UK Government falls down on cyber crime prevention
Cyber threats, such as phishing, corporate hacks and worm attacks, are estimated to cost European businesses billions of pounds a year, yet a hi-tech skills crisis is threatening to cripple the fight against crime, warns a report from lobby group EURIM and think tank IPPR.
The report comes amid parliamentary criticism from the All-Party Internet Group (APIG) that the UK's cyber crime law-enforcement operations are woefully under-resourced.
The APIG report, due near the end of June, is likely to call for the Home Office to get serious about cracking down on computer crime.
"(Cyber crime enforcement) is under resourced," said APIG chairman Derek Wyatt MP. For example, the Metropolitan Police said it has only about 250 staff devoted to cyber crime and the result is a mounting backlog of e-crimes awaiting investigation and a shortage of skilled personnel able to tackle them.
Delays of six to 12 months have become common as police resources are tied up with major investigation such as Operation Ore - the prosecution of an estimated 7,000 UK users of a US child porn portal.
The mounting backlog has led to increased reluctance of by local forces to launch new investigations, which could in turn result in public disillusionment with the law enforcement system.
The study warns that if nothing is done people might resort to vigilante tactics.
“We face a very real risk of seeing the democratically accountable policing of computer-assisted crime replaced by a combination of vigilante action and the covert privatisation of legitimate investigation,” writes David Harrington, author of EURIM's report.
According to Wyatt, the main problem stems from the fact that the National Audit Office does not audit computer crime figures. As a result the government isn't aware how big a problem cyber crime is and there is no political pressure to deal with the issue.
"The first thing we have to do is find out the extent of the problem. We won't win the battle of resourcing the police if we don't get the crimes recorded," he said.
The lack of resources is particularly worrisome for businesses, according to Prevx, the security software firm sponsoring the APIG report. This is because business-related attacks are currently at the bottom of the list of enforcement activities
"The National Hi-Tech Crime Unit is focused on its priorities, addressing online child pornography, major fraud and other serious issues. What isn't being addressed is virus writers and hackers, who cause massive amounts of damage to millions worldwide," said Prevx chief executive Nick Ray.
He agreed that getting official recognition for cyber crime figures would be key.
"That would put a lot of pressure on politicians. At the moment this is not on their radar," Ray said.
The question of how to address this personnel shortage is crucial. Too few police officers have received the necessary training and there is a confusion of qualifications and standards among the civilians who might be called upon to assist. One solution is making greater use of an estimated 8,000 security experts in the private sector.
UK science and technology company QinetiQ agrees that the criminal justice system needs to exploit private sector expertise to defeat cyber criminals.
Neil Fisher, QinetiQ’s director of security solutions and vice chair of the UK’s Information Assurance Advisory Council, said: "The issue of forensic readiness is not one to be grasped solely by the criminal justice system. Companies have a duty of care to their shareholders and employees, just as public bodies have a duty to the taxpayer."
However, just as important as bulking up the UK's own cyber crime efforts will be putting pressure on other countries to introduce more stringent measures of their own.
Ray said. "Given the international scope of this problem, we need to use our political leverage to encourage similar legislation in as many parts of the world as we can," he said. "There are gaping holes in some countries' frameworks."
Cross-border law enforcement cooperation could also be improved, he said.
However, not everyone agrees that tougher laws and better enforcement are the answer to the UK’s cyber crime woes.
Secure email provider MessageLabs, argues that technical measures would bring a better payoff.
At the moment, most ISPs provide little or no protection at the network level, leaving end users to protect themselves with client-side software. In practice, this means that most end-user machines are left vulnerable.
"If ISPs were to take a more active stance in protecting businesses and users it would make a dramatic reduction in these kinds of threats," said MessageLabs CTO Mark Sunner.
APIG will release a draft report towards the end of this month, with final recommendations following late in June.
Sources: PC World, Techworld.com, The Register
Return to internet news headlines
View Internet News Archive