Of all of the proposals in last week's Cyber Security Strategy, most seemed to be government or public sector led with little direct immediate impact on UK plc.
Apart from one section, where the government said it would ‘work with internet service providers (ISPs) to create a new voluntary code of conduct' that will ‘help people identify if their computers have been compromised and what they can do about it'.
As the first and only point of call for connectivity, the ISP is a good place to start for guidance to consumers; after all, is the end-user going to start calling the Paymaster General for advice on how to get rid of a virus? Then again, is the ISP in a position to be able to advise an end-user on security issues, thereby lending no benefit to the ongoing ‘need for education'?
One recent instance of an ISP helping its users with online security was when Virgin Media wrote to around 1,500 customers, warning them that they had been infected with the SpyEye Trojan. It offered advice on how to clean their computers after they were found to be part of a botnet by the Serious Organised Crime Agency (SOCA).
I asked Virgin Media what it felt about the new proposals for ISPs; a spokesperson said it takes a proactive stance against malware, providing all its customers with free security software, as well as support and guidance on how to stay safe online.
"Virgin Media has an active partnership with leading security organisations such as SOCA, to help advise customers of particularly nasty malware infections and how to resolve them. We look forward to working with the Cabinet Office and industry more broadly to share our learnings and experience in this area to help create a safer environment for consumers across the UK,” the spokesperson said.
I asked Ross Parsell, director of cyber strategy at Thales, if he felt that this focus on the ‘middleman' will help users. He said: “The strategy does call for industry to draw on its own factors, and the outline from Virgin is a good example, but it needs to be endorsed by government – but they are shying away from setting a standard. It needs to be recognised and entered into something to abide by.”
Rik Ferguson, director of security research and communication EMEA at Trend Micro, said it was "heartening" to see that there will be a review of legislation.
He said: “Security companies have been saying for some time now that ISPs have a greater role to play in informing and assisting their customers who have fallen victim to cyber crime, and this report promises to explore that capability although without a concrete timeline.”
Most would say that any efforts for user education should be welcomed, and starting with the ISP, which can help users, is positive. How long this takes to begin and whether all play ball will be the next challenges.