RSS Alerts

Share

More services

John Walker

Job title:
CEO, Secure Bastion LTD

Areas of expertise:
Professor John Walker: FBCS CITP CISM CRISC ITPC

Biography:
CEO of Secure-Bastion Ltd, Practicing Expert Witness, Visiting Professor Nottingham Trent University. Fellow of the BCS, & hold CITP (BCS), CISM CRISC (ISACA), UK Government ITPC. Chair of the London ISACA Chapter Security Advisory Group (SAG) , ENISA CEI Listed Expert, & Editorial Board Member of CSRI.

Tag Cloud

WiFihackingDavid HarleySecurityMalwarecloudCompliancecloud security

Bloggers

Blog

The Theme Continues – Internet Déjà Vu

Reading the observations, and recommendations of Dame Pauline Neville-Jones with respect of Internet Security, I must admit to having a flow of Déjà vu sweep over me. This driven by statements of a Government Minister who said “we need to speed up work on cyber security because the public and the vast swath of business have yet to appreciate the threats posed by online crime”, I presume, suggesting that government ‘do’ understand the threat!

Dame Pauline Neville-Jones went on to say that “the strategy was heading in the right direction, but needed a push to raise awareness because people are doing silly things”. But one could add, not as silly as not listening to what has already been advised – in fact, advised way back in 2007 in a paper produced by her very own House of Lords Members from the Science and Technology Committee, on the subject of ‘Personal Internet Security’. And if one cares to read some of those ‘many’ recommendations, a number of which were born out of my Chaired Session of an EURIM/ISSA Committee, it just may be that there is more than a slight shadow cast over these ‘new’ expressed observation, and recommendation in the year 2012 – as an example:

  1. “The benefits, costs and dangers of the Internet, are poorly appreciated by the general public. This is not surprising, given the lack of reliable data, for which the Government must bear some responsibility. The Government are not themselves in a position directly to gather the necessary data, but they do have a responsibility to show leadership in pulling together the data that are available, interpreting them for the public and setting them in context, balancing risks and benefits. Instead of doing this, the Government have not even agreed definitions of key concepts such as “e-crime”.
  2. “We recommend that the Government establish a cross-departmental group, bringing in experts from industry and academia, to develop a more co-ordinated approach to data collection in future. This should include a classification scheme for recording the incidence of all forms of e-crime. Such a scheme should cover not just Internet specific crimes, such as Distributed Denial of Service attacks, but also e-enabled crimes – that is to say, traditional crimes committed by electronic means or where there is a significant electronic aspect to their commission”.
  3. “We further recommend that, in addition to the new kite mark for content control software, Ofcom work with industry partners and the British Standards Institute to develop additional kite marks for security software and social networking sites; and that it continue to keep under review possible areas where codes of best practice, backed up by kite marks, might be appropriate".
  4. “We recommend that the Department for Children, Schools and Families, in recognition of its revised remit, establish a project, involving a wide range of partners, to identify and promote new ways to educate the adult population, in particular parents, in online security and safety”.

And notwithstanding I, and many others like myself, have offered services for free, not at the price of brand association of the marketing machines of the big security software houses, but sadly, nothing was ever progressed. And notwithstanding the growing high-tides of eCrime were well known for many years, very little was/has been contributed by Government, and bodies like GCHQ, and CPNI alike. And notwithstanding, things are now just about as bad as they can get, the opinion that the current government strategy is on track, does little more to leave me breathless.

Whilst I do applauded Dame Neville-Jones for getting this very serious matter back on the table, I would just wish to stress that, in my opinion, the current government strategy is very much out of step with the real pace of cyber adversity, and CyberConflict. Only at such time that the penny drops on this will we (the public and business) be in a position to even start to feel secure in the cyber world.

Dame Pauline Neville-Jones used the seat belt Clunk-Click slogan to drive home a safety message. However, when you draw to a halt in a layby with a banging coming from the engine, whilst that pint of 20/50 lubricant you add at that time, which you should have added at the weekend, may go some way to appraise your conscience, it won’t replace your big ends!

Posted 07/02/2012 by John Walker

Tagged under:Internet,EURIM,CPNI,GCHQ,Government,cybersecurity

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012