UK Internet Security: State of the Nation – The Get Safe Online Report, November 2011
When a security site is backed by several government departments (including the Home Office), by law enforcement (the Serious Organized Crime Agency) and the intelligence services (Centre for the Protection of the National Infrastructure, which holds hands with MI5 and CESG), then it should be taken seriously. So, when such a site (Get Safe Online) releases a grandiose report with a grandiose title (UK Internet Security: State of the Nation – The Get Safe Online Report, November 2011), we should expect something serious. This is, we are promised, the state of the nation.
But it is poor. It is trivial. Most secondary school magazines could do better simply by writing to the security industry and asking different companies to provide a brief comment on a particular security aspect. Because that’s all that this is – a series of separate contributed articles from some of the companies and agencies that sponsor Get Safe Online.
Coupled with the widespread use of advanced anti-spyware software provided by banks, as well as the excellent advice from Get Safe Online, HSBC believes our online customers are now safer than ever.
SOCA gives us this gem:
It would be good to think that we could arrest and prosecute every cyber criminal… [but] this will never happen. [So] an equally important activity is prevention and awareness.
Which just goes to show that law enforcement has forgotten its role: viz, we should prevent crime first, and arrest the remaining criminals. The modern version believes that we should arrest all the criminals we can, and then try to stop the ones we miss.
At VeriSign we’re constantly trying to educate people about online threats and raise awareness about the dangers of social engineering, which is the main trick used by cybercriminals.
Which is simultaneously horribly naive (all cybercriminality depends upon social engineering somewhere), and self-aggrandizing. Trend’s Rik Ferguson makes a serious attempt at saying something meaningful without blowing his company trumpet:
The volume of mobile malware has not yet reached the epidemic proportions of computer-based malware, but criminal interest is clearly there and growing. We are seeing multi-platform attacks distributed by the same criminal groups that traditionally have focused on conventional systems. Smartphone security, such as encryption and anti-malware, is available but not widely deployed. The need is already there for it to be commonplace.
But here’s the problem with a government-backed site taking sponsorship money from private companies. That company endorses the site – but there is a clear indication that the reverse is also true: the government sponsors that company. Since Trend Micro is the only anti-virus company mentioned in the State of the Nation report, it comes across that Trend Micro is the anti-virus company preferred and recommended by government. The same argument can apply to most of the other ‘contributors’.
So not only is this ‘state of the nation’ report both trivial and a possible contender for being prosecuted under the Trades Description Act, it is also an insult to the 99% of the security industry that has declined to spend its money on buying dubious government advertising. You may have gathered that I am not merely unimpressed by this report, I am frankly appalled.