This week the Home Office announced the creation of the new Police Central e-crime Unit (PCeU). The PCeU promises to tackle cyber crime and clamp down on internet fraud, and will provide ‘specialist officer training and co-ordinate cross-force initiatives to crack down on on-line offences.’

This is to be applauded, particularly given the nature and scope of the problem. Today e-crime is alive and kicking; tomorrow it will be an even greater threat as commercial, business and personal transactions increasingly go virtual.

Just today, for example, The Guardian reported that losses from online banking fraud have tripled, tallying up to £21.4m in the first half of 2008 alone. The private sector is not exempt from cyber crime either; one must only consider the incident with T K Maxx last year, where data thieves extracted the records of over 45 million credit cards.

The government has had e-crime on their radar for quite some time – as the Metropolitan Police Computer Crime Unit attests to – but until now it has lacked a coordinated strategy for dealing with these issues.

It should be the role of the PCeU to provide such a strategy, though needless to say this is a tall order. Not only must it develop a cutting edge investigative capability, but also work together with 42 police forces across the country, which is easier said than done.

Both of these challenges are reminiscent of crime fighting in the good old days when things were more black and white. The ‘e’ in front of crime can be confusing, sometimes introducing an artificial distinction between electronic crime and crime ‘in the real world’. E-Crime is in fact very real, so the title merely refers to how and where it takes place. The web may be the new battleground, but we're still fighting the same old crimes.

By Sebastian Fox, Programme Executive

It’s over for another year - the floors have been swept clean, the banners have been taken down and the last staff member has been persuaded out of the bar. Intellect’s second Security & Resilience conference took place on Monday in Kensington, and like last year we had a lively day discussing terrorism, flooding, flu, and other threats and hazards. The landscape has evolved, but fundamentally the UK is still very vulnerable to a range of manmade and natural risks, and the technology industry is a key stakeholder in helping build up our prevention and response ability.

The big change from last year was that during yesterday’s morning session, our chairs Clive Richardson and Steve Kingan launched our new Security & Resilience outputs – a market map of customers in the sector, an industry map of companies’ capability, and a wiki for the sector called ‘Securipedia'.Steve and Clive also presented our new position paper, called ‘The Jewel in the Crown’ which calls for a national information architecture so that the UK can have a more joined up security & resilience community. These outputs have been a big part of the group’s work over the last year, and it was great for the programme, and all our members who contributed, to see them published.

The conference was held under Chatham House rules, but we kept track of a few highlights through the day to give a flavour of the event in a ‘live blog’ sort of way:

09.40: John Higgins, Intellect’s Director General, opens the conference using the infamous Hadron Collider as a metaphor for Intellect’s role, trying to make the flow of ideas from industry and Government meet in the middle. Our Defence & Security chair, Clive Richardson, echoes this in his opening address and says he hopes this conference and the paper mark a big turning point in the industry-Government relationship.

10.23: Steve Kingan, chair of Intellect’s Security & Resilience group, introduces the maps  and Securipedia, thanking the members who’ve worked so hard on them, and has barely paused for breath before talking about the next phase of work..(Intellect staff start cancelling holiday plans). In the panel session which follows, members bring in some international examples which support our ‘Jewel Architecture’  strategy.

12.05: One of the most interesting parts of days like this is hearing new statistics. During a session on resilience the panel discusses problems like coastal flooding. The sheer number of people likely to be evacuated (and the length of time before they can return home) in this kind of scenario is always mind-blowing. The stat that will stick in the mind, though, is related to the national fire strike in 2002, when over 19,000 armed forces personnel were called in to keep the fire service running.  One of our MoD speakers delivers the first animal metaphor of the day with a good icebreaking joke about bunnies and smoking.

14.14: Security & Resilience group Vice Chair, Jim Sibbald, uses the first lines of his address to poke fun at me - I should never have sat near the front. Once the laughter has died down, Jim gives a characteristically thoughtful presentation on the fragmented geographical information area, offering a good practical view on some of the generic information sharing issues the conference has been considering.

15.05: Discussions with our panel on security for the 2012 Olympics have become quite lengthy, and its clear there’s a passion in the room for industry to play its part.

15.15: Conversation continues into the afternoon coffee break, and despite the allure of some excellent scones, delegates are still going over some of the discussion points on protecting national infrastructure in 2012. Some interesting stuff also emerges about how different local authorities are approaching their bit of the games.

15.57: I’m the butt of jokes again, and animal gags appear to be the order of the day. Andrew Fitzmaurice is using a joke about moose hunting to illustrate a point about information assurance, and somehow I’ve been made a character in this tale. Andrew does at least spread the humour around, with a very funny visual gag involving Brad Pitt’s role in the siege of Troy.

16.10: In an unpredictable turn, the panel session on cyber warfare is debating an interesting proposition – whether the lack of recognised global information standards for security equals market failure. The conference isn’t trying to rewrite the modern laws of economics, but drawing on themes from the current financial services debate, members are pushing the envelope in considering whether the sort of market pressures which created a VHS standard, for example, can apply in an area where failure isn’t an option.

17.05: The references are coming thick and fast now. During a discussion on the impact of the sort of architecture Intellect is proposing, Les Gregory from sponsors BAE Systems raises the question of whether Walter Raleigh could have foreseen the effects of introducing tobacco, whether Henry Ford could have understood how the car could change society, and whether Tim Berners-Lee expected the internet he helped build to fundamentally alter our way of living. Heady stuff, and along with the briefings earlier in the day it helps to focus the mind on how contemporary action could shape national security for a generation or more.

17.40: Angela Singh from the Home Office is very complimentary about the leadership role our DG, John Higgins, is playing on behalf of industry. John isn’t quite blushing, but it’s close!

21.10: Over dinner, Gordon Corera from the BBC is involved in a fairly animated discussion with members about the role of the press in security. Over the course of today there’s been a lot of agreement about the centrality of “information” in both the hearts and minds campaign abroad and preventing radicalisation at home, and there’s some back and forth going on about whether the media is a player in the information war, or part of the playing field.

22.00: Coffee and sweets are long since finished, but the chairs are still full of industry and guests discussing the issues raised today. These are serious times in security & resilience, and its clear that the debates which take place in our industry are part of a wider tapestry, and will continue on - which means we’ll be back in a year’s time to see what’s changed.

By Joel Grundy, Programme Manager

‘Machines to scan faces of travellers at UK airports’ read the title of Chris Hope’s article on Stansted and Manchester airports’ facial recognition trials in the Telegraph on Tuesday. Uncertain of whether to relate this to border security or the eagerly awaited Terminator film starring Christian Bale, I read on with renewed vigour.

Thus it emerged that the Government has launched a new biometric trial designed to tighten security and speed up passenger traffic through immigration. The project is part of the UK Border Agency’s long term strategy ‘for ensuring the UK continues to have one of the most secure borders in the world.’ Providing all goes to plan, this can only be a good thing.

Yet the trial has come under intense scrutiny, primarily for using what critics regard as an ‘unproven technology.’ In 2001 Super Bowl officials deployed facial recognition technology to try and match faces of the crowd with those of sought-after suspects. It all resulted in a spectacular failure, with the system identifying more than a dozen potential matches, all of which turned out to be false. Deploying the same technology in airports could be catastrophic, critics say, and will result in security breaches putting the public at risk.

While this appears to be a knockdown argument, perception differs from reality. There are two reasons why the Government’s facial recognition trial is worth undertaking. Firstly, the system involves ‘one-to-one’ rather than ‘one-to-many’ verification. Unlike the Super Bowl scenario, the person’s facial characteristics are matched against their passport photo alone, not a watch-list of wanted criminals. Secondly and on a related point, ‘one-to-one’ facial recognition is in fact a proven technology. Faro airport in Portugal, for example, has been using it successfully for over a year now, enabling holders of British biometric passports to skip the queues and make it though immigration in about 20 seconds.

Surely that is why a trial can only be a good thing. As biometric technologies become a more prominent feature of border control, it will be important to take them through the rigorous testing procedures that ensure success in the long run. I for one am excited by the prospect of a speedy return through border security after a long and tiring journey. Biometric technology is improving all the time, and with this so will security and ease of passage at our borders.

By Sebastian Fox, Programme Executive.

The UN on Friday rapped the UK Government for creating security laws that erode the basic human rights of liberty and freedom of speech. In the UN’s view, the Government has embraced technology to try and protect national security, but in the process has restricted personal liberty.

How to retain individual freedoms whilst protecting national security is a problem the UK – and many other countries - have been agonising over for a while now. The attacks on London's transport system in July 2005 and at Glasgow airport in July 2007 instilled fear into the daily lives of thousands of ordinary British people. Government responded to the changed national security context with the publication of the UK's first National Security Strategy and the amendment of various laws - including the contentious introduction of powers to hold terror suspects without charge for extended periods of time, and the introduction of a grand database to hold details of citizens’ emails and phone calls.

In July, Gordon Brown delivered a speech on liberty and security calling for the use of modern methods and technologies to effectively counter threats to national security. True, globalisation through the unprecedented advancement of technological change has enriched the lives of many people across the world. Conversely, technology has also increased the reach of people bent on waging a war on the west. Extremist groups, through modern means of communication and transport, are now spread across international borders.

This is the age of the internet, where almost anyone can have their 15MBs of fame. The internet has projected the voices of millions of people - some have harmful intent, but most of us just want to keep in touch with friends and express our views on our rich culture.

The Government must be more savvy in its use of technology to protect national security if it is to counter its critics. Technology can be used to detect weapons and bombs at airports, counter cyber attacks and identify international crime rings - there should be no need to restrict the voices of individuals in the process.

By Rachel Wrathall, Defence and Security Programme Executive

The Prime Minister addressed industry and stakeholders at the IPPR this week with a speech on balancing security and liberty. His focus on the need for modern, interoperable solutions to constantly changing modern threats was warmly welcomed by industry. Intellect’s members believe that whilst globalisation and the proliferation of information, communications and digital technology have been a boon for the UK, they have also created new dependencies and vulnerabilities which must be addressed.

Instantaneous communications and information technologies underpin our economy’s ability to generate wealth in sectors like financial services, and make possible the sharing of inconceivable amounts of information on almost any subject via the internet. Once again, however, this progress comes at a cost – that of a minority who use it for subversion, radicalisation and to commit crime. The globalised nature of contemporary organised crime and terrorism is a grisly monument to the all-pervasive nature of our industry’s capabilities.

Nor has technology’s impact been merely to extend the reach of existing threats – it has also created whole new arenas for conflict. Cyber warfare is a relatively new phenomena in its modern form, made possible by the widespread adoption of high speed internet infrastructure. Critical national skeletons of power, water and healthcare utilities are increasingly reliant on massive networks of ICT, which are now susceptible to cyber attack – whether from shady terrorist groups or more traditional state foes.

Computing readers will recall the widespread power failure that hit New York and dozens of other major cities in Eastern US States in 2003. A leading American policy journal recently suggested that the outages originated in overenthusiastic hacking by Chinese Government agents. UK policymakers are alive to these new theatres of war – the Ministry of Defence is to dedicate increased time and resources to the combat of cyber warfare .

The picture, as Gordon Brown pointed out, isn’t all doom and gloom. Technology has created and influenced threats to national security, but it also makes fighting and resolving them more effective and more efficient. Criminal detection at all levels has benefited from the use of CCTV and DNA technology, and the ability to follow criminals’ electronic and digital trail as easily as Poirot followed footprints by the conservatory. Early warning systems for natural disasters and improved communication systems for response coordination mean that in the face of natural disaster, responders are better linked and better informed than ever before. 

Technology has changed our economy, altered our civil society and as we are now seeing is changing our security. The UK isn’t alone in recognising it – this week the French publicised a long awaited strategic review of Defence & Security , whose themes of international interdependence and the prioritisation of information and intelligence are encouragingly familiar to those who’ve been following this debate in the UK. Western security strategies are starting to agree on common challenges, and industry will play a major role in helping to implement the sort of flexible, coordinated and cohesive responses needed to face them.

By Joel Grundy, Defence and Security Programme Manager

Alas. Once again, we are invited to mourn the loss of hundreds of thousands of peoples'  personal data. The culprit? HSBC. The ramifications? Unknown.

Given the data losses of recent months – each with essentially unquantifiable yet potentially grave consequences (financial and identity fraud spring to mind) – is it really too much to insist on the proper, safe and secure handling of data?

This catalogue of errors makes two things especially clear. Firstly, that information is crucial to the operation of society and our everyday lives. Secondly, that information, despite this impact, continues to be both undervalued and underrated in comparison to the conventional triad of people, property and pounds. In other words, government, industry and the wider public have still to learn to regard information as precious rather than to treat it as a trivial commodity.

In this sense, recent developments should not be interpreted as a refutation of technology as much as the need to better align people, processes and technology on the organisational level. In practice, it simply cannot be allowed for organisations to transfer masses of data without taking the necessary precautions.

In order to effect organisational change, responsibility must be the key word. It is the responsibility of management to educate its staff around the handling and use of personal data and to ensure that appropriate rules, regulations and guidelines are put in place. These steps will be essential if technology is to be used effectively and to the benefit of the consumer.

Sebastian Fox - Programme Executive

Almost nine months after the prime minister first announced the creation of a National Security strategy and a National Security Council, the government has taken the wraps off what amounts to a detailed assessment of the threats and hazards facing the UK.

This is an important first step, as one of the trickiest parts of this type of work is the need to have a clear understanding of what you’re trying to fight – thus far the UK public’s perception of national security is that it’s something of a mix between counter-terrorism and an excuse to rummage through your bins.

Today’s media fanfare is therefore useful in improving people’s understanding that in a globalised world, security is more than the metal detector at the airport. The many successes of Britain’s first-rate security community are based on good intelligence, effectively used, and strong links across government, criminal justice, defence and our international allies. Likewise the protection and resilience of our critical infrastructure (utilities, telecoms, health and transport) depends on a wide group of people working in concert – from MI5 to fire brigades to BT to the Army to industry.

All of these threats are brought into sharp focus by the forthcoming London Olympics, which for a variety of reasons present a tempting target for terrorism, as well a substantial infrastructure and resilience challenge. The teams running the security of the Olympics have been engaging with industry well ahead of the event to try and bring the most effective programme management and technology into their planning.

Appropriately, the Olympics team is racing ahead of the competition in establishing strategic relationships with all its different partners. In the new interdependent era the government has described, this kind of mature engagement is the way forward if ministers and officials want to access the innovation, expertise and skills of UK industry.

Ultimately, the security strategy (subtitled “Security in an interdependent world”) is the latest in a slew of similar “threat analysis” papers from think tanks, academics and indeed from industry. However the fact that it has been published at all is commendable and represents a welcome commitment to addressing the modern form of threats and hazards.

What’s important is that the government now follows through. Without effective implementation at a practical level, the good intentions and political vision behind the strategy will make little impact on the ground, and without a strong partnership with industry government will struggle to deliver the solutions which make much of our response possible.

The PM has today told us what he thinks about security. Now it’s time for us to step up and let government know what we think.

The newshounds who make up Computing’s readership will have noticed that there’s a debate about defence funding going on at a fairly high volume. A perfect storm has been generated in defence, where a combination of wartime commitments, wear and tear, and the need to modernize defence capability has led to the most pressured budget round in a generation.

Publicly, this is increasingly starting to look like a bunfight between the Ministry of Defence and everyone’s favourite villain, the Treasury. In the red corner is the Treasury, who delivered a worse than inflation budget settlement for defence as part of efforts to keep public spending down.
In the blue corner there’s the Ministry of Defence, which is facing an ill-timed and emotionally resonant mismatch of workload and resources. Timing is playing a part – the current budget crunch comes at a critical time in the MoD’s attempts to replace Cold War kit and use more technology to support troops.

In a timely illustration of what Defence chiefs are trying to achieve, in the last couple of days millions of British viewers have watched coverage of Prince Harry deployed in Afghanistan. The footage following his day to day work has shown how he has used advanced information and communications technology to co-ordinate the actions of troops, UAVs, fighter jets and special forces.

The latest round of Army recruitment adverts are also being aired, and show how even the most fundamental aspects of the military’s work are being revolutionized by the use of technology. In the most recent, an Army foot patrol in unfamiliar territory is kept safe by a robot spy plane, which lets the base keep an eye out for potential explosive devices left in the troops’ path.

The recruiting ad makes great play out of the fact that this plane is being piloted from the base by a young looking guy with an Xbox controller, and in reality it is an excellent way of illustrating how pervasive all sorts of technology is becoming in defence. The benefits from using technology developed for sectors like gaming may be substantial, and as the MoD continues to open the market to new and smaller companies there’s every potential that more of this kind of truly game-changing innovation will be able to be brought into service.

Unfortunately, this isn’t an easy time to be trying to change the way things are done. Under the political spotlight, with two ongoing campaigns, the need to protect troops in theatre and huge amounts of wear and tear, the MoD is having to bend over backwards to keep funding and efforts for the modernization progress going. Ironically, in the long run the implementation of better technology will generate the efficiencies which will help lower costs and reduce pressures on the budget – delivering more for less.

Intellect is working to support these efforts, and like everyone else in the defence community we believe the MoD’s first priority is to protect troops. Clearly, the adoption of cutting edge military tech is now going a long way towards keeping soldiers, sailors, and airmen safe and helping them do their jobs. Given, though, that it doesn't look like there's any more help coming from the red corner, it looks as though the blues will be struggling to get back on their feet for a while yet.

By Joel Grundy, Programme Manager

This may be an unusual way to start an article, but put your hands in your pockets and pull out the contents. What do you have?  Some loose change, your house keys, a wallet or purse, probably a mobile phone or some sort of handheld device. If you live in London you’re very likely to have the small plastic card that is the Oyster: the smartcard which makes buying and using transport tickets easier.

That’s quite a lot to be carrying around, a fact acknowledged by mobile phone manufacturers who are looking to lighten the load by embedding the Oyster swipe card used by London commuters into a mobile phone, with a trial set to start at the beginning of next year.

This is part of a wider strategy from phone manufacturers to move away from only pushing entertainment functions onto phones (think music, ring tones, games and some video content) to offering more practical functionality on their devices. In this case, transport, but also banking. The Economist recently announced ‘The death of cash’ and there have been calls to abandon coppers in both the US and the UK as detractors say the coin is obsolete and costs more to make than it's worth.

To this end the Oyster money scheme has already included credit card functionality that facilitates small purchases in around 1,000 shops and cafes - mainly in the City of London and at Canary Wharf. In these shops customers can use their phones to make payments of up to £10. On top of this a number of high street banks are allowing customers to check bank balances and top up mobile phone accounts on their handsets.

M-commerce, as it is known, has not been as rapidly adopted in the UK as in the Far East where there is a very mature market, or even in Africa where mobile banking is revolutionising transactions and the transference of cash in the shape of small loans and payments. This is helping to promote growth on a continent where infrastructure provides a number of barriers to the flow of resources and money. 

So then, from lugging around a ramshackle collection of coins and cards in your pocket, the perfect converged handset could consolidate all your consumer needs into one place. UK citizens are slowly growing accustomed to cash less payment; witness the dominance of chip-and-PIN, and swipe as methods of payment. One device for all your transport, banking and communication needs. What’s not to like?

Although there are security implications associated with losing your single device, just like when you lose your handbag, as is technologies wont, this potential problem will only provoke a solution. Disposable or destroyable data cards can’t be far away as well as more sophisticated ways of locking or tracking lost devices.  Handset manufacturers are realising that entertainment systems aren’t the only additional features people are interested in using on their phones. By integrating these very practical functions on to a phone, they will also attract a different market share. Where will convergence take us next?

The weekend was spent wading through the 100-plus pages of the House of Lords Science and Technology Committee's report on internet security that was published on Friday. No one would deny that this is an important issue and one that merits more open discussion. 

The report is right in calling for greater collaboration and agreement across government and industry. The development of a centralised unit to examine and establish methods of handling reported e-crime would also certainly help and we are working with stakeholders to investigate the implications of a security breach notification law and what role it could play in this complex issue. So far, so good.

However, while a solid security principle needs to be at the heart of all products, the committee’s recommendation to place sole liability for security breaches on technology companies seems unworkable for a range of reasons. Importantly, it could lead to the closure of smaller software companies and will discourage companies to innovate in fear of legal action. This would result in the UK losing competitive advantage and a reduction in the number of UK companies working in this growing market. There do need to be standards that vendors work towards but these need to be globally recognised rather than from country to country. 

Something that the Lords didn't point out is the fact that the issue isn't just around data security passed over the internet but also how data is stored, transferred and disposed of. Companies who hold data on customers must make sure their data processes are secure and that all handling and disposing is done securely and efficiently. As this is an issue of customer trust and confidence, security incidences, however few there are, only add to the increasing fear of individuals about their identity.

Cases of data being thrown in bins or lost on insecure laptops are not the fault of the system they are held on but of bad company practices and of employees not being educated sufficiently. Unless staff are educated appropriately these situations will continue even if companies are fined heavily or sanctions imposed.

Standards should be in place, but to expect vendors of software or hardware to hold sole responsibility of securing this information is unrealistic and some responsibility must be taken by the individual to protect their businesses or their private information. We don't buy a car and then expect the manufacturer to pay up when it gets broken into.