Conclusions and recommendations
The importance of trusted information
1. The
Government is clear that many government services will move to
online provision either directly or through a range of providers.
It is also clear that an increasing proportion of UK economic
activity will be conducted through or related to the internet.
We ask the Government to provide, in response to this report,
details of how they intend to engender greater trust in online
products and services within the UK population and an assurance
that online by default will mean better and more secure, rather
than merely cheaper, government services. (Paragraph 74)
2. We welcome the
Government's commitment in the Cyber Security Strategy
to enhance the ability of the public to report cyber crime. We
recommend that the Government consider how to encourage (or require)
businesses to report incidence of cyber crime. Additionally, we
urge internet security companies to work with Government to find
a way to use the development of a cyber hub to facilitate the
detection of malware. (Paragraph 23)
3. Knowledge is the
best defence against fear and we recommend that government-provided
information focuses on how to be safe online rather than warns
about the dangers of cyber crime. We also recommend that the Government
work with the industry partners announced in the Cyber Security
Strategy to promote the equivalent of a 'Plain English' campaign
to make the technology easier to understand and use. (Paragraph
28)
4. We recommend that
the Government take note of the importance of addressing different
messages to different generational groups of UK internet users.
(Paragraph 31)
5. We recommend that
the Government invest in the Get Safe Online site to ensure that
it integrates all of the relevant organisations necessary to provide
a single authoritative source on which computer users could rely.
We also recommend a prolonged public awareness campaign to raise
awareness of the issue of personal online security and the presence
of the website to achieve the best possible information level
among all computer users. (Paragraph 61)
6. We agree with the
Government that effort is needed to raise awareness of the advice
available on the get Safe Online website. We expect the joint
action plan mentioned in the Cyber Security Strategy to
provide details of what will be done to raise awareness. Moreover,
the Government should persuade private industry to cross promote
Get Safe Online. Television exposure is crucial to gain the widest
possible exposure to the safety message. We also recommend that
all government websites should point towards Get Safe Online and
feature security updates from the Get Safe Online website. (Paragraph
62)
7. We recommend that
the Government require that access to Get Safe Online advice is
provided, by vendors, with every device capable of accessing the
internet. (Paragraph 64)
The need for standards
8. We
recommend that the Government work with ISPs to establish an online
database where users can determine whether their machine has been
infected with botware and gain information on how to clean the
infection from their machine. We think that this should also be
integrated with the Get Safe Online website. (Paragraph 47)
9. It would be possible
to impose statutory safety standards on software sold within the
EU, similar to those imposed on vehicle manufacturers, but we
would prefer a solution based on self-regulation. However, the
industry must demonstrate that any proposed solution would be
an effective way forward and that voluntary commitments would
provide sufficient incentive for the industry to improve security
in a fast-moving competitive marketplace. In the event that the
industry cannot demonstrate an effective self-regulatory model,
we recommend that the Government investigate the potential for
imposing statutory safety standards. (Paragraph 57)
10. In relation to
kitemarks, we recommend the Government look to investigate the
potential for solutions that will lead to a less clear cut division
of the market by allowing lower up front costs for smaller software
developers and a range of security standards. (Paragraph 67)
11. We judge that
there will be a need for an automated way to assess the security
of software, even if simply to provide smaller companies with
a means of testing and redesigning their software prior to spending
money on kitemarks. We recommend that the Government explore whether
this might best be developed by Government, for Government, in
partnership with private industry or by entirely private concerns.
(Paragraph 70)
Expertise and policing
12. We
are impressed by PhonepayPlus' expertise on the dangers of criminal
exploitation of smartphones. We recommend that PhonepayPlus has
a dedicated part of the enhanced Get Safe Online website and that
they are consulted closely in the development of regulatory policy
to take into account, for example, online services involving micropayments.
(Paragraph 34)
13. We recommend that
the police have dedicated pages on Get Safe Online on which they
might communicate directly with the general public, to gather
information and intelligence about what is happening to individual
computer users and to provide consumers with an authoritative
policing voice on current cyber crime issues. (Paragraph 37)
14. We recommend that
the Government ensures that the Strategic Policing Requirement
addresses individual-level cyber crime, not least because much
of it appears to be directed by organised crime gangs. Given competing
local priorities for funding policing activities, only establishment
within the Requirement will ensure that police forces invest the
money necessary to guarantee that local officers are able to respond
to individual victims of cyber crime. (Paragraph 39)
15. Both the Government
and the police appear to want the response to low-level cyber
crime to be a mainstream part of UK policing. Only when police
officers are comfortable operating in online contexts and using
existing legislation to tackle online theft and fraud will it
be possible properly to identify whether additional legislation
is required. However, we think it is important that those engaged
in low-grade cyber crime can be punished without recourse to courts
and that the Government should work hard with the industry to
develop effective online sanctions for cyber criminals as indicated
in the Cyber Security Strategy. (Paragraph 43)
16. We welcome the
commitment in the Cyber Security Strategy to make it easier
and more intuitive for the public to report online crime. We urge
the Government to ensure that this reporting function is integrated
with the development of the Get Safe Online site as a one-stop
shop for online security information and issues. (Paragraph 44)
|