Sunderland Software City

On Safer Internet Day, Software City's David Dunn blogs about the recent Parliamentary report into Cybercrime, which hints at possibly profound implications for the software industry.

I was at home on Saturday afternoon when the phone rang.

“Hello, I am with your broadband provider”

“Really? Who is my broadband provider?”

“I am your broadband provider”

“Yes, but who do you work for? Surely you know? Are you with Virgin?”

“Yes…I am with Virgin”

“That’s odd, because I’m not”

Click brr…..

I know the score. You ask for my email address, you send me a link to “check my connection is working”. What happens when I click on that link if very bad for me indeed. No-one is going to fall for that, right?

That evening I mentioned the incident to my friends and was amazed to hear how many of them would have innocently fallen for the same con. Are we in the computing industry guilty of assuming our knowledge of online safety to be indicative of wider trends?

This is the thrust of last week’s report into Malware and Cybercrime by the House of Commons Science and Technology Committee, which you can read here.

Despite the high media prominence of what the report calls “large scale attacks on companies or government agencies which could constitute a threat to national security”, the  report correctly notes that majority of cyber crime(and the biggest risk thereof) remains the “less dramatic” household kind caused by “casual infections and unfortunate happenstance”, an issue only going to increase in importance both for a government planning for service delivery which is “digital by default”  and more generally as more and more of the UK’s economic activity moves online.

The committee believes the best defence against online crime is “more knowledgeable computer users”, calling for the government to undertake a “prolonged awareness raising campaign” to “increase public understanding of personal online security”. 

This doesn’t mean than we in the industry don’t all have a role to play in this, and Sunderland Software City certainly plans to factor more online safety education into our future community engagement activities.

There are however, some more profound implications for our industry that the report hints at, which I will leave in the committee’s own words:

“It would be possible to impose statutory standards on software sold within the EU similar to those imposed on vehicle manufacturers, but we would prefer a solution based on self-regulation.

“However, the industry must demonstrate that any proposed solution would be an effective way forward and that voluntary commitments would provide sufficient incentive for the industry to improve security in a fast-moving competitive marketplace.

“In the event that the industry cannot demonstrate an effective self-regulatory model, we recommend the government investigate the potential for imposing statutory standards”.

I’m not personally of the view that regulation is necessarily something to be feared - it’s possible that the right sort of regulation can even improve businesses by challenging them to meet the highest standards.

On the other hand, our industry’s key strengths are being fast-moving, responsive and inventive, and few of us would ever argue that the one thing our industry needs more paperwork. 

If we want our to ensure our industry remains free of these kind of obligations, we must be aware that they may be on the horizon, and we need to rise to the challenge Parliament is setting us.

It’s in our hands to ensure that our industry remains in our hands.