Security industry doesn't want a cybersecurity tsar

Security industry doesn't want a cybersecurity tsar

Summary: How would a security supremo and a national agency have more effect than existing measures, asks vendors and hi-tech police

TOPICS: Security

Security vendors and high-tech police see little need for a 'cybersecurity tsar', as demanded by a Conservative MP last week .

As ZDNet UK reported on Monday, Mark Pritchard MP also called for the creation of a national agency to combat the growing threat of cybercrime. But experts argued on Tuesday that there are already enough government agencies addressing this issue.

MessageLabs, an email security vendor, pointed out cybersecurity already falls within the remit of Ian Watmore, head of the e-government unit of the Cabinet Office.

"It's difficult to understand what kind of role a cybersecurity tsar would have that's not already covered by Ian Watmore. Would the tsar be reporting to Watmore, or competing with him?" said Paul Wood, senior analyst for MessageLabs. "You can't just bang a big drum and make a lot of noise about security and not take into account the complexity of the issues," Wood added.

The police were also unable to see the point in creating a centralised cybersecurity agency to raise awareness, as one already exists.

"We already have the National Infrastructure Security Co-ordination Centre (NISCC) — it would be difficult to see (another cybersecurity agency's) remit," said a spokesperson for the National Hi-Tech Crime Unit.

NISCC is charged with protecting the UK's critical national intrastructure. However, it was criticised as toothless in April this year by Lord Harris of Haringey, who argued that it needs to be able to force government agencies and businesses to improve their security.

MessageLabs also argued that an American cybercrime-fighting model (as suggested by Pritchard) is already in the pipline though the impending formation of the Serious Organised Crime Agency (SOCA), a merging of the National Crime Squad (which the NHTCU is part of), the National Criminal Intelligence Service and the investigative branches of the Customs and Immigration Service.

"The formation of SOCA will be the closest thing we have to the FBI in this country — it will improve [cybercrime-fighting] in the future," said Wood.

Sophos, another security vendor, also argued that present awareness raising initiatives were effective.

"I wonder how having just one agency would differ from the NHTCU's GetSafeOnline scheme, or ITSafe," said Graham Cluley, senior technology analyst for Sophos.

ITSafe is a scheme to raise security awareness among small businesses, while GetSafeOnline is aimed at consumers.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Security requires total solutions since security can only be as strong as the weakest link and there's much ground that needs to be covered. Given that in the tradional government model many departments tend to get in the way of each other without knowing what the other is or isn't doing one independant and overspanning all department that keeps overall view and identifies holes missed should be welcomed.

    On the other hand. A 'see all, be all' department is best left to a signalling function only in order to avoid 'one size fits all' disasters.