A new report from the House of Lords Science and Technology Committee could lead to a major overhaul of internet security practices in the UK, with recommendations ranging from the setting up of a central web-based e-crime reporting system to the introduction of security breach notification laws.
According to the proposal, the reporting tool would help law enforcement agencies gain an understanding of the computer crime landscape in the UK, and offer a central repository to collate reports and identify patterns.
A web-based system could be a useful tool for companies if it offered a confidential method of reporting attacks and a more direct link to police IT specialists, something previously provided by the UK's National Hi-Tech Crime Unit, which is now part of the Serious Organised Crime Agency.
The report also backs the proposed Police Central E-crime Unit and calls for ìthe establishment of a central network of computer forensic laboratories to support individual forces.
Jeremy Beale, head of e-business at the CBI, welcomed the report's recommendations. A central e-crime reporting system to pull together criminal investigations at a national level could really speed up the process of identifying and prosecuting crimes, Beale argued.
What would also make a real difference would be improved police capabilities and resources, which the report notes are entirely inadequate at present.
The proposal also calls for a review of the current system that requires online fraud to be reported directly to banks. Instead, fraud victims should be able to lodge a police report and have some formal acknowledgement of the fact of a crime having been committed, the report argues.
Another Lords recommendation is the introduction of data security breach
notification legislation that would force firms to report incidents that impact
customer privacy.
Chairman of the committee, Lord Broers, said, "There is little incentive for organisations to take steps to improve security - if they lose personal data, and can keep it out of the media, they don't suffer."
One of the more controversial aspects of the report is its call for IT vendors to be held liable for weaknesses in their products. Unsurprisingly, vendors are skeptical of the proposal.
An approach along the lines suggested in the report on the issue of liability could result in the opposite effect and risk reducing consumer choice and end users' security and privacy, said Symantec's government relations analyst, Ilias Chantzos.
Martin Hill of IT trade association Comptia argued that the responsibility for internet security should be shared between users at a corporate and consumer level, and the vendor community.
Research shows that human error is the main cause of IT security breaches, Hill added. Despite this, a low percentage of firms have end-to-end security awareness training programmes or IT staff skilled in security issues. Businesses must build security into their corporate ethos.
Recommendations include the introduction of data security breach notification law in the UK 10 Aug 2007
The House of Lords Science and Technology Committee is to examine how current IT security risks affect society 01 Aug 2006
The evil geniuses behind malware attacks have found new ways to circumvent today's security tools 30 Jul 2007
New research suggests the market for managed security services will double by 2010 25 Jul 2007
The Upper House is refusing to lie down in its fight to protect personal data 18 Jul 2008
Labour forced to defend policy as Tories launch green paper 13 Mar 2008
A new report offers an insight into the scale of e-crime and what can be done about it 25 Sep 2007
GuardianEdge’s Alan Fudge says US-style data breach notification laws are heading this way 21 Sep 2007
In the third part of our definitive guide, we look at how security professionals need to combine technical and communication skills 17 Apr 2008
As delegates at African climate change conference are criticised for not offsetting, events management experts insist buying offsets should become standard practice 29 Aug 2008
Proposals to reduce traffic emissions by tweaking insurance options and tackling urban sprawl are on the drawing board 29 Aug 2008
New team to develop Treasury's green policy and manage new Clean Technology Fund 29 Aug 2008
More news
Recent claims from the oil giant's chief executive suggesting tar sand extraction is required to slow the shift to coal may have caught the eye, but as BusinessGreen.com discovers they do not make much sense 28 Aug 2008
With all eyes on the Democrats' convention this week, environmentalists are asking whether it will live up to the green claims of politicians 26 Aug 2008
To stand by or not to stand by? BusinessGreen.com offers its cut-out-and-keep guide to the world of PC turn off systems 22 Aug 2008 More in-depth
Post your comment
Send an email to the Business Green editor at feedback@businessgreen.com
