Whitehall has started work on its £12m IT security knowledge transfer network (KTN).
Funded by the Department of Trade and Industry (DTI) and launched at the London Stock Exchange in May, the network has four initial security areas earmarked for research.
Organisations including Aviva, BP, British Airways, the Home Office and the Ministry of Defence will also highlight end-user security needs, so that vendors can ultimately manufacture higher-quality IT products.
Dr Sadie Creese, strategic research manager at QinetiQ and director of the DTI’s Cyber Security KTN, says the network will act as a think-tank for the UK security industry.
‘There are at least 35 significant groups of organisations that are focused on security in the UK, such as The Jericho Forum,’ she told Computing.
‘All the groups are fantastic, but we are not seeing the overall picture. We are not looking to replicate work already being done, but co-ordinate it.’
Creese says that with technology changing at lightning speed, and computers becoming pervasive in all parts of life, security is increasingly important to protect personal and corporate data.
‘There are phones that are also MP3 players and personal computers. Then there are online health records and credit card transactions,’ she said.
‘Whether you want to deploy egovernment systems or intelligent road networks – it all involves IT and personal data being stored on things that can be accessed via the internet or other computer networks.’
Creese also points to the growth in grid computing, and says that while it has its commercial benefits, the technology could also make it easier to hack into systems.
‘If you can crunch large numbers in super fast times then you will be able to break very large cryptographic keys,’ she said. ‘What we want to do is ensure that we do not suffer from the ever growing threats, and make sure that this brave new world is not used against us.’
Research into identity management could not only help with programmes such as eBorders or biometric ID card plans, it could also solve problems in the private sector, where business supply chains are increasingly communicating online.
‘There is a strong societal benefit,’ said Creese. ‘If you solve an online identity management problem for government, then often you solve them for supply chains and business.’
‘There is knowledge and expertise that can be learned from each other. There are things that government departments know about security that should be transferred into industry and vice versa.’
The £12m pot will also be made available for research and development to investigate the potential of trusted computing systems and ways of measuring security effectiveness.
‘In the real world business changes, as does the way they want to reach out to customers. Because of this, so do the threats,’ said Creese.
The KTN will look at ways of measuring a product’s ability to protect against threats and business risks, to create a common benchmark. How different security applications interact will also be measured.
The security forum will also draw on thinking and research from outside the IT industry. For example, one of the weakest links in terms of security is the human element, says Creese.
‘You lock up your house when you leave for work and you don’t leave the door to your car open because you don’t want someone to nick it or the stereo,’ she said. ‘But people do not have the technical knowledge and often can’t tell the difference between a good guy or bad guy on the internet. What we want to find out is: is there any way we can change that?’
The network is already contacting marketing gurus and faith groups to ascertain their views on how to rebuild public opinion in ecommerce following the recent growth in identity theft and phishing scams.
It is also exploring ways to make security a bigger part of people’s thought processes when they go online, and how their actions can be better represented graphically.
‘We want to get every one acting in a more secure way. Anyone’s computer can be used in a denial of service attack against government or corporate web sites,’ said Creese.
Through innovation and better knowledge sharing, the network ultimately hopes to improve security. It also wants to spur investment in UK IT firms and create a commercial hub, in the same way that clusters of security firms have grown in the US after spinning off from national security programmes.
But with only £12m available for research and development – Microsoft spends more than £2bn on security R&D alone – is the DTI project overly ambitious?
‘If we aim low, then that is the maximum we can achieve,’ said Creese. ‘If we aim high we might not achieve everything, but we will make significant progress.’
Autor(en)/Author(s): Daniel Thomas
Quelle/Source: Computing, 15.06.2006
