Rip up decades-old rules to fight hackers, say cyber security experts
CYBER security experts have urged the incoming prime minister to tear up a decadesold law that is blocking them from effectively stopping rogue states and criminals from hacking the UK.
Companies representing Britain’s £10bn cyber defence sector have asked Rishi Sunak and Liz Truss to rewrite the 30-yearold Computer Misuse Act, which they said is no longer fit for purpose.
The signatories include the Internet Services Providers’ Association, which represents BT, Virgin Media and Sky; London-listed cyber security company NCC Group; and Ciaran Martin, the former head of Britain’s cyber security agency.
The current act prevents unauthorised access to computer material, but the signatories argue this is too broad and prevents them from conducting routine scans of the internet to look for bugs that can be exploited by hackers.
Legitimate internet researchers in the UK are also prevented from accessing hacked files shared on the dark web to warn victims their data has been stolen. Breaking the Computer Misuse Act can lead to a jail sentence of up to 10 years.
Campaigners from the Cyberup group argued the law needs to be updated to include a defence for cyber professionals engaged in legitimate research. The original act, written in 1990, was mainly designed to protect voicemail systems at a time when few had access to computers.
Ollie Whitehouse, chief technology officer at NCC Group, said: “With cyber threats ever increasing, now is the time for the Government to reform our pre-internet era law to include a statutory defence. Doing so will unleash the full reservoir of talent in the UK cyber security industry in service of our collective national cyber defence.” The signatories added that the UK is at greater risk of hacking attacks following Russia’s invasion of Ukraine.