UK Science and Universities Minister David Willetts told assembled IT bods in London that companies should 'fess up to their security boobs. Speaking at the Info Sec conference this morning, Willetts, whose remit includes cyber security, urged companies to be very honest in reporting their cyber security problems and system …
It's not worth listening to a word the government has to say on this subject, at least until the police properly enforce RIPA and the ICO starts taking real action against those in the private sector that are going against the DPA.
The ICO by the way conveniently only records whether the organisation involved in an investigation is within the private or public sector when the matter is brought to their attention by the organisation itself. So anybody from outside reporting the leakage or sharing of personal data will not have this information recorded in their complaint. A bit too convenient considering the ICO has allowed itself to become little more than a way for the treasury to claw back funding since it makes it pretty much impossible to calculate the ratio of who has been fined in the public versus private sector for the cases that have been raised.
Computer Misuse Act 1990
Has anybody ever tried explaining to a senior police officer what is covered by CMA90.
Given the police and cps are barely aware the law exists, let alone enforce it, why should any business in the UK take a blind bit of notice of some government lacky getting sound bytes.
If the government are serious, then (a) update DPA98 to require disclosure, could be done in 48 hrs if they want.
Personally I think we should go the californian way, mandate discolsure, and update the companies act to require PLC's to include a IT risk statement in it's annual report. Then see how seriously the board take security.
Threats to Cyber Security and Intellectual Property
The biggest threats to cyber-security and intellectual property in the UK, are telcos, and the rank incompetence of GCHQ.
Particularly so the threat posed by BT, and Ian Livingston CEO of BT... Who are apparently willing to covertly sell the content of private/confidential personal and commercial UK telecommunications to Russian/Turkish/American/Greek spies, unhindered by any intervention from GCHQ.
"companies should 'fess up to their security boobs."
I entirely agree, however I think that the last group of people on the planet who have the right to urge others to be honest about their mistakes are politicians given that their default position is never to admit to any unless they are so deep in the shit that they have no choice. The fact that "BigCorp" behave in exactly the same way is not news to anyone in orbit around planet reality - perhaps both groups should clean up their act.
David Willetts told assembled IT bods in London that companies should 'fess up to their security boobs.'
Brown envelopes at dawn?
(Some of us remember)
"Lots of companies...
...should publicise *their* security stuff-ups, so that there's less attention to *ours*. "
BB - he WOULD be watching you, but he can't find his laptop...
thumbs up if you clicked on this article because you saw the picture of boobs!
wait... now I sound like a YouTube comment tard :(
Well, the picture selection algorithm is either:
a) extremely stupid
b) really quite smart, or
c) human assisted by someone with a yen for Carry-On films
Whichever, keep it up (oo-er).
If the government want people to confess, they need to make it the law to do so.
Nobody wants to look a clown in front of investors/customers, why would they?
Of course the obvious avoidance strategy to such a law is to simply "not detect" problems - which probably is why the figures are even as low as they are. The "we are all safe coz we has anti-viruz" brigade sadly populate a large proportion of senior management positions.