INSIGHTS: STAKEHOLDER ENGAGEMENT
Leading reform through stakeholder engagement
Katharina Sommer Head of Public Affairs
Our public affairs function is focused on creating a conducive political and regulatory operating environment to improve cyber security policies, so they materially improve the cyber resilience for our customers and broader society (see pages 50 to 52 for more on stakeholder engagement). Nowhere is this demonstrated better than in our continued efforts to reform the UK’s Computer Misuse Act 1990, to enable cyber security professionals to undertake this critical work without fear of prosecution and unleash their full potential in making the world safer and more secure. As founding members of the CyberUp Campaign 1 , we brought together peers from across the cyber security industry alongside trade associations, incubators, academics and parliamentarians, all of whom believe that UK cyber crime laws should not inadvertently criminalise the very same people seeking to keep the nation safe and secure. This campaign approach paid off, when, in May 2020, UK Home Secretary, the Rt Hon Priti Patel MP, announced that “now is the right time to undertake a formal review of the Computer Misuse Act” 2 and launched a call for information to assess if the law remained fit for use following the technological advances since its introduction in 1990 3 .
The campaign, driven by an evidence-based, pragmatic approach, considers the operational realities of cyber resilience in modern day society. The security of the internet and our digital world is strengthened by the work undertaken by security and threat intelligence researchers who help us identify and fix weaknesses, to stay one step ahead of our adversaries. Our vulnerability assessments of smart doorbells, for example, demonstrated attackers would be able remotely to control some devices, further highlighting the importance of good security practices in developing Internet of Things (IoT) products, and our research into a cyber threat group showed its preference for abusing cloud services in its operations, enabling us to help organisations improve their detection of and protection against future attacks. We will continue working with all our key stakeholders to create a reformed law that adequately protects security and threat intelligence researchers.