International experts launch anti-cybercrime plan

At Infosecurity 2009, US and European government security agencies announce a high-level plan to tackle cybercrime

An international group of security experts has launched an action plan against cyberthreats.

The roadmap, launched on Wednesday at Infosecurity 2009 in London, was formulated by security specialists from organisations including the US Department of Homeland Security and the UK Ministry of Defence, and is designed to promote secure systems design.

The Cyber Security Knowledge Transfer Network (KTN), a UK government-funded organisation that liaises between agencies around the world, co-ordinated the formulation of the roadmap.

Building in information security, privacy and assurance — a high-level roadmap was written by Nigel Jones, director of KTN, who told ZDNet UK on Wednesday that parts of the plan will be taken forward by the UK's Centre for the Protection of National Infrastructure (CPNI).

"We're trying to break down barriers as to why we are not designing in information assurance as we should," said Jones. "We describe a vision of built-in security and privacy by design."

The purpose of the initiative is to enable the development and procurement of resilient software and systems, where security and privacy requirements are defined at the beginning of a project and assured throughout the project lifespan, according to the roadmap.

The high-level action plan calls for co-ordinated action in developing business models that encourage secure engineering and facilitate the writing of secure code through technical means.

Jones said some commonly used programming languages, such as C, actively encourage developers to write insecure applications, because C was originally designed to enable interoperability between applications rather than as a secure coding language.

Jones added that organisations could change their business models to employ independent software architects to build applications that perform business functions, while maintaining security.

In the UK, responsibility for promoting secure software development will rest with the CPNI and the Technology Strategy Board, a government-sponsored organisation that seeks to encourage innovation in technology.

The KTN has been involved in various knowledge-sharing initiatives, including looking at how AI techniques can boost digital forensics.