sb-eu logo
Story image

UK's cybersecurity laws 'crying out for reform'

29 Jan 2020

The United Kingdom’s Computer Misuse Act 1990 is crying out for a new reform, according to a new report from the Criminal Law Reform Now Network (CLRNN).

The current Computer Misuse Act (CMA) states that it is illegal for people to access or modify data on a computer without authorisation.  This kind of criminal activity is most prevalent in cyber attacks.

However, the CLRNN states that the Act is holding cybersecurity professionals back, because they legally cannot conduct threat intelligence research against cybercriminals and geopolitical threat actors.

“The Computer Misuse Act is crying out for reform. It needs to be future- and technology-proofed to ensure it can meet the challenges of protecting the embedded internet-based culture we all live in and depend on. This report delivers a blueprint for the government to use and develop to make the law more effective in policing and prosecuting cybercrime,” says CLRNN member and barrister Simon McKay.

That position is backed by academics and cyber advocates from the likes of Birmingham Law School, and NCC Group.

NCC Group global CTO Ollie Whitehouse says that the report exposes the UK’s outdated cybersecurity crime laws, which leave the cyber industry tackling one of the biggest threats facing our national security.

“[The laws are] within a regime drawn up 30 years ago – when less than 0.5% of the world’s population had access to the internet.”

“The government needs to take urgent action by updating and upgrading the Computer Misuse Act so our nation’s cyber defenders no longer have to act with one hand tied behind their backs, paralysed by the fear of being prosecuted for doing their jobs.”

“In today’s uncertain international climate, the ability of cyber criminals and geo-political threat actors to disrupt our technology systems will only continue to grow. We must seize the opportunity to develop 21st century to allow the industry to flourish and make the country safer and more secure.”

The reports’ recommendations include:

  • A range of measures to better tailor existing offences in line with the UK's international obligations and other modern legal systems, including new corporate offences.
  • New public interest defences to untie the hands of cyber threat intelligence professionals, academics and journalists to provide better protections against cyber-attacks and misuse, while ensuring consistency with overlapping offences within the Data Protection Act 2018.
  • A set of new targeted guidance for prosecutors, including the prosecution of young defendants, and calls for greater transparency regarding the use of PREVENT programmes by police.
  • The creation of new sentencing guidelines, and provides detail on their formation and function.
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
California's CCPA now enforced worldwide
“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” comments ISACA Privacy Group member David Bowden.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More