Security News

The UK's Government Reviewer of Terrorism Laws is again advising the removal of legal safeguards around a controversial law that allows people to be jailed if they refuse police demands for forced decryption of their devices. In what appears to be a recurring theme, Jonathan Hall QC said police should be able to threaten people arrested under terror laws with five years in prison if they don't hand over passwords on demand.

In a change from its recent bombastic blather, the British government has published a new Defence Industrial Strategy that looks like it wants to put the infosec industry on a gold-plated pedestal. "Government also needs to provide complementary support to industry and ensure that the public sector can access the right skills to remain an intelligent customer," said the Defence and Security Industrial Strategy whitepaper published this week.

Britain's National Cyber Security Centre has urged universities, schools, and colleges to be vigilant following an increase in ransomware attacks targeting educational institutions. The University of the Highlands and Islands was also struck earlier this month, leading the institution to shut down its campuses while beleaguered IT staff fought off the ransomware.

Britain plans to cut the size of its army and boost spending on drones, robots and a new "Cyber force" under defense plans announced by the government on Monday. Defense Secretary Ben Wallace said the British Army would shrink from 76,500 soldiers to 72,500 by 2025.

CentralNic has been awarded a significant project by Jisc. The project is to supply and support registry management software to underpin the domain name infrastructure of some of the UK's most critical domain extensions, including.

The Ministry of Defence has ordered its contractors not to answer certain questions on the UK's once-in-a-decade census - despite threats of £1,000 fines being handed to people who don't complete the national survey. The Ministry of Defence has taken a curious line against the census, urging defence personnel and contractors to give incomplete answers to four questions - and to ignore one altogether.

A Conservative peer has joined calls to reform the Computer Misuse Act days after the government declared that infosec and "Cyber power" are the key to British foreign and industrial policy for the 2020s. Lord Holmes of Richmond told The Register he wants to support British infosec companies, which he said were "Held back for want of a few strokes of the legislative pen" in reforming the CMA. "Over the next few weeks, I intend to be having conversations and meetings, both with colleagues, and indeed, with Home Office ministers to really understand what the level ground that we're all standing on is, where their issues are, and how we can work together to move this forward," said the House of Lords backbencher.

In terms of "Things that will flow from this" the Integrated Review mentioned only the National Cyber Security Centre and the nascent National Cyber Force, both already in existence. Under the heading "Responsible, democratic cyber power" the government promised to "Use cyber capabilities to influence events in the real world," including more use of "Offensive cyber" - and, eye-catchingly for the UK infosec sector, UK.gov plans to build "An advantage in critical cyber technologies."

An alert issued on Tuesday by the FBI warns about an increase in PYSA ransomware attacks on education institutions in the United States and the United Kingdom. According to the FBI, PYSA attacks have been launched by "Unidentified cyber actors" against higher education, K-12 schools and seminaries in a dozen U.S. states, as well as the U.K. The threat actors behind PYSA attacks are known to encrypt data on compromised systems, but they also steal information from victims and threaten to leak it in an effort to increase their chances of getting paid.

A former asylum seeker with a postgraduate degree in cybersecurity who alleged his bosses were spying on him for MI5 has lost his attempt to claim he was racially discriminated against. The anonymous man, who worked for an unnamed company that set up a UK cyber range in mid-2019, told the Employment Tribunal that he had quit after being subjected to racial harassment at work - but judges overruled all of his legal claims.