The Government has today published a series of “aspirational” and “voluntary guiding principles” that have been designed to help improve online security for customers of the country’s major broadband ISPs. Better late than never?
The Guiding Principles will be implemented through a partnership between the UK internet industry (e.g. ISPA, BT, Sky Broadband, Virgin Media, TalkTalk and Vodafone etc.), Government, any relevant independent bodies (e.g. Get Safe Online) and will be conducted within existing legal frameworks while also “respecting customer privacy“.
Under the new guidelines ISPs and mobile operators will need to either provide their own education and awareness information or link to somewhere / somebody else, such as through a special partnership, that can help their customers to understand what “basic” online threats exist, the symptoms they may experience from them, how to spot potential problems with their computer or account, how to fix those problems and how they can report crimes through Action Fraud.
Participating Internet providers will also be required to offer tools and or advice on useful security solutions, such as by offering anti-virus / spam / spyware / malware filtering, firewalls, information on identity protection and so forth. Interestingly ISPs will also be asked to inform customers about how they can report related online compromises or threats and have processes in place to escalate credible reports to “facilitate risk mitigation“.
The Government also wants members of the partnership to work together on a number of related initiatives.
Joint Working – Government and ISPs
* Law Enforcement Agencies/ISP information sharing and action regarding identified risks and wider cooperation.
* Partnering between Government and the internet industry to raise awareness amongst customers of the importance and benefits of behaving safely online.
* ISPs to explore reviewing themselves against the 10 Steps to Cyber Security as appropriate to its business.
* Investigate potential ways in which issues can be brought to the attention of customers.
Apparently all the members of this new partnership will meet on a quarterly basis to discuss their progress on the above outlined areas. A cyber security awareness-raising campaign is also being prepared for launch in the near future.
At this stage it’s difficult to know whether any of the measures will have a serious impact. Most consumers already seem to use some form of Internet security solution and the majority of broadband packages tend to bundle related tools and software. Meanwhile some ISP websites are so cluttered that unless the message is slapping you right in the face then any new content could easily be overlooked.
On the other hand we do like the idea of a more informed approach to the issue of online security, although it’s hard to ignore the feeling that this is something which could have been done 10 years ago. Perhaps what we really need are tougher and more effective global measures against SPAM, those who produce online viruses / botnets etc. and anybody whom intentionally facilitates their distribution.