RiskUKOctober2017
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
News Update<br />
Biometrics Commissioner’s third<br />
Annual Report scrutinised by Big<br />
Brother Watch<br />
The 2016 report of the Commissioner for the<br />
Retention and Use of Biometric Material was<br />
submitted to Home Secretary Amber Rudd on<br />
14 March this year and has now been<br />
published for public consumption.<br />
The role of the Biometrics Commissioner<br />
was established by the Protection of Freedoms<br />
Act (PoFA) 2012, with Paul Wiles appointed as<br />
the second Commissioner on 1 June 2016.<br />
Wiles’ role is to provide independent oversight<br />
of the regime which was established by the<br />
PoFA – and which came into force on 31<br />
October 2013 – to govern the retention and<br />
use by the police in England and Wales of DNA<br />
samples, DNA profiles and fingerprints.<br />
In addition to casework responsibilities in<br />
relation to DNA and fingerprints, Wiles also<br />
has a UK-wide oversight function as regards<br />
their retention and use by the police service<br />
on national security grounds.<br />
Stretching to no fewer than 125 pages, the<br />
detailed 2016 report deals primarily with<br />
developments since the publication of the<br />
Commissioner’s 2015 report. In essence, it<br />
covers Wiles’ casework activities, the general<br />
operation of the PoFA regime and a variety of<br />
issues that have arisen in connection with its<br />
operation in both the normal policing and<br />
national security spheres.<br />
In response to the report, Renate Samson<br />
(CEO of Big Brother Watch) said: “We welcome<br />
the Biometric Commissioner’s warnings and<br />
concerns about the ongoing creation and<br />
retention of facial biometrics and facial<br />
recognition technology by police forces across<br />
the country. It’s of very serious concern that<br />
the Home Office appears to be so<br />
unwaveringly set on embedding facial<br />
biometric recognition technology into policing<br />
without debate, regulation, legislation or<br />
independent scrutiny.”<br />
Samson continued: “Rather than throwing<br />
millions of pounds at the building of such<br />
intrusive capabilities, the Home Office should<br />
be investing in updating police IT systems to<br />
ensure that the hundreds of thousands of<br />
innocent people’s custody images and facial<br />
biometrics are deleted automatically as soon<br />
as they’re released without charge, bringing<br />
them into line with DNA and fingerprints.”<br />
Professor Paul Wiles has spent much of his<br />
career as an academic criminologist at a<br />
number of UK universities and is currently a<br />
governor at Sheffield Hallam University as well<br />
as a trustee of the National Centre for Social<br />
Research. Until 2015, Wiles served as an<br />
advisor to the Sentencing Council and has also<br />
worked as a local Government commissioner.<br />
“Untrained and neglected IT staff<br />
increasing cyber security skills<br />
gap” warns (ISC)²<br />
A survey of 3,300 IT professionals conducted<br />
by (ISC)² has revealed that widespread<br />
underfunding in training in-house IT talent is<br />
contributing towards the critical cyber security<br />
skills gap. The report shows that businesses<br />
are exposing themselves to cyber threats by<br />
ignoring and neglecting IT professionals, with<br />
65% of IT workers reporting that their security<br />
advice isn’t followed.<br />
Almost half of IT workers state that their<br />
firms don’t invest sufficiently in ensuring that<br />
their IT staff are security-trained, despite a<br />
shortage of cyber security workers across 63%<br />
of businesses. This indicates that the cyber<br />
skills deficit is rooted in businesses failing to<br />
listen to advice from IT staff and upskill inhouse<br />
talent.<br />
The report suggests that this is a leadership<br />
issue, with 49% of respondents accusing<br />
business leaders of a failure to understand<br />
cyber security requirements. According to the<br />
report, the end result is that the majority of<br />
companies are even less able to cope with a<br />
cyber attack than they were last year.<br />
In February this year, (ISC)² suggested that<br />
the cyber security skills gap will grow to 1.8<br />
million by 2022 if current hiring and training<br />
trends continue.<br />
The latest research is based on responses<br />
given by practising IT professionals from<br />
around the world who participated in the 2017<br />
Global Information Security Workforce Study.<br />
Key findings from surveyed IT professionals<br />
include the following: 43% said their<br />
organisation doesn’t provide adequate<br />
resources for security training, only 35%<br />
agreed that their security suggestions are<br />
acted upon, 55% stated their organisation<br />
doesn’t require IT staff to earn a security<br />
certification and 63% said their organisation<br />
has too few security-focused workers.<br />
“Our findings suggest that too many<br />
organisations are so fixated on their inability<br />
to attract top cyber security expertise that<br />
they often overlook a tremendous pool of<br />
talent already on staff and intimately familiar<br />
with their infrastructure and processes,” said<br />
(ISC)² CEO David Shearer CISSP. “The quickest<br />
way for many organisations to protect<br />
themselves against cyber threats is through<br />
continuous education and empowerment of<br />
their IT team’s constituent members.”<br />
7<br />
www.risk-uk.com