House of Lords IT Security Report Published

A report has today been published by the House of Lords Science and Technology Committee. Its content could trigger a significant revision of internet security procedures presently carried out in the UK, with several innovative measures recommended. These include establishing a prime internet-based ‘e-crime' monitoring system, and introducing new laws connected with breaches of online security.

As highlighted in the report, the reporting/monitoring technology would assist agencies of the law in constructing an understanding of the extent of UK-based computer criminality. Additionally, it would provide a focal point for reports to be amassed and stored, which themselves would give indications of recurrent themes within online security.

The new technology could potentially offer huge benefits to businesses concerned with the present way internet attacks are monitored. This is particularly since the demise of the former National Hi-Tech Crime Unit (NHCTU), which has now been absorbed into the Serious Organised Crime Agency. Presently, companies with IT security issues are directed to their nearest police station, whereas the proposed internet system would offer an anonymous way of reporting incidents, and a simultaneous closer connection to IT specialists within the police. This used to be the case when the NHCTU was in existence.

Another recommendation made by the House of Lords is that legislation take place of rules making it mandatory for companies to report data information breaches that could affect their customer bases. This kind of procedure is already up and running across much of America.

The relevance of this kind of protocol is described in the report thus: "A data security breach notification law would be among the most important advances that the United Kingdom could make in promoting personal internet security".

"We recommend that the government, without waiting for action at European Commission level, accept the principle of such a law, and begin consultation on its scope as a matter of urgency."

In the eyes of Senior Security Analyst Greg Day, who works for McAfee, the law would bolster long term confidence. "It increases pressure on businesses to stop those sorts of breaches from happening", he stated.

A further feature of the report is the proposal that IT vendors be held accountable for flaws in their products. This, said Day, would be "very difficult" to enforce, adding: "It comes down to how solutions are implemented. You would have to ask, ‘Did they have it configured correctly, updated and maintained?"

His views are echoed by the Butler Group's Andy Kellet, who thinks a more thorough identification of the IT security sector's needs is required. "There is a need for a better understanding of how security works, how vendors build solutions and how they are implemented", he contested.

Source _ Security International's Internet Reporter

Recent related News Items:

Internet Criminals Using New Tactics Against Online Security

DTI Invests in IT Security Research Projects