U.K. security vendors and high-tech experts reject idea of a cybersecurity tsar

Published 30 November 2005

Last week, Mark Pritchard, the Conservative MP for The Wrekin, also called for the creation of a national agency to combat the growing threat of cybercrime, but experts argued that there are already enough government agencies addressing this issue. Experts point out that cybersecurity already falls within the remit of Ian Watmore, head of the e-government unit of the Cabinet Office. “It’s difficult to understand what kind of role a cybersecurity tsar would have that’s not already covered by Ian Watmore. Would the tsar be reporting to Watmore, or competing with him?” said Paul Wood, senior analyst for security specialist MessageLabs. “You can’t just bang a big drum and make a lot of noise about security and not take into account the complexity of the issues.”

The police were also unable to see the point in creating a centralized cybersecurity agency to raise awareness, as one already exists. “We already have the National Infrastructure Security Co-ordination Centre (NISCC) — it would be difficult to see (another cybersecurity agency’s) remit,” said a spokesperson for the National Hi-Tech Crime Unit. NISCC is charged with protecting the U.K. critical national infrastructure. MessageLabs also argued that an American cybercrime-fighting model (as suggested by Pritchard) is already in the pipeline through the impending formation of the Serious Organized Crime Agency (SOCA), a merging of the National Crime Squad (which the NHTCU is part of), the National Criminal Intelligence Service and the investigative branches of the Customs and Immigration Service. “The formation of SOCA will be the closest thing we have to the FBI in this country, it will improve [cybercrime-fighting] in the future,” said Wood. “I wonder how having just one agency would differ from the NHTCU’s GetSafeOnline scheme, or ITSafe,” said Graham Cluley, senior technology analyst for Sophos. ITSafe is a scheme to raise security awareness among small businesses, while GetSafeOnline is aimed at consumers.

-read more in this report; and see the Web site of ITSafe; and this report on GetSafeOnline