Brit infosec firms urge PM Boris to reform the Computer Misuse Act
A group of British infosec companies has written to UK prime minister Boris Johnson asking him to reform the Computer Misuse Act 1990, saying the act "has failed to keep pace with technological and market developments, inadvertently prohibiting a large component of contemporary threat intelligence research."
The companies, comprising NCC Group, Orpheus Cyber, Context Information Security and Nettitude, urged the winner of the Conservative Party's recent internal leadership contest to bring about "legislative reform to bring cybercrime legislation in step with other regimes".
Key among the companies' demands for reform is the introduction of "statutory defences that apply to accredited professionals who act ethically, in the public interest, to detect and prevent criminal activity."
The letter came after The Register revealed in May this year that while 90 per cent of hacking prosecutions last year were successful, the odds of a prison sentence were very low.
The letter said, in part:
"Legislation currently forces cybersecurity specialists to act with one hand tied behind their backs. Reforming the Computer Misuse Act would enable us to learn more about an attacker’s tactics and identify additional victims, addressing current barriers that often halt our defence investigations so as not to break the law. More modern legislation exists in other jurisdictions - countries which we actively compete within the global cybersecurity market. Failure to modernise our laws risks the increasing demand for cybersecurity services being met outside the UK."
Its signatories, all C-suite execs from the named firms, added: "We believe removing current legislative restraints, and offering certainty to the industry, would significantly unlock the growth of the UK cyber threat intelligence sector, while allowing the industry to better support law enforcement and intelligence agencies."
Researchers have long complained that the Computer Misuse Act (CMA) inhibits research because of broad wording that does not make it completely clear what is and what is not illegal in the fast-moving world of infosec. While no statute could be exhaustively prescriptive about what can and cannot be done, the companies say that the time is ripe to give protection to bona fide researchers.
Ollie Whitehouse, global chief technical officer at NCC Group, said in a statement to The Register: "We're proud to be the driving force behind the necessary reform to the Computer Misuse Act (CMA) – an essential but outdated legislation, which currently restricts many industry specialists like ourselves from carrying out crucial threat intelligence work. Cybersecurity is a global issue, so it’s vital that the UK is able to compete on a level playing field with our international colleagues.”
The act was last amended five years ago, causing some severe worries.
Industry: Cyber Security
- Security infrastructure Engineer - Firewall | IDS | NAC | Cloud. Exclusive project, £75,000+
- United Kingdom
Security infrastructure Engineer - Firewall | IDS | NAC | Cloud. Exclusive project DCL Search exclusive Identifier Project. To join a financial services business. Key hire to be part of / influence the cyber security capability and direction within the business. Hands on experience managing / monitoring / upgrading / implementing / using the following; · Firewalls: SonicWall and or Palo Alto · NAC: Cisco OR Macmon · WAF | CASB | MDM Experience with SIEM monitoring / vulnerability analysis also highly desirable. MUST have current hands on experience with vulnerability management tooling and best practice. Current Financial services is a nice to have. Learn new skills working within a collaborative team. Grow as a security professional.
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.