A House of Commons investigation into e-crime has chastised the UK’s ability to deal with modern cyber-attacks and warns that further cutbacks to law enforcement will see the country bleed finance and intellectual property at an alarming rate.
The Home Affairs Committee has today published its first ever report on e-crime (opens in new tab) following a 10 month inquiry, and while its findings will not surprise the information security industry, the urgency of its message will heap more pressure on the government to improve its cyber-security strategy.
Among the report’s biggest concerns is the apparent “black hole” where e-crime is frequently committed without even being reported or investigated. Banks are accused of simply reimbursing victims of cyber-fraud rather than reporting the incident and allowing law enforcement to pursue the crime.
Cyber-espionage was also identified as a growing problem, the committee recommending that a “state of the art espionage response team” is established to tackle covert online attacks. With GCHQ this month revealing the UK was suffering around 70 sophisticated cyber-espionage campaigns a month (opens in new tab) that were stealing intellectual property on an “industrial scale”, the proposal is likely to see strong support from the private sector.
Dialogue with employees within online law enforcement increased the committee’s worries about the UK’s capacity to cope with cybercrime, and it is thought ongoing cuts in the police will have grave consequences.
“We regard as very serious indeed the words of the most senior policeman in the country on online fraud, DAC Leppard of City of London Police who told the Committee that we are not winning the war on E-crime,” the report says.
“DAC Leppard told us that a quarter of the 800 specialist internet crime officers could be axed as spending is cut. We agree with him that this is a very worrying trend. At a time when fraud and e-crime is going up, the capability of the country to address it is going down.”
This prompted criticism of the government’s current approach to tackling e-crime, which focuses more heavily on pooling intelligence and data sharing than law enforcement; the fledgling Cyber Security Information Sharing Partnership (opens in new tab) (CISP) being a case in point.
“Ministers have acknowledged the increasing threat of E-crime but it is clear that sufficient funding and resources have not been allocated to the law enforcement responsible for tackling it. [Security researcher] Professor Ross Anderson told us that ‘we should be putting more of the cyber budget into policing and less of it into the intelligence sphere, into cyber war,’” says the report.
Another area the government has sought to address with a range of initiatives this year is the education and understanding of cyber-threats among the UK public, but the Home Affairs Committee claims poor knowledge levels continue to be a downfall.
“It is of great concern that the majority of cyber crime could be prevented by better awareness by the user. Whilst the sophisticated threats will remain, we must do more to protect our information online. The Government and the private sector both have a strong incentive to educate users and maintain awareness of cyber crime,” the report adds.
In a statement accompanying the report, Committee Chair Keith Vaz spoke plainly of the issues facing the UK with e-crime. “We are not winning the war on online criminal activity,” he said. “We are being too complacent about these E-wars because the victims are hidden in cyberspace. The threat of a cyber attack to the UK is so serious it is marked as a higher threat than a nuclear attack.
“You can steal more on the internet than you can by robbing a bank and online criminals in 25 countries have chosen the UK as their number one target. Astonishingly, some are operating from EU countries. If we don’t have a 21st century response to this 21st century crime, we will be letting those involved in these gangs off the hook.”
Vaz did however support David Cameron’s newly-announced crack-down on pornography and child abuse online (opens in new tab), echoing the view that ISP need to take more decisive action to aid government strategy.
“The Prime Minister was right this week to highlight the responsibility of the Internet Service Providers, search engines and social media sites. They are far too laid back about what takes place on their watch and they need to do more to take inappropriate content down. If they do not act, the Government should legislate.”