"While the perpetrators of cyber crime often operate across international borders, and beyond the reach of law enforcement, the M&S attack has resulted in several arrests in the UK, under the Computer Misuse Act [CMA] of 1990. With a new Cyber Security and Resilience Act on the way, it might seem UK authorities will soon have greater powers to force organisations to build better defences."
"But while the UK government continues to pursue cyber criminals, it also needs to be much clearer about the crucial role of cyber security researchers and ethical hackers in defending against them. Last week, UK security minister Dan Jarvis told a conference that the government was looking at changes to the CMA to introduce a "statutory defence" for cyber security experts who spot and share vulnerabilities. It would mean that, as long they meet "certain safeguards", researchers would be protected from prosecution."
The last year produced some of the costliest cyber attacks on UK businesses, causing huge financial losses, empty shelves at retailers, and supply-chain disruption that dented GDP. Perpetrators often operate across borders and beyond law enforcement reach, yet some attacks have led to UK arrests under the Computer Misuse Act 1990. A forthcoming Cyber Security and Resilience Act could increase obligations on organisations to improve defences. The government also needs clearer protections for cyber security researchers and ethical hackers to encourage responsible vulnerability disclosure. Proposed changes to the CMA would introduce a statutory defence if researchers meet certain safeguards. The CMA originated after a 1980s hacking prosecution revealed gaps in laws on unauthorised computer access when systems were far less accessible.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]