- Act prevents unauthorised access to computer material
- Current restriction prevents legitimate scans looking for bugs
- Law needs to include a defence for cyber professionals
- Update our Laws
- Upgrade our defences
- Upskill our workforce
The Computer Misuse Act (CMA) 1990 makes provision for securing computer material against unauthorised access or modification. It provides the foundational law that governs cybercrime.
Breaking the Computer Misuse Act can lead to a jail sentence of up to 10 years.
UK is at greater risk of hacking attacks following Russia’s invasion of Ukraine.
Cyber security experts argue that the law needs to be updated to protect UK against increasingly sophisticated cyber-attacks, preserve national resilience and promote international competitiveness.
CMA criminalises a large proportion of cyber threat intelligence research and effectively prevents routine scans of the internet looking for bugs that could be exploited by hackers and rogue states. Legitimate internet researchers are also prevented from accessing hacked files shared on the dark web to warn victims their data has been stolen.
The original CMA, written in 1990, at a time when few had access to computers was mainly designed to protect voicemail systems.
The CyberUp Campaign brings together a broad coalition of supporters across the UK’s £10 billion cyber security sector and in Parliament.
Campaigners argue the law needs to be updated to include a defence for cyber professionals engaged in legitimate research.
Ollie Whitehouse, chief technology officer at NCC Group: “With cyber threats ever increasing, now is the time for the Government to reform our pre-internet era law to include a statutory defence. Doing so will unleash the full reservoir of talent in the UK cyber security industry in service of our collective national cyber defence.”
In August, the US Department of Justice said it would no longer bring charges under the Computer Fraud and Abuse Act against security researchers who have gained “unauthorised” access to a computer system working in “good-faith security research”
In May 2021 the Home Secretary announced a review of the CMA. The consultation findings are yet to be published.
Follow @AndrewEborn @OctopusTV © Andrew Eborn 2022