As hi-tech fraudsters find ever more devious means of parting consumers not only from their money but even their identities, security experts across industry and government are having to devise increasingly sophisticated ways of protecting themselves and customers.
To help create a united front against the exponentially increasing cyber-crimes of ‘phishing’ and identity theft a DTI-funded Knowledge Transfer Network (KTN) — the 18th — has been set up. Managed by Qinetiq, this newest addition to the KTN family will, its members hope, help combat this growing wave of hi-tech crime.
The Cyber-Security KTN will be overseen by a steering committee that reads like a Who’s Who of industry heavyweights and technology organisations ranging from academia to government. Industry will be represented by experts from BP, Visa, British Airways, HP and Microsoft among others, while the DTI, Home Office and MoD will represent the Government. Academia has a smaller but vital role and
Sadie Creese is strategic research manager for Qinetiq’s information security division and director of the Cyber Security KTN. In her opinion, bringing together such a diverse group of stakeholders in the KTN is essential if the problems of cyber-security are to be addressed.
‘There is currently lots of work fragmented across the
Creese said the network will look ahead to see which security issues and problems need solving, then develop a strategy to tackle them. This could take a number of forms, including feeding recommendations for urgent research and development into the DTI innovation platform. The £10m fund, which was announced in November last year, will fund calls for research projects, demonstrator projects and the development of standards for network security — a key issue for the KTN.
The committee met for the first time last week and identified four priorities as its initial focus. The £1.8m budget will be divided across a range of working groups and projects under these four areas. The first — identity management — is particularly timely as it will cover issues surrounding identity cards, including the introduction of biometric security measures.
It will look at what has been done in the financial services industry regarding efficient identity management and network security, where companies have been able to deploy secure technologies on a global scale. ‘We will be looking at the lessons that can be learned in systems engineering, technology and how those lessons can be applied to things like a national ID card scheme,’ said Creese. ‘These big multinational companies will certainly have considered biometrics and how it can be used to store information in their systems.’
The job of securing people’s identities includes access to buildings and data networks through to the value of the biometrics used and reliability of technologies such as retina-scanning.
The second priority area concerns the way humans interact with technology and how that impacts on network and identity security. Creese believes that simplifying the way cyber-security systems work could massively improve their performance. ‘We have to ask, is there anything we can do to make security more usable and help people use it properly? Often the problem lies with humans switching things off or not using them properly, such as keeping virus protection software up to da te.’
The KTN plans to study how design professionals can make systems easier to use. ‘We’re looking at the human- computer interface,’ said Creese. ‘People use PDAs, mobiles phones, computers all the time, while in industry there is more bespoke access to technologies making it a very complex situation.’
Third is the problem known as metrics. This will mean initiating research into the efficiency of different security solutions and how that can be measured. This will lead to the development of sensors for data-gathering and more effective software with algorithms that provide maximum security, said Creese.
The fourth priority area will build on the work of the Trusted Computing Group. This consortium of computing and chip manufacturers including HP, Sun and Intel among others aims to provide specific circuits and protocols that are intrinsically more resistant to attack by external viruses and other unwanted cyber attacks. While doubt has been cast on the group’s altruistic motives in the past, both HP and Microsoft are on the steering committee for the new KTN as well as being integral members of the Trusted Computing Group.
Creese is certain that the trusted computing model is the way to better protect consumers and businesses. ‘If we can have a core of technology chips and operating systems with applications built on top of them it will make security much easier,’ she said. ‘We have an excellent range of expertise in the