Cybersecurity requires simple legislative action, not just grand gestures
by Kylene Casanova
John Naughton, professor of the public understanding of technology at the UK’s Open University and one of the most original thinkers on cyber security, used the recent announcement by the UK government of investing £1.9 billion in boosting investment in cyber security which, he expects, will will mostly go on recruiting expert staff to work in the new National Cyber Security Centre, to suggest a more humdrum but feasible options that, overall, would have much greater impact:
- make it a criminal offence to sell or import IoT devices that don’t meet specific security criteria so that the chronically insecure “internet of things” (IoT) devices such as webcams have been marshalled into colossal botnets that are then used to launch distributed denial-of-service attacks on important websites
- make it an offence to run a networked computer system that does not have all current security patches installed. “We could make software companies liable for shipping apps that have known security vulnerabilities. Makers of Android phones that don’t rigorously implement security updates on their devices could likewise be made liable for fines or prosecution.”
- secondary schools should run classes on computer security for teenagers.
Common sense first
The problem is that governments, not just in UK but in USA and many other countries, love going for dramatic initiatives while ignoring humdrum but feasible options that, overall, would have much greater impact.
Read more in full article here. (Highly recommended.)
CTMfile take: Controls that prevent fraud before it happens in daily life are where to prevent fraud.
Like this item? Get our Weekly Update newsletter. Subscribe today