A majority of cyber security people (80 per cent) worry about breaking the law in the process of defending against cyber attacks. So say the organisers behind the CyberUp Campaign which calls for reform to the UK’s law that covers cyber crime, for the sake of national security; and international competitiveness, claiming that the law is having a stifling effect on the UK cyber security industry.
As background; the Computer Misuse Act 1990 is the law. The campaigners argue that the Act – passed before the advent of modern cyber security – is no longer fit for this century. The CyberUp Campaign and trade body techUK say that their survey of cyber security researchers found cases of work being stopped, by fear of breaking the Computer Misuse Act; and a lack of certainty about what exactly constituted a breach.
Ruth Edwards, the Conservative MP, who has a background in cyber, has urged the government to immediately review the legislation. The campaigners want the law to take account of the motivations of ethical cyber security testers, enabling them to operate with legal certainty and free from the fear of prosecution. Campaigners add that most UK cyber businesses feel they had been put at a competitive disadvantage relative to other countries with better legal regimes; and that a change in the law would lead to growth and productivity benefits.
Ruth Edwards said: “The Computer Misuse Act, though world-leading at the time of its introduction, was put on the statute book when 0.5 per cent of the population used the internet. The digital world has changed beyond recognition, and this survey clearly shows that it is time for the Computer Misuse Act to adapt. This year has been dominated by a public health emergency – the coronavirus pandemic, but it has also brought our reliance on cyber security into stark relief. We have seen attempts to hack vaccine trials, misinformation campaigns linking 5G to coronavirus, a huge array of coronavirus-related scams, an increase in remote working and more services move online.
“Our reliance on safe and resilient digital technologies has never been greater. If ever there was going to be a time to prioritise the rapid modernisation of our cyber legislation, and review the Computer Misuse Act, it is now.”
Ed Parsons, MD at F-Secure Consulting is a spokesperson for the CyberUp campaign. He said: The survey findings highlight that many cyber security professionals, at present, are having to carry out their jobs with one hand tied behind their back to stay within the law. Reform of the CMA will make the UK cyber security industry more competitive and more attractive to work in at a time when cyber skills are in short supply and in high demand.
“Meanwhile, the current pandemic has not only underlined our dependence on digital technology, but also accelerated shifts in enterprise architecture, increasing the complexity of the environments we need to protect. Now more than ever, we need clear legal definitions to ensure that cyber security professionals who reasonably believe they have authorisation to act can legitimately do so.
Ollie Whitehouse, CTO of NCC Group and spokesperson for the CyberUp Campaign, said: “This research and the resultant report significantly adds to the body of evidence suggesting that we must reform this outdated legislation to ensure the cyber resilience of the United Kingdom and its allies. Defending against cyber-attacks has shown the cyber industry-government partnership at its finest, but the Computer Misuse Act limits this kind of collaboration and constrains its full potential whilst undermining the economic opportunities for UK companies.”
Julian David, Chief Executive Officer, techUK, said: “These results correspond with what we hear from our cyber security members about the Computer Misuse Act – that it is holding their businesses back. As Government develops its next National Cyber Security Strategy and continues to strongly invest in the sector, ensuring we develop the right legal framework for cyber security companies is an essential component of our future success.”
And Roxanne Morison, Head of Digital Policy at the Confederation of British Industry, added: “The UK must remain at the cutting-edge of cyber resilience. The CBI is glad to support the CyberUp Campaign and backs carefully updating the legislation to reflect today’s threat ecosystem. These proposals will not only strengthen the UK’s dynamic cyber security sector, but would also ensure British business a whole is more secure.”
Visit https://www.cyberupcampaign.com/.
