Gov 'is not taking cybercrime seriously'
Home Office 'will miss out on top IT talent' with volunteer cybercop plan
IT security experts have trashed Home Office plans to recruit volunteers to tackle cybercrime, saying the government is not taking the issue seriously enough.
Home Secretary Theresa May plans to bolster the police's efforts to battle digital crime by empowering police forces to sign up IT workers as volunteers.
The proposal, aired again by the Home Office last week but first revealed in a consultation document last year, would allow room for volunteers to take on greater roles "as their experience grows".
But cybersecurity experts denounced the plans, saying the government should hire specialists instead of volunteers if police skills are not up to scratch.
Graham Cluley, an independent computer security analyst, told IT Pro: "[It] doesn't sound like they're taking the problem seriously to me. Cybercrime is on the rise, and clearly the authorities need proper investment and resources to tackle the growing problem.
"My concern would be that the authorities would be unable or unwilling to pay the kind of salaries that would attract the top talent - and so many talented individuals won't be interested."
IT security workers command a wage of between 50,000 and 57,000 in London, according to recruitment firm Randstad Technologies.
But digital offences make up 44 per cent of total crime according to ONS data released last October, which showed that 3.8 million Britons were victims of a total 5.1 million incidents of online fraud, malware, or phishing attacks in the previous 12 months.
Cluley said it is worth paying the price for experts who can help.
"Until fighting cybercrime is seen as something which saves the country money rather than costs us cash, I don't see the situation getting any better," he said.
Security firm Digital Guardian pointed out that the plan overlooks a gap in expertise that already exists in cybersecurity, a problem which has been recognised by Chancellor George Osborne.
Thomas Fischer, principal threat researcher, said: "For many years the infosecurity industry has faced a recruitment drought. As a result, individuals that do meet the required training standards are highly sought after assets, likely to be in well-paid positions, with very little time to do volunteer work on the side."
However, the Home Office insisted it is committed to tackling cybercrime, highlighting measures such as an 860 million investment in the National Cyber Security Programme.
IT Pro understands that volunteers would look into minor offences that stop police focusing on more serious crimes, but security firm Malwarebytes said working alongside police is different from grass-roots action against hackers.
Malware intelligence analyst Chris Boyd told IT Pro: "Working with police in an official capacity is a whole new ballgame, and there's not just the technical aspect to consider - you could well be getting involved in cases where there could be significant risk to yourself or others.
"One hopes the police would make them sign an equivalent of an NDA before signing up."
It is not clear whether the Home Office would meet other costs, such as the price of equipment volunteers would need to work on.
Boyd said: "If this is to be successful the volunteers need to be supplied with standard-issue machines running the tools they need to get the job done. We can't have work like this done on someone's personal computer, especially if there's a chance it could have been compromised beforehand."
The government must also decide what security solutions run on these machines before signing up volunteers, he said.
The consultation in which the proposal was contained has concluded, though the government has not given a timeline for when police can begin recruiting volunteers.
The Home Office declined to comment.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now