Securing the Information Society

Dr Ian Brown, Senior Research Fellow Oxford Internet Institute

Availability & integrity of Critical National Infrastructure
Protection of confidential information
Manageable levels of fraud
… all in cost-effective form, where costs include inconvenience, enhancement of fear, negative economic impacts & reduction of liberties

Highly efficient criminal economy has sprung up (bot herders, coders, mules, phishermen)
Phishing (Symantec detected 55,389 phishing website hosts in 2008) – with increased targeting
Compromised machines (Symantec observed 75,158 bots/day)
Anti-Phishing Working Group Q2 2008 report

Internet Crime Complaint Center 2008 Annual Report p.3 Symantec Internet Security Threat Report 2009 p.10

Appropriate resourcing for law enforcement
Fund security R&D, where appropriate with INFOSEC agency participation
Use procurement, licensing and standardisation power to require significantly higher security standards in systems and services
Use diplomacy to pressure state actors behind Russian Business Network, DDoS attacks, classified network incursions etc.

House of Lords concluded liability should be shifted to some combination of software vendors, ISPs and financial institutions
Intended to incentivise innovations such as RBS off-line consumer card terminal

Securing the Information Society

by Ian Brown on Oct 12, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 3

Statistics

Securing the Information Society — Presentation Transcript