Security industry doesn't want a cybersecurity tsar
Security vendors and high-tech police see little need for a 'cybersecurity tsar', as demanded by a Conservative MP last week .
As ZDNet UK reported on Monday, Mark Pritchard MP also called for the creation of a national agency to combat the growing threat of cybercrime. But experts argued on Tuesday that there are already enough government agencies addressing this issue.
MessageLabs, an email security vendor, pointed out cybersecurity already falls within the remit of Ian Watmore, head of the e-government unit of the Cabinet Office.
"It's difficult to understand what kind of role a cybersecurity tsar would have that's not already covered by Ian Watmore. Would the tsar be reporting to Watmore, or competing with him?" said Paul Wood, senior analyst for MessageLabs. "You can't just bang a big drum and make a lot of noise about security and not take into account the complexity of the issues," Wood added.
The police were also unable to see the point in creating a centralised cybersecurity agency to raise awareness, as one already exists.
"We already have the National Infrastructure Security Co-ordination Centre (NISCC) — it would be difficult to see (another cybersecurity agency's) remit," said a spokesperson for the National Hi-Tech Crime Unit.
NISCC is charged with protecting the UK's critical national intrastructure. However, it was criticised as toothless in April this year by Lord Harris of Haringey, who argued that it needs to be able to force government agencies and businesses to improve their security.
MessageLabs also argued that an American cybercrime-fighting model (as suggested by Pritchard) is already in the pipline though the impending formation of the Serious Organised Crime Agency (SOCA), a merging of the National Crime Squad (which the NHTCU is part of), the National Criminal Intelligence Service and the investigative branches of the Customs and Immigration Service.
"The formation of SOCA will be the closest thing we have to the FBI in this country — it will improve [cybercrime-fighting] in the future," said Wood.
Sophos, another security vendor, also argued that present awareness raising initiatives were effective.
"I wonder how having just one agency would differ from the NHTCU's GetSafeOnline scheme, or ITSafe," said Graham Cluley, senior technology analyst for Sophos.
ITSafe is a scheme to raise security awareness among small businesses, while GetSafeOnline is aimed at consumers.