Cyber Security Experts Call For Greater UK Protections For Ethical Hackers

Cybersecurity Cyber Security Experts Call For Greater UK Protections For Ethical Hackers Emma Woollacott Senior Contributor Opinions expressed by Forbes Contributors are their own. Following New! Follow this author to stay notified about their latest stories. Got it! Sep 6, 2022, 05:18am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin LONDON, ENGLAND – NOVEMBER 04: A general view of the Houses of Parliament.

(Photo by Oli . . .

[+] Scarff/Getty Images) Getty Images A group of cyber security experts is calling on the UK government to reform the Computer Misuse Act, saying it fails to protect security professionals. The Act was introduced back in 1990 after BT’s then email system, Prestel, was hacked by journalist Robert Schifreen in an attempt to access the mailbox of Prince Philip. Schifreen – who said he wanted to raise awareness of vulnerabilities – was charged, but acquitted; the new act then made it an offense to access a computer without authorization.

However, 30 years is a long time, and the UK is now looking to introduce new measures – dubbed the ‘Cyber Duty to Protect’ – and has put out a call for information , asking for views on what actions can be taken to reduce risks. In their letter to incoming prime minister Liz Truss, the Internet Service Providers’ Association (ISPA), security firm NCC Group and the former head of the National Cyber Security Centre (NCSC) Ciaran Martin call for the introduction of a statutory defence to protect ethical hackers. “As you will be aware, last year the Home Office conducted a review of the effectiveness of the Act.

We understand from Freedom of Information requests that 66% of those who responded to the review expressed concerns over the lack of protection in the Act for legitimate cyber activity,” they write. “You will of course be all too aware of the increased cyber threat posed by our adversaries, not least following Russia’s invasion of Ukraine. We believe this strengthens the case for prioritising efforts to reform the Computer Misuse Act to include a statutory defence.

” MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features At issue is the work of ethical hackers, or penetration testers, who currently must gain permission to access systems and follow agreed rules an what may be done with the data, generally agreed via a contract and non-disclosure agreement (NDA). However, this means it’s currently illegal for penetration testers to scan systems for vulnerabilities without advance permission, or to access hacked data on the dark web for their research. And researchers have indeed fallen foul of this rule, with a University of York student sentenced to eight months in prison for accessing Facebook’s internal systems in 2012 – despite having already warned the company about his findings.

Specifically, the CyberUp group, which has coordinated the letter, calls for legalizing proportionate threat intelligence, responsible vulnerability research and disclosure, active scanning, enumeration, use of open directory listings, identification, and honeypots. The review follows a similar debate in the US, where the Department of Justice pledged earlier this year not to charge ‘good-faith’ security researchers under the 1986 Computer Fraud and Abuse Act (CFAA). Follow me on Twitter .

Emma Woollacott Editorial Standards Print Reprints & Permissions.