Back in 2011, the Cabinet Office launched a cyber security strategy outlining steps the UK Government would take to tackle cyber crime by 2015. The National Cyber Security Programme invested £650 million funding to support the strategy ‘Protecting and Promoting the UK in a digital world’. Measures proposed by the strategy included:
- Reviewing existing legislation, e.g., Computer Misuse Act 1990, to ensure remains relevant and effective
- Pioneering a joint public-private sector cyber security to allow exchange of data on cyber threats across sectors to manage response to cyber attacks
- Seeking to agree a voluntary set of guiding principles with Internet Service Providers
- Developing kite marks for approved cyber security software
- Encouraging UK courts to enforce sanctions for online offences under the Serious Crime Prevention Order
- Creating a new national cyber crime capability as part of the National Crime Agency
- Creating a single reporting system for cyber crime using the Action Fraud portal run by the National Fraud Authority
- Strengthening the role of Get Safe Online to raise awareness and education about online security
In line with the third proposal of the strategy, the Department for Business, Innovation and Skills has now issued new guiding principles developed and agreed between government and leading Internet Service Providers (ISPs), such as ISPA, BT, Sky, Talk Talk, Vodafone and Virgin Media, to promote cyber security and protect ISP customers from online threats.
The first section of the principles propose ISPs must:
- Increase customer awareness of cyber security issues (including by directing to Get Safe Online and other national campaigns), and educate customers on the basic online threats, how to practise safe online behaviour, and how to spot cyber crime and report through Action Fraud
- Empower customers to protect themselves from online threats through providing tools such as anti-virus software, anti-spyware, anti-spam, malware protection or firewall protection
- Provide clear mechanisms to encourage customers to report compromises or threats to minimise the impact of cyber threats
The second section mandates government must:
- Continue to make businesses aware of cyber threats and educate them how to respond through guidance, e.g., Cyber Security Guidance for Business issued 2012 and Small Business Guidance for Cyber Security 2013
- Advise nationally on improving cyber security, e.g., Get Safe Online
- Increase enforcement of online threats through the national crime capability of the National Crime Agency
The guidelines conclude by highlighting cyber security issues the government and ISPs will partner to resolve jointly going forward to achieve the aims of the UK cyber security strategy.