Mixed results for key Government cyber-initiatives
The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.
Mixed results for key Government cyber-initiatives
The Government's new Verify scheme, which offers the first fully digital way to cut citizens' ID theft, is set to be used by around 470,000 people by next April, a drop of more than 20 percent on its original target of 600,000 users by the end of 2014.
But the Government also revealed this week that another key plank in its £860 million Cyber Security Strategy, the ‘CISP' threat intelligence sharing scheme, is ahead of target with more than 680 organisations already signed up, compared to a target of just 500 by end of 2014.
The progress on both GOV.UK Verify and CISP has been welcomed by the cyber-security community.
The Verify initiative, which went into beta test earlier this month, is Britain's first secure way to check people's identity online and cut ID theft and fraud.
The Government said this week it will be used by roughly 470,000 people by next April, dealing with departments ranging from HM Revenue & Customs to the DVLA and Insolvency Service. Eventually the departments involved will be using Verify to serve more than 20 million UK citizens a year.
The scheme was talked up this week Cabinet Office Minister Francis Maude, who said it will also eventually be used by private companies to check people are who they claim to be.
Maude said: “The more we spend our life online, the more important it becomes that someone signing in to use a service is who they say they are. For the first time GOV.UK Verify will allow people to prove their identity in an entirely digitally way. And it will allow government – and eventually private sector services too – to trust that a user is who they say they are.
“We are working with business to develop the service so that, in time, it can make a real contribution to trust and security in the digital age.”
Maude also praised the CISP (Cyber Security Information Sharing Partnership) - in the same week as CERT-UK director Chris Gibson confirmed it had beaten its target by reaching more than 680 users.
Maude is urging yet more organisations to join CISP scheme because “the more information that's shared, the better the overall picture and the greater our collective resilience”.
His enthusiasm is shared by leading figures in the UK cyber community.
Alan Woodward, a Europol adviser and visiting professor at Surrey University's Computing Department, told SCMagazineUK.com: “Nothing's ideal but the sorts of things the Government are putting in place, they should be commended for because they are working.
“Something like CISP is vital. There has been a reluctance among commercial organisations to share intelligence about attacks for obvious reasons. Only the Government could do this in a non-competitive way.
“I know we've been a bit slow off the mark in getting our own UK CERT off the ground but it's started to have an impact, people are starting to use it now, they're starting to become aware of it.”
Woodward also said Verify is “a fantastic idea because identity theft is ever so much more common”.
He told SC: “It's absolutely the right sort of thing to do and doing it in beta is good because you can iron out the kinks before we all become totally reliant on it.”
Woodward added: “The only worry is, I think it would be difficult to steal somebody's identity, but how easy would it be to set up a completely false identity?
“I'm sure there will be the odd kink but overall it's absolutely the right direction of travel. People will come to trust this totally.”
In terms of commercial companies using people's government-verified ID, he said: “When you open it up to third parties to use, could that pose a security risk in its own right? It needs to be done carefully. But if it could be done securely, then I think it would be a great idea.”
Sarb Sembhi, consultancy services director with STORM Guidance and a leading member of the ISACA International security professionals organisations, agreed Verify is “a big deal”.
He told SCMagazineUK.com: “If you are presenting yourself on a government website and need to prove who you are, this is going to help. It is major and it is very welcome because it means we're not going to fall behind other countries who've managed to get this far a few years ago.”
Sembhi added: “The fact that we've got something today that is digital that is going to help e-commerce is very very significant. It is something commercial firms will get involved in once they start to see the benefits as it evolves. It will definitely help move e-commerce on in many ways.”
He also said threat intelligence sharing is “vital” and welcomed the fact that CISP is now moving beyond selected industries and larger organisations. However, Sembhi said: “It will difficult to get smaller ‘mom and pop' type businesses on board.”
* Also this week, the Home Office admitted that state snooping on private communications has more than doubled under the Coalition Government. In 2010 the Home Office used the Ripa anti-terror law to access 2,813 items of communications data, but in 2103 the figure climbed to 6,056 items.
The numbers were given in reply to a written parliamentary question from Home Affairs Select Committee chair Keith Vaz.