Cyber security has never been more important than it is today. As digital technology continues to advance apace and COVID-19 has prevented normal in-person interaction, almost everything in our personal and working lives has become digital. The CyberUp campaign highlights the way current legislation inhibits rather than promotes the important work of cyber security.
As our own digital skills become more advanced, so have those of cyber criminals, who now have greater access and opportunities to capture private information and disrupt our lives than ever before. Increasingly sophisticated cybercrime has led to a significant rise in the number of major cyber-attacks against British companies and institutions. The work of cyber security professionals, those who use their skills for good by defending against cyber crime, is ever more important in, as the Department for Digital, Culture, Media and Sport’s Ten Tech Priorities put it, “keeping the UK safe and secure online”.
Despite the crucial work that British cyber professionals undertake, they continue to be held back by an archaic piece of legislation. Not very many people will know that the Computer Misuse Act (CMA) is the foundation of UK cyber crime legislation. And even fewer people will be aware that it prevents cyber security researchers from carrying out so much of the vital vulnerability and threat intelligence research that, if undertaken, would contribute fully and significantly to our cyber resilience.
The Computer Misuse Act was created in 1990, when only 0.5% of the UK population had internet access. At the time, it was a landmark piece of legislation; 30 years later, it is in desperate need of reform. Its provisions to criminalise unauthorised access to computer systems, without any means to consider individuals’ motives, or recognise circumstances where such access might be deemed legitimate, effectively criminalise a large proportion of innovative cyber security and threat intelligence research and investigation by UK cyber security professionals. This runs completely counter to the Government’s stated policy objective to promote a public-private partnership approach to combatting cyber crime.
UK cyber security companies, which are contracted by many organisations that make up the UK’s critical national infrastructure, are hindered in their ability to guard against evolving cyber threats. And parts of the UK’s critical national infrastructure do turn elsewhere, to overseas competitors, to provide the safeguards that UK firms legally cannot. Aside from being a ludicrous situation to be in, this clearly has a sizeable economic impact on UK PLC writ large. It also has an especially pernicious impact on the development of the UK’s cyber industry – one of the industry sectors we are looking to grow as we chart a new path for ourselves outside the European Union.
It is for these reasons that I am a very proud supporter of the CyberUp Campaign, which is pushing for reform of the outdated Computer Misuse Act.
Last year the CyberUp Campaign released a report which analysed the views of the wider cyber security community in the UK on this issue of the CMA. It found that 91 per cent of businesses believed that the Act puts UK-based cyber security consultancies at a competitive disadvantage and that reform would bring significant productivity improvements, growth and resilience benefits. This simply isn’t good enough. Britain should be leading the world when it comes to cyber, but with laws like the CMA still on the statute books, we risk being left in other countries’ wake on this issue.
The opportunity presented by reform is immense. A better legislative framework would not only make us all safer and more secure, but also put the rocket boosters underneath our already successful cyber security sector. The CyberUp Campaign estimate that a reformed CMA could bring in more than £1.6 billion in additional revenue, and lead to 6,400 jobs being added. These would be high skilled, well paid jobs, and would attract talent from around the world to the UK, allowing us to truly become an international hub for cyber resilience and skills.
I look forward to continuing to work with the CyberUp Campaign in the future and supporting their efforts for reform.
Now, more than ever before, Britain must be bold and believe in herself, to become the global cyber power we want to be.
Find out more about the report and the Campaign more generally here.