Cyber trust and crime prevention: 1 year review
Published 23 January 2006
© Crown copyright 2006
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/cyber-trust-and-crime-prevention-1-year-review/cyber-trust-and-crime-prevention-1-year-review
1. Aim
This paper reviews the outcomes of Foresight’s Cyber Trust and Crime Prevention project (CTCP) over the 12 month period since the launch of the project’s findings in June 2004. It seeks to determine its successes, learn from the process in order to inform future Foresight projects and identify potential next steps.
2. The project
2.1 Background
The CTCP project explored the applications and implications of future information and communications technologies (ICT).
Home Office is the lead department for the project, with Andy Burnham MP currently chairing the high level stakeholder group.
Sir David King directed the project, which provided a scientific evidence base and three possible scenarios for the future of this area. The project announced its findings in June 2004 and since then the material has been used to inform a range of stakeholder actions.
The CTCP project covered issues such as:
- identity and authenticity
- surveillance and security
- system robustness
- information assurance
It also explored the basis for effective interaction and trust between people and machines.
Foresight began the project with a thorough review of the science base to understand current and potential future technological capabilities and the latest relevant learning in the social sciences and humanities. Working with RAND Europe, the team used this evidence as the basis for the development of three scenarios of how we might manage cyber risks in the future. Stakeholders reviewed the scenarios to identify key issues the UK should consider to minimise future cyber crime risks.
Paul Goggins MP took responsibility for the project during the first half 2005 year and attended a workshop with senior officials from the Home Office and other government departments to explore the implications of the project for the future use of offender tracking. Andy Burnham MP is now the Home Office sponsor minister.
2.2 Project outputs
Included:
- a detailed science evidence base for assessment of future opportunities and risks
- a broad community with a shared understanding of what the future risks might be and key steps we should take now to reduce those risks and maximise the benefits we gain from these advances
- a set of scenarios which allow those with policy responsibility to check their strategies for robustness against possible future cyber crime risks
2.3 Main findings
The aims of the project were to explore the application and implications of next generation information and communication technologies (ICT). The report looked at:
- how the risks involved in the use of ICT might change over the next 15 years
- how the society might react to these changes in risk
Main points:
The pace of technical, social and business change makes it difficult to anticipate and respond effectively to new vulnerabilities. There are no purely technological solutions. As social and technical systems become more complex and interdependent, it becomes even harder to predict how systems might fail, or what the consequences of failure might be.
Therefore we will need:
- new forms of governance to establish systems that are trustworthy and trusted;
- better mechanisms for business/government dialogue to identify and respond to new criminal opportunities, and to find new ways to prevent existing forms of crime
- new forms of training and education, for IT professionals, suppliers and users
To deliver security, wealth creation and other public goods it will be essential to consider technological capabilities as part of social systems, including drawing on emerging understandings of risk and social learning.
The project developed 3 scenarios for 2018, including very different (but self-consistent) sets of assumptions about the allocation of responsibilities for security, privacy and liability across government, business and civil society. The scenarios can be used to explore the implications of today’s choices in these areas.
3. Post-launch activities, including progress against the stakeholders’ action plan
Appendix A shows the action plan at the time the project launched its findings, together with the progress reported by stakeholders now. These include:
Informing government policy
Completion of workshops led by 4 different departments, to use the project scenarios to explore some long term implications of Information and Communication Technologies (ICT) for current strategies. These were: road user charging, data protection, civil contingencies and offender tracking. Feedback has been positive. As ever, with futures work, direct performance measurement is difficult;
Use of the project’s findings and network to help set up the PM’s Council for Science and Technology’s current work on better use of personal datasets across government (reporting to the PM in late 2005);
Informing changes in the definition of fraud (Home Office), and the development of the UK Strategy for Information Assurance (Cabinet Office).
Informing research and development
HP, BT, Microsoft and Quinetiq held an industrial research forum, which led to further detailed recommendations for action, primarily to support cross-disciplinary research and the right mix of skills in ICT professionals.
The Engineering and Physical Sciences Research Council (EPSRC) included a specific call for proposals in the area of ‘electronic crime prevention and detection’. Total new commitment under the first round of this call is £700,000. The outcome of a further call will be announced in November.
Lead scientists involved in the project are developing a proposal to the EPSRC for support for a cross-disciplinary network covering social sciences as well as information technologies.
Cross-sectoral networks
DTI Innovation Group has made cybersecurity a priority proposal for 1 of the 2 first new Knowledge Transfer Networks, as part of its Technology Strategy. If approved this autumn, it will result in significant support for over the next 3 to 4 years. It is also reviewing other related proposals on networking and R&D collaboration;
The Information Assurance Advisory Council (2 events, around 80 people); British Computer Society (3 ‘thought leader dinners’, 90 people); and the Institute of Electrical Engineers (work through various panels and events) all continued to support networks aimed at developing the dialogue across disciplines and sectors started by the project.
Public engagement
The Royal Society organised a public dialogue on cyber trust and information security, which drew on early work from the Foresight project.
BT and HP have set up Trustguide to develop guidelines on enhancing cyber trust, aimed at those working in ICT.
4. Continuing activity
The stakeholder group agreed that there was continuing value in meeting to explore the implications of CTCP findings for specific issues. Foresight expects to review impacts in a further 2 years’ time.
Appendix A: annotated action plan
Review of progress against the action plan.
Applying the outcomes
| Lead actor | ACTIVITY as set out at project launch in June 2004 | Progress |
|---|---|---|
| Home Office | High level workshop to explore implications for tracking offenders | Workshop for Paul Goggins at the Royal Society, 1 March 2005. |
| Cabinet Office | Working with a range of government departments to develop and deliver a programme of workshops to explore the long-term implications of the work for key areas of government policy (eg road user charging, e-crime strategy, UK information assurance strategy etc). | Goal was to hold 6 workshops. Three held: DfT - Road-User Charging (May 2004); Civil Contingencies Secretariat - The IT Revolution (Dec 2004); DCA - Data Protection and Freedom of Information (Mar 2005). The project informed the government information assurance strategy work. |
| PM’s Council for Science and Technology (CST), Office of Science and Technology | Independent review of the use of personal datasets across government. Will use CTCP work to explore long-term implications. | CTCP people and reports helped establish CST’s discussions on privacy and trust in the production of their report, scheduled for autumn 2005. |
| Chief Scientific Advisors’ Committee (CSAC) | Working session to identify implications for government departments’ individual science and technology strategies and key policy issues. | CSAC discussed the project. A Grand Challenge on data management has made the shortlist, sponsored by MoD and DfT. |
Exploring the further implications of the project’s findings
| Lead actor | ACTIVITY as set out at project launch in June 2004 | Progress |
|---|---|---|
| Information Assurance Advisory Council | Hold 2 workshops in the next 12 months, open to all participants in the project so far. First workshop, in October 2004, will work with the existing project advisory group and others to explore ideas for ‘solutions’ to challenges identified during the project. The second workshop, in Spring 2005, will take stock of progress made and suggest new actions to further trust and crime prevention. IAAC also intends, in principle, to progress CTCP after June 2005 for another year. | Workshops held on 14 October 2004 and 11 April 2005 brought together members of the network created by CTCP. Future status not clear. |
| Institution of Electrical Engineers | IT Sector Panel will review implications, especially in areas of dependable systems, IT procurement and professional standards. Special event on legal and regulatory issues, including contribution from Herbert Smith Research Policy Group will review implications for its forward agenda, and its interaction with national and EU science and research programmes. | The IT panel continues to champion dependable systems. IEE helped influence changes to HMT Green Book guide lines on project management and resource allocation in regard to IT. Computers and Law event held on 8 November 2004. Responses made to the UK Science and Innovation Strategy. |
| Research Councils | Hold a meeting with relevant research programme managers across Research Councils to consider research areas suggested as a consequence of project. | Meeting held. A funding proposal for a cross-council network to continue that formed by CTCP is in preparation. Electronic crime prevention and detection included as a priority theme as a result of CTCP. £0.7m from EPSRC to projects chosen in the 2003 call for proposals. |
| BT & HP | BT & HP will work (with any other interested companies) to create a pre-competitive forum for cyber trust research within the UK. The forum will aim to: act as a focal point for research in cyber trust; provide academics with a source of industry examples and contacts; produce an industry view on the future direction of UK research. | Industrial Research Forum between BT, HP, Microsoft and Qinetiq met and agreed positive actions needed to strengthen the UK’s cyber trust science base. BT and HP also set up the Trustguide project, part funded by the Office of Science and Technology, to produce guidelines on enhancing cyber trust. Aimed at all those researching, developing and delivering ICT. |
| DTI Innovation Group | Look at the potential to inform future calls for proposals to make use of DTI Innovation/Technology Programme Funding. | Proposal for Knowledge Transfer Network cyber security and biometrics will be put to the Technology Strategy Board, Autumn 2005. Cyber themes included in calls for innovation support in 2004 and 2005 (ICT proposals as a whole received about a third of a total £230m allocated so far). |
| Royal Society | Review implications of public engagement workshops on cyber trust, as part of its Science and Society programme. | A report on the public dialogue was published in October 2004. Royal Society has also launched a new investigation into the implications of ICT for healthcare. |
| British Computer Society | Hold ‘thought leaders’ dinner’ on the project to explore business/academic implications. | Three dinners held on 26 Oct, 16 Dec 2004, 25 Jan 2005, over 80 people attended: Is network surveillance possible?; Where is a precautionary approach to systems and software design commercially viable, or do we continue to live with reactionary measures to untrustworthiness for the foreseeable future?; Designing ICT for crime prevention. |
| Royal Society for the Arts (RSA) Forum for Citizens, Technology and the Market | Royal Society for the Arts (RSA) Forum for Citizens, Technology and the Market | RSA initiative discontinued. |
| Real Time Club | Hold speaker-led dinner on implications for entrepreneurs | Held on 14 September 2004. |
| DTI | Raise the findings of the project in international initiatives in the EU, OECD and other bodies. | Presentation to the European Commission Research Directorate, 5 July 2004. CTCP informed government implementation of the OECD 2002 Security Guidelines. |