Security News
Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.
Optionis, the group that includes umbrella and accountancy companies providing services to tech contractors, has confirmed that following last month's digital break-in customer data is being leaked online. Parent Optionis Group later said that divisions SJD Accountancy and Nixon Williams were also hit.
The shadow foreign secretary for UK's opposition Labour party, David Lammy MP, has asked why the reform of the Computer Misuse Act appears to have stalled in an open letter to government. The letter, published on the Labour Party website, takes the ruling Conservative Party's ministers to task over a range of what Labour sees as a failure to act on various Russia-linked topics.
Even think tanks with close links to the UK's Conservative government are now criticising the Online Safety Bill, with the Institute of Economic Affairs describing it today as "a significant threat to freedom of speech, privacy and innovation." The IEA, which tends to side with free-market conservatives, said today that the controversial legislation needs an independent reviewer to prevent it causing harms to people using the internet in Britain.
The UK's National Cyber Security Centre is urging organizations to bolster security and prepare for a potential wave of destructive cyberattacks after recent breaches of Ukrainian entities. The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyberattacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.
Britain's controversial Online Safety Bill will leave Britons more exposed to internet harms than ever before, the Internet Society has said, while data from other countries suggests surveillance mostly isn't used to target child abusers online, despite this being a key cited rationale of linked measures. Government efforts to depict end-to-end encryption as a harm that needs to be designed out of the internet as it exists today will result in "Fraud and online harm" increasing, the Internet Society said this week.
The snappily titled Government Cyber Security Strategy, wheeled out yesterday, will set UK domestic cybersecurity strategy for the next eight years. "The UK's legitimacy and authority as a cyber power is however dependent upon its domestic cyber resilience, the cornerstone of which is government and the public sector organisations that deliver the functions and services which maintain and promote the UK's economy and society," said the strategy, authored by the Cabinet Office.
The United Kingdom's National Cyber Security Centre, the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks. The scripts, authored by i100 partners or security experts who want to share their scripts with the community, will be published on GitHub through a new project named Scanning Made Easy.
Frustrated at lack of activity from the "Standard setting" UK Cyber Security Council, the government wants to pass new laws making it into the statutory regulator of the UK infosec trade. Government plans, quietly announced in a consultation document issued last week, include a formal register of infosec practitioners - meaning security specialists could be struck off or barred from working if they don't meet "Competence and ethical requirements."
The United Kingdom and Australia have signed a Cyber and Critical Technology Partnership that will, among other things, transport criminals to a harsh penal regime on the other side of the world. What we do know is that the two nations have pledged to "Increase deterrence by raising the costs for hostile state activity in cyberspace - including through strategic co-ordination of our cyber sanctions regimes." That's code for both nations adopting the same deterrents and punishments for online malfeasance so that malfeasants can't shop jurisdictions to find more lenient penalties.