Liability Framework Missing From Security Strategy

Iris Cheerin,

BCS says the. government strategy is a good overall vision, but lacks emphasis in key areas

UGovernment needs to set up a framework that clarifies where accountability, liability and redress lie when cyber crimes are committed, according to BCS.

The Chartered Institute for IT, which last week welcomed the publication of the government’s Cyber Security Strategy, has identified this framework as one of four areas where it feels Government needs to tweak the strategy, along with education, the identity assurance scheme and the Internet of things.

More detail required

“The strategy is a good overall vision, with insightful analysis of both the opportunities and threats. However, we would like to see some further emphasis across certain aspects that will help both the public, businesses and the profession achieve the overall objectives,” said Louise Bennett, Chair of BCS Security, a community of information security and assurance professionals.

According to a statement by the institute, the Internet of things will also require “considerable thought  in the near future” to make sure that it develops safely, protected from all aspects of cybercrime so that it can fully realise the benefits it promises.

The government’s Identity Assurance scheme also needs more attention, according to BCS, as it will be critical to the success of the “digital by default” strategy and to ensuring that the UK is a safe place to conduct business online.

In tune with calls by industry for reform in computer science education, Bennett said that “While being supportive of the measures to encourage a cadre of cyber security professionals, these need to be underpinned by significant improvement in the teaching of mathematics, and in particular computer science in schools. While we’ve seen some commitment to this recently, we need to ensure it does come to fruition so that there is a pool of young people in the UK to draw into the profession and to ensure, in the long term, that the overall understanding of basic cyber security by the general public is such that everyone can safely access Government Services and conduct business on-line.”