Malware and cyber crime - Science and Technology Committee Contents

Conclusions and recommendations

The importance of trusted information

1.  The Government is clear that many government services will move to online provision either directly or through a range of providers. It is also clear that an increasing proportion of UK economic activity will be conducted through or related to the internet. We ask the Government to provide, in response to this report, details of how they intend to engender greater trust in online products and services within the UK population and an assurance that online by default will mean better and more secure, rather than merely cheaper, government services. (Paragraph 74)

2.  We welcome the Government's commitment in the Cyber Security Strategy to enhance the ability of the public to report cyber crime. We recommend that the Government consider how to encourage (or require) businesses to report incidence of cyber crime. Additionally, we urge internet security companies to work with Government to find a way to use the development of a cyber hub to facilitate the detection of malware. (Paragraph 23)

3.  Knowledge is the best defence against fear and we recommend that government-provided information focuses on how to be safe online rather than warns about the dangers of cyber crime. We also recommend that the Government work with the industry partners announced in the Cyber Security Strategy to promote the equivalent of a 'Plain English' campaign to make the technology easier to understand and use. (Paragraph 28)

4.  We recommend that the Government take note of the importance of addressing different messages to different generational groups of UK internet users. (Paragraph 31)

5.  We recommend that the Government invest in the Get Safe Online site to ensure that it integrates all of the relevant organisations necessary to provide a single authoritative source on which computer users could rely. We also recommend a prolonged public awareness campaign to raise awareness of the issue of personal online security and the presence of the website to achieve the best possible information level among all computer users. (Paragraph 61)

6.  We agree with the Government that effort is needed to raise awareness of the advice available on the get Safe Online website. We expect the joint action plan mentioned in the Cyber Security Strategy to provide details of what will be done to raise awareness. Moreover, the Government should persuade private industry to cross promote Get Safe Online. Television exposure is crucial to gain the widest possible exposure to the safety message. We also recommend that all government websites should point towards Get Safe Online and feature security updates from the Get Safe Online website. (Paragraph 62)

7.  We recommend that the Government require that access to Get Safe Online advice is provided, by vendors, with every device capable of accessing the internet. (Paragraph 64)

The need for standards

8.  We recommend that the Government work with ISPs to establish an online database where users can determine whether their machine has been infected with botware and gain information on how to clean the infection from their machine. We think that this should also be integrated with the Get Safe Online website. (Paragraph 47)

9.  It would be possible to impose statutory safety standards on software sold within the EU, similar to those imposed on vehicle manufacturers, but we would prefer a solution based on self-regulation. However, the industry must demonstrate that any proposed solution would be an effective way forward and that voluntary commitments would provide sufficient incentive for the industry to improve security in a fast-moving competitive marketplace. In the event that the industry cannot demonstrate an effective self-regulatory model, we recommend that the Government investigate the potential for imposing statutory safety standards. (Paragraph 57)

10.  In relation to kitemarks, we recommend the Government look to investigate the potential for solutions that will lead to a less clear cut division of the market by allowing lower up front costs for smaller software developers and a range of security standards. (Paragraph 67)

11.  We judge that there will be a need for an automated way to assess the security of software, even if simply to provide smaller companies with a means of testing and redesigning their software prior to spending money on kitemarks. We recommend that the Government explore whether this might best be developed by Government, for Government, in partnership with private industry or by entirely private concerns. (Paragraph 70)

Expertise and policing

12.  We are impressed by PhonepayPlus' expertise on the dangers of criminal exploitation of smartphones. We recommend that PhonepayPlus has a dedicated part of the enhanced Get Safe Online website and that they are consulted closely in the development of regulatory policy to take into account, for example, online services involving micropayments. (Paragraph 34)

13.  We recommend that the police have dedicated pages on Get Safe Online on which they might communicate directly with the general public, to gather information and intelligence about what is happening to individual computer users and to provide consumers with an authoritative policing voice on current cyber crime issues. (Paragraph 37)

14.  We recommend that the Government ensures that the Strategic Policing Requirement addresses individual-level cyber crime, not least because much of it appears to be directed by organised crime gangs. Given competing local priorities for funding policing activities, only establishment within the Requirement will ensure that police forces invest the money necessary to guarantee that local officers are able to respond to individual victims of cyber crime. (Paragraph 39)

15.  Both the Government and the police appear to want the response to low-level cyber crime to be a mainstream part of UK policing. Only when police officers are comfortable operating in online contexts and using existing legislation to tackle online theft and fraud will it be possible properly to identify whether additional legislation is required. However, we think it is important that those engaged in low-grade cyber crime can be punished without recourse to courts and that the Government should work hard with the industry to develop effective online sanctions for cyber criminals as indicated in the Cyber Security Strategy. (Paragraph 43)

16.  We welcome the commitment in the Cyber Security Strategy to make it easier and more intuitive for the public to report online crime. We urge the Government to ensure that this reporting function is integrated with the development of the Get Safe Online site as a one-stop shop for online security information and issues. (Paragraph 44)

previous page contents next page

© Parliamentary copyright 2012
Prepared 2 February 2012