Crackdown on the cyber crooks

Top industrialists and academics are joining the government in a concerted attack on the growing threat of hi-tech fraudsters. Niall Firth reports.

Cyber-crime cost UK businesses more than £2.45bn last year, according to recent figures released by the National Hi-tech Crime Unit, and it seems likely this will increase in the near future.

As hi-tech fraudsters find ever more devious means of parting consumers not only from their money but even their identities, security experts across industry and government are having to devise increasingly sophisticated ways of protecting themselves and customers.

To help create a united front against the exponentially increasing cyber-crimes of ‘phishing’ and identity theft a DTI-funded Knowledge Transfer Network (KTN) — the 18th — has been set up. Managed by Qinetiq, this newest addition to the KTN family will, its members hope, help combat this growing wave of hi-tech crime.

The Cyber-Security KTN will be overseen by a steering committee that reads like a Who’s Who of industry heavyweights and technology organisations ranging from academia to government. Industry will be represented by experts from BP, Visa, British Airways, HP and Microsoft among others, while the DTI, Home Office and MoD will represent the Government. Academia has a smaller but vital role and OxfordUniversity will be a contributor to the committee, to be chaired by a BT representative.

Sadie Creese is strategic research manager for Qinetiq’s information security division and director of the Cyber Security KTN. In her opinion, bringing together such a diverse group of stakeholders in the KTN is essential if the problems of cyber-security are to be addressed.

‘There is currently lots of work fragmented across the UK, with different groups addressing certain issues,’ she said. ‘Academia, industry and government are all working on different systems but there is currently no single platform. We are bringing together a wide range of expertise to address universal problems in an unparalleled manner.’

Creese said the network will look ahead to see which security issues and problems need solving, then develop a strategy to tackle them. This could take a number of forms, including feeding recommendations for urgent research and development into the DTI innovation platform. The £10m fund, which was announced in November last year, will fund calls for research projects, demonstrator projects and the development of standards for network security — a key issue for the KTN.

The committee met for the first time last week and identified four priorities as its initial focus. The £1.8m budget will be divided across a range of working groups and projects under these four areas. The first — identity management — is particularly timely as it will cover issues surrounding identity cards, including the introduction of biometric security measures.

It will look at what has been done in the financial services industry regarding efficient identity management and network security, where companies have been able to deploy secure technologies on a global scale. ‘We will be looking at the lessons that can be learned in systems engineering, technology and how those lessons can be applied to things like a national ID card scheme,’ said Creese. ‘These big multinational companies will certainly have considered biometrics and how it can be used to store information in their systems.’

The job of securing people’s identities includes access to buildings and data networks through to the value of the biometrics used and reliability of technologies such as retina-scanning.

The second priority area concerns the way humans interact with technology and how that impacts on network and identity security. Creese believes that simplifying the way cyber-security systems work could massively improve their performance. ‘We have to ask, is there anything we can do to make security more usable and help people use it properly? Often the problem lies with humans switching things off or not using them properly, such as keeping virus protection software up to da te.’

The KTN plans to study how design professionals can make systems easier to use. ‘We’re looking at the human- computer interface,’ said Creese. ‘People use PDAs, mobiles phones, computers all the time, while in industry there is more bespoke access to technologies making it a very complex situation.’

Third is the problem known as metrics. This will mean initiating research into the efficiency of different security solutions and how that can be measured. This will lead to the development of sensors for data-gathering and more effective software with algorithms that provide maximum security, said Creese.

The fourth priority area will build on the work of the Trusted Computing Group. This consortium of computing and chip manufacturers including HP, Sun and Intel among others aims to provide specific circuits and protocols that are intrinsically more resistant to attack by external viruses and other unwanted cyber attacks. While doubt has been cast on the group’s altruistic motives in the past, both HP and Microsoft are on the steering committee for the new KTN as well as being integral members of the Trusted Computing Group.

Creese is certain that the trusted computing model is the way to better protect consumers and businesses. ‘If we can have a core of technology chips and operating systems with applications built on top of them it will make security much easier,’ she said. ‘We have an excellent range of expertise in the UK and the problems of cyber-crime are universal and common to everyone, whether you are from industry or end-users. We stand to make real gains by clubbing together on these issues, by getting together research organisations with industry we can have a single point of call for identifying expertise in the UK and help institutions to better exploit the global market for these technologies as well.’