Government to consult businesses on e-crime policy

Government to consult businesses on e-crime policy

Summary: The coalition government plans to ask the private sector for suggestions that will feed into cybercrime policy, with small businesses also involved

TOPICS: Security

The coalition government plans to invite British businesses to take part in shaping its policy on combating e-crime such as online fraud and cyberattacks, the Home Office minister for security has said.

On Thursday, Baroness Pauline Neville-Jones said that the government will tap into the experience of the UK private sector, which has a good track record in information assurance and cybersecurity.

"The next stage is inviting the active participation of the private sector in the development of policy," Neville-Jones told the Homeland and Border Security 2010 conference in London. "This country has a highly developed cybersecurity posture."

The Conservative Party stated before the election that it wanted the Information Commissioner's Office to conduct a consultation with the private sector to establish guidance on cybersecurity, including a product kitemark. Various government agencies work closely with industry to test security products and services. The Centre for the Protection of National Infrastructure (CPNI), for example, tests information security products and services destined for use by companies which include electricity suppliers.

Read this

Know the enemy: today's top 10 security threats

The more you know about the likely avenues of cybercrime attack, the better you can protect yourself against them, says Alan Calder

Read more

In addition to working with corporations, policymakers will harness security ideas from small and medium-size businesses, Neville-Jones told ZDNet UK.

"The government traditionally has a role with captains of industry [but] we want SMEs to be in there," she said. "Very often SMEs produce innovation that can be turned into a big product or big export, or influence."

Small businesses will be able to feed into the policy-making process through the supply chain, she added. While the government does not want to have "tonnes of people in the room", it will gain contact with small businesses through large government suppliers and systems integrators, according to Neville-Jones.

Security company Detica welcomed the government's commitment to getting policy input from the private sector.

"Cyber is definitely a growing threat, and we need a combined response from the public and private sectors to counter that threat," Detica managing director Martin Sutherland told ZDNet UK. "British investment in the high-tech industry gives the opportunity to develop intellectual property."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • We thoroughly support the new government pledging to work closely with the private sector on developing and implementing a cyber security policy and welcome the increased focus on a very important issue for all UK businesses; as exemplified by the numerous high profile data breach cases in recent months.

    An important starting point in developing such policy is to recognise that there will be weaknesses in any information security strategy, and the goal is to mitigate risk (whether it be from accidental leaks or via a more serious cyber criminal attack) to the highest possible degree using both detective and preventive controls.

    There are then three steps that need to be considered, the adherence to policies put specifically in place to limit access to IP, the implementation of measures to detect if a breach has occurred and finally the ability to deal with them effectively and remediate the breach to limit its impact or the possibility of it repeating.

    Todd Chambers, Courion