Last updated: 
3 months 6 days ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Commons Committee: Awareness raising to deal with malware

Wednesday, June 6, 2012 - 11:15

The House of Commons Science and Technology Committee has published a report on Malware, which recommends increased awareness among Internet users as the best way to deal with the problem. There’s a welcome recognition that “it is clear that there is no easy technological answer to cyber crime... hardware solutions are likely to unduly restrict computer users in their activities while software solutions require constant updating and a more advanced understanding of the technology to be truly effective”, and that “80% of protection against cyber-attack is routine IT hygiene”.

Helping Internet users adopt that good practice should be in the interests of both Government and industry since both want to increase the use of communications technology, which will not happen if users are afraid of cybercrime. There’s even a mention of something I’ve been suggesting for a long time: that users who feel in control of what they are doing and know that their actions can make a difference are much more likely to be confident and less likely to panic – the reason why plane and train crashes get many more headlines than road accidents, even though far more people are killed on the road. Or, as the MPs put it “Knowledge is the best defence against fear”.

What’s missing, the MPs think, is “clear identification of trusted information sources and relevant authorities and clear guidelines on how to help themselves stay free of infection”. They therefore recommend that “the Government invest in the Get Safe Online site ... to provide a single authoritative source on which computer users could rely”. They also recommend “a prolonged public awareness campaign” including television, a pointer to Get Safe Online on every Government website and at the point of sale of “every device capable of accessing the internet”. Basic advice should also be available from the police with “every single police officer in this country being as equipped to give a member of the public a piece of advice around cyber-security as they are, for example, for their windows and their doors—their general house issues”, according to Janet Williams of ACPO.

There’s also a call for ISPs to do more to help their users. The report cites the Australian Internet Security Initiative, but the suggestion of “an online database where users can determine whether their machine has been infected with botware and gain information on how to clean the infection from their machine” sounds more like the German ISP Association scheme. This, too, would also be available through Get Safe Online.

Finally there’s good news that police forces are getting better at dealing with the international nature of cybercrime, though cooperation with Interpol, Europol and the on-line industry. However there is the same tension on-line as off-line between arresting small-scale criminals or using them as leads to the larger, and increasingly organised, groups who are mainly responsible for the development and use of malware.