been greater because of the growing use of home computers, the spread of broadband, and the rise in internet banking and commerce.
Phil Cracknell, UK president of the Information Systems Security Association, said software suppliers should be held to account by legislation for the quality and security of their software. “Airline and car manufacturers are subject to legislation – why is software the exception?” he said.
The results of a government inquiry, due to be published in July, will provide the first in-depth parliamentary study of the current state of internet security.
Identifying responsibilities for emerging online threats and determining the adequacy of regulations and criminal laws for addressing cyber crimes are also on the agenda.
Liaising with other international government departments such as the US Department of Justice and the FBI has formed part of the committee’s investigation. Broers said that while the FBI had a strong ability to conduct internet security forensics, in comparison, the UK’s Metropolitan Police had a much smaller capacity.
“However, in spite of the US having stronger resources to investigate cyber crimes, the Department of Justice had not made that many prosecutions,” he said.
The UK government’s ability to measure the true scale of cyber crime will also be addressed in the report.
“Implementing a reliable reporting system to track the number of internet-based attacks is necessary too, as measuring the scale of the problem at the moment is difficult owing to a lack of reliable data. The methods for currently detecting and recording incidents is totally unsatisfactory,” said Broers.
He cited a general reluctance from victims of cyber crimes to report incidents, which needed to be overcome.
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management
Comment on this article: firstname.lastname@example.org