Cyber-cavalry guns for cyber-criminals

Only weeks after the National High Tech Crime Squad saddled up and rode out to crack down on cyber crime, further support has arrived from the Communications Management Association (CMA).

The cyber-cavalry, launched today and backed by the CMA, has been dubbed the Institute for Communications Arbitration and Forensics (ICAF). It will act as a focal point for best practice in Information and Communications Technology (ICT) security.

Graham Robinson, ICAF's chief executive, acknowledged that the scheme still has a long way to go, but claimed it would be boosted by close ties with the high-tech crime squad and corporate partners.

"To be better than the criminals, we not only need specialist skills and knowledge of the technologies, but also a better understanding of our legal obligations and responsibilities. While ICT workers should not pretend to be lawyers, they need enough experience of law and the courts to add sufficient skills to the fight against cyber-crime," he said.

Robinson also warned that no-one was immune to security breaches. "Some 30 per cent of all UK crime is fraud, and 50 per cent of this is ICT related," he said.

"By 2002, this will be costing the UK over £26bn in damages. Because increasing technology increases risk, we need specialist technology knowledge as well as legal skills to fight back."

ICAF claims the top challenge facing network security mangers today is how to protect delivery methods rather than content. This includes keeping the network, email and website services secure.

But in 12 months' time, these priorities will be 50 per cent less important than they are now and will be replaced at the top of the list by the need to detect security breaches.

David Harrington, director general of the CMA, said that as users introduce new technology, they find it harder to detect the crime carried out using that technology. But internal threats are on the rise, and malicious attacks are swallowing up resources.

Out of 172 respondents to a survey sent out by the CMA, only 37 per cent said they had a formal security plan, while 44 per cent believed it was "less than effective". As a result, 61 per cent admitted that actually detecting crime was a significant challenge, although as many as 48 per cent recognised that security breaches could put the future of their company at risk.

Skills shortages also pose another problem. Some 58 per cent of respondents said they did not have a dedicated security manager, and of those that did, as many as 35 per cent were not qualified. This lack of resources means that both civil and criminal actions are not pursued, leaving violators, in the main, to escape prosecution.