The term “cybersecurity” is used broadly to describe a range of related issues, some of which are less serious than others. Cybersecurity includes efforts to prevent and protect organizations and their systems from external threats, including (but not limited to) physical and/or online attacks, disruption of the networks and data storage, information theft, and malicious hackers. There is also a separate area of law known as cybercrimes, which is used to prosecute crimes which fall outside the ambit of traditional crimes such as homicide and robbery. Cybersecurity law was created by the UK Parliament in 2020 with the intention of improving communication security.
There is currently no dedicated statutory framework within England and Wales for combating cyber crime. Instead, there are a number of piecemeal legislation, underpinning the potential for civil action in common law. These: criminalize unauthorised intrusion into computers (the Computermisuse Act 1990 (ograms Act); criminalize the interception of electronic communications, both sent and received by computers (both sent and received by persons abroad) (the Investigatory powers Act 2020 (IP Act)), and authorise “unaided interference” for lawful purposes (the Cyber Crime Act 2020 (Cyc Theft and Abuse Act 2020). There is also an offense of harassment, which is not included within the jurisdiction of the police but which may be prosecuted by the courts. A wide range of other offenses also exist, many of which are covered by additional statutes.
The UK has not yet developed its own national cybersecurity standards, although there are widespread engagement within government and the private sector on this issue. This has been recognized by the international community, with many jurisdictions developing their own specific standards. It is important for every nation, region, and company to develop its own unique guidelines and protocols, as well as its own national laws to govern the use of cyberspace. In the UK, these include the Hacking Act 2020 (which makes it illegal to disclose or publish details of confidential data), the Serious Television Information Protection Act 2020 (which makes it illegal to disclose any details of TV programmes that are being viewed) and the Communications Act of 2020 (which set out the various regulations that govern phone and wireless communication). The House of Commons Select Committee on Cybersecurity and Communications held an inquiry into how best the UK can respond to the increasing threat from cyber criminals. The committee concluded that it was important for the UK and other G7 countries to work closely to share information on the use of cyberspace, in order to bolster cooperation and create international standards and penalties against those who breach them.
Many of the challenges currently faced by UK businesses (and US businesses in general) relate to the fact that cyber threats are evolving at an ever accelerating rate. Companies must constantly evolve their technology systems to remain compliant with the increasingly complex requirements of modern business. At the same time, UK national agencies are unable to keep up with the pace of international standards. As a result, many businesses are operating systems and technology systems that are more than 10 years old and have only basic cyber hygiene mechanisms in place to deal with regular cyber threats. This is leading to expensive and frequently unsuccessful efforts at defence against serious cyber threats, as well as making it harder for the authorities to warn individuals about the growing sophistication of cyber threats to UK vital national interests and assets.
Despite the UK government’s apparent commitment to the combating of cybercrime, the department for digital affairs (DCA) has been unable to develop a coherent national strategy for combating cyber crime. Lack of progress in this area has been cited as the reason why hackers continue to target UK organisations and our largest financial centre. The UK’s national cybersecurity legislation was introduced to the House of Commons in 2020 to promote cooperation between public and private sector agencies in the fight against cyber crime. However, despite the implementation of some fundamental improvements in the legislative framework, the UK’s cyber environment is persistently insecure.
It is clear that the lack of focused action by both the UK government and the DCA makes the fight againstCybercrime a challenging one. The UK government has an opportunity to shape a pan-European approach to combating cyber threats and ensuring the protection of personal data and infrastructure. It should also work to address the vulnerabilities of UK companies, which it should do through greater regulation and better information sharing with other European countries.
One key aspect of cyber security in the UK is the UK’s Computer misuse Act 2020 which criminalises the unauthorized storage, accessing or distribution of data for financial gain. The Cybercrime Act 2020 brings the UK’s cybercrime law up to date and includes measures to strengthen the Serious Internet Crime Act 2020. This comprehensive Act is designed to bring the cyber misuse of computer systems more into line with other comparable offences such as financial crime. In addition to these authorities there is another element of the UK’s national security role in the form of the UK Investigates Agency (MIcrospose) and the National Crime Intelligence Service (NCIS). The MIcrospose was established in 2020 to partner up the UK’s national security industry with the wider global intelligence community in countering the many cyber threats.
Currently the UK authorities have an unevenly matched playing field in combating cyber threats. Some international cooperation is starting to be built, but there is no real framework of rules and laws at either national or international level. As such there is a need to develop a capability and infrastructure which can cope with the current and future cyber threats. These capabilities are currently being built by the NCIS in collaboration with the FBI – working in partnership with GCHQ and the Government Communications Headquarters (GCHQ). In the context of the Investigates Agency, the GCHQ collaborates with the NSA. To complement this work, the UK government has developed the Cybercrime Bill, which aims to create a UK national Cybersecurity Strategy.