UK police need a "state of the art espionage response centre" to help combat the growing tide of cyber attacks targeting British industry, MPs have warned.
The Home Affairs Select Committee has called for the creation of the centre after Committee Chair Keith Vaz said a 10 month review of police anti-e-crime efforts showed a need for drastic action.
"We are not winning the war on online criminal activity. We are being too complacent about these e-wars because the victims are hidden in cyberspace. The threat of a cyber attack to the UK is so serious it is marked as a higher threat than a nuclear attack," he said.
The report criticised budget cuts to specialist UK police units, announced by deputy assistant commissioner at the City of London Police, Adrian Leppard. The cuts will see up to a quarter of the UK's 800 specialist internet crime officers lose their jobs and a 10 percent reduction to the Child Exploitation and Online Protection Centre's (Ceop) budget.
The cuts come despite the revelation that around 1,300 criminal gangs specialising in fraud are actively targeting British industry.
Vaz said the cuts are unacceptable, citing them as proof of the need for the new specialised cyber espionage response centre. "We need to establish a state of the art espionage response centre. At the moment the law enforcement response to e-criminals is fractured and half of it is not even being put into the new National Crime Agency," he said.
Vaz said even with the e-crime strategy and new initiatives, police and government will need the help of technology companies to combat cyber crime. The MP reiterated prime minister David Cameron's call for internet service providers (ISPs), search engines and social media services to more diligently monitor what content is being posted on their networks.
"The Prime Minister was right this week to highlight the responsibility of the internet service providers, search engines and social media sites. They are far too laid back about what takes place on their watch and they need to do more to take inappropriate content down. If they do not act, the Government should legislate," he said.
The Home Office report also called for a review on sentencing guidance for e-criminals to ensure cyber criminals receive the same sentences as real-world crooks and the creation of a foundation focused on reporting and removing online terrorist content.
The national policing lead on e-crime deputy chief constable Peter Goodman addressed the Home Office's report, reiterating that law enforcement is working to combat the evolving threat with its new ACPO e-Crime strategy.
"The police service – like the other agencies that are working to combat e-crime – is continually adapting to meet the threat. There is absolutely more to do but we are committed to protecting victims and preventing this form of crime as well as targeting offenders," he said.
"The ACPO e-crime strategy will drive forward further improvements in this area including increasing the number of regional e-crime hubs. These hubs have been successful in improving our regional capability and response times as well as supporting the work of the Police Central e-Crime Unit."
Representatives of the security community have welcomed the Home Office's report, but added that the problem will not be solved with legislation alone. Performanta UK chief technology officer Lior Arbel said the problem is largely down to education, with most businesses' employees remaining woefully ignorant of cyber best practice.
"[We] must realise we are all in the data protection business and take responsibility for our actions. Businesses in particular must be proactive and deal with the threat of critical data loss right now at a technological level in order to protect themselves and their employees," he said.
Damballa global technical consultant, Adrian Culley, mirrored Arbel's sentiment, arguing that UK cyber skills levels need to be raised across the board.
"We all need to know how to be safe in our digital lives and a 'cyber proficiency' programme is now required to help empower people of all ages. The skill level must be raised across society, including for those officials tasked with responsibilities in these areas," he said.
The security consultants are two of many to criticise UK industry's cyber skills levels. Most recently Sophos director of technology James Lyne told V3 that a lack of security awareness among UK SMEs is letting hackers hijack up to 30,000 legitimate business websites per day, turning them into malware-spreading tools.
Campaigners want US authorities to break-up Instagram, WhatsApp and Messenger into separate companies
The perception of the industry as "a white man in a hard hat" is limiting new applicants, says Hayaatun Sillem
Almost two years late - and just as AMD is readying 7nm Zen 2 for early 2019
Eye-wateringly expensive smart speakers take just six per cent market share, claims Strategy Analytics