‘APIG’ Right To Call For Proactive Security Monitoring By ISPs – MessageLabs

London, 30th June 2004. MessageLabs, the leading provider of email security solutions to business worldwide, welcomes the key recommendations of the All Party Internet Group (APIG) inquiry into revisions to the Computer Misuse Act (CMA), which were released today.

As the security landscape widens, MessageLabs supports the proposed addition of a denial-of-service (DOS) offence and, in particular, the recommendation that the ISP industry needs to develop Best Practice procedures for proactive monitoring to ensure end-user computer security.

MessageLabs’ Chief Technology Officer Mark Sunner gave evidence to the APIG committee at the inquiry it held on the 29th April 2004. Commenting on the Group’s recommendations today, he said:

The recommendations outlined in the APIG report clearly acknowledge the need to widen the net on what is legally recognised as cybercrime and to adopt a tougher stance on the perpetrators of security attacks that have serious consequences for UK businesses. As both the volume and sophistication of attacks rises, broadening the scope of the CMA to include an explicit offence for DOS attacks is a step in the right direction.

A tighter legal framework is always going to make it more difficult for computer criminals to operate. But it is important that any new regulations recognise the ‘overlap’ that is developing in terms of the tactics used.

For example, the CMA will not deal with the rise of ‘spam’ email – this is targeted by other legislation including the recent EU Directive on Privacy & Electronic Communications. But it will be used to regulate the subsequent malicious payloads increasingly delivered by that spam.

Given this problem, the legal framework is ultimately only going to be at best one layer of a total solution. Security threats are inherently a technology problem and the solution must continue to be technology led. We therefore strongly welcome the recommendation that the ISP industry take a more proactive role in the protection of end-users.

The growing sophistication of threats means that, while further education is required to make end-users more security-aware, ISPs should not rely on customers to protect themselves. ISPs should be taking the lead in proactively investing in technology to stop threats at the Internet level, before they reach corporate networks and end-users machines.

About MessageLabs
MessageLabs is the leading provider of managed email security services to businesses worldwide. The company currently protects more than 8,500 businesses worldwide from email threats such as viruses, spam and other unwanted content before they reach their networks and without requiring additional hardware or software. Powered by a global network of control towers that currently spans 14 data centres in the United States, the United Kingdom, Germany, the Netherlands, Australia and Hong Kong, MessageLabs scans tens of millions of emails a day on behalf of customers such as The British Government, The Bank of New York, EMI Music, HealthPartners, StorageTek, Air Products and Chemicals, SC Johnson, Conde Nast Publications, Fujitsu and Diageo. For more information on MessageLabs and its industry-leading email security and management services, please visit www.messagelabs.com