This should be good news for heads of Risk and of Information Security but most are too bogged down with data protection, breach notification and ISO 27000 to make use of the unique window of opportunity that has been presented to them. Meanwhile those engaged in hyping Big Data, Cloud, Off-shoring and Outsourcing, without seriously considering the implications for security and resilience, let alone flexibility, face an even bigger challenge.
The focus should be on making it much easier to report attacks to those who will take action against predators and those who have aided and abetted them, not to regulators who will merely penalise the messenger. The only mandatory requirements should be on those to whom attacks are reported. This should include acting as a "first stop shop" and passing reports to those who may be in a better position to take action.
one of the lessons from the past is that the Internet as currently conceived cannot survive unless those who want it to do so work together to help rebuild confidence that it is worth protecting. And if it is going to have to continue to evolve, it is even more important to work together to ensure that it evolves into something better suited to the needs of the majority of law abiding citizens and businesses.
"The GDS should increase its behavioural research to see what prevents capable internet users from using online public services more. Our research suggests there are reasons other than lack of awareness, frustration with services or lack of trust. Some users feel that, while a digital channel is appropriate for shopping, it is not formal enough for some government business. GDS needs to understand these behaviours".
I have just been sent a link to a story of how "Anonymous", whoever or whatever they are, "solved" a particularly nasty case of gang rape and cyberbullying leading to suicide inside two hours after the RCMP had got no-where in year. The case raises many issues from how police investigations should be conducted in the Internet Age through to the evidential quality, if any, of material that is widely circulated and believed.
Meanwhile, those who have been in the frontline of the "Cool War" for over a decade, the on-line gaming and gambling operations, against whom the cyberwarriors of all nations practice, and the on-line banking, payment and retailing operations, which are being milked by to help top up their budgets and to fund their "allies" in organised crime, are left out in the cold.
All of the business and consumer groups and the registrants whose businesses are based in the UK believe that .UK (whether long or short) should mean the organisation is based in the UK and governed by UK law. About half the registrars and those registrants whose businesses are based outside the UK believe it should also be available to those, wherever based, who wish to sell to the UK.
At that point we might see the addressing vulnerabilities that facilititate criminal anonymity evaporate. That prospect is likely to fill both the cyberwarfare and civil liberties communities with horror. Hence the need for well informed and balanced debate and scrutiny, like that being organised via the Digital Policy Alliance.
We need to bring the indigenous (i.e. UK and EU) industry players together, via groups like the Digital Policy Alliance, working in co-opeation with PICTFOR in the UK and the EIF in Brussels, to help politicians "scrutinise" the small print in proposals, like the Directive and the accompanying regulations to strengthen the position of ENISA and Europol, to ensure that they really do do more good than harm.
I have just done a quick comparison of the Scams of Christmas of Christmas since I last blogged on this topic in 2010. McAfee has again found twelve . For those who do not like to have to read words there is also a photolist . The main difference with the list in 2010 results from the transition to a [...]