United Kingdom Parliament
HOME
ABOUT
MEMBERS & STAFF
BUSINESS
PUBLICATIONS
A-Z INDEX
GLOSSARY
CONTACT
Publications & records
Advanced search
 HansardArchivesResearchHOC PublicationsHOL PublicationsCommittees
You are here: Publications and Records > Select Committees > Science and Technology > Science and Technology
Select Committee on Science and Technology Written Evidence

Annex 1

  Input from BCS Education and Training Expert Panel:

  This document has been drafted to inform the BCS response to the House of Lords Inquiry, and has been developed in consultation with members who all have a wide range of expertise in schools, HE and industry.

  It has taken a focus on young people in school, but also out of school as all young people are encouraged by the education system to make greater use of the Internet and also they are major personal users of the Internet as "digital natives".

DEFINING THE PROBLEM

1.  What is the nature of the security threat to private individuals?

  Young people in and out of school use a whole range of devices and services to access the Internet to communicate with "friends", including net friends. The social networking phenomena have already emerged with students enetworking as an accepted core activity mixing chat, email, SMS and voice across mobile phones and computers. Young people do not fully understand the power of the Internet or of communication and can often think of the Internet as some sort of game that they wish to fully exploit.

  Teachers expect children to have ready access to the Internet in and out of school to support and extend their learning and self development.

  Parents trust the use of the Internet by their children as they cannot fully control access. Parents admit that students are in their rooms using the Internet and believe this to be a natural thing to do. Basically parents do not understand the power of the Internet. Young people change their use of technology and applications, such as games, at a faster rate than parents, generally leaving parents behind in their technical capabilities or understanding to control the actions of their children. The depth of understanding of internet applications, such as games, by parents is superficial compared to their children.

2.  What new threats and trends are emerging and how are they identified?

  The emergence of social networking and adoption by large numbers of young people.

  The expectation that children will have a safe and secure online learning space accessible in school and out of school.

  The rapid update of new online social environments such as MySpace and Bebo, as well as generic tools such as blogs and wikis where young people can exchange views and develop ideas, but can also leave themselves open to abuse, especially with the disclosure of personal information and forming of net friendships.

  The cyber bullying of young people (and vulnerable adults) by their peers and strangers over which no one institution or law and order organisation can deal with.

  Impersonation and the creation of (multiple) false identities by adults for grooming purposes leading to increased opportunities for virtual and physical abuse.

3.  What is the scale of the problem? How are security breaches affecting the individual user detected and recorded?

  All young people in the UK school system have increasing access to the fast and reliable Internet services in schools and are encouraged to use these services out of school to extend opportunities to access learning.

  School systems should be set up with an appropriate accreditation of internet access (perhaps via BECTA) to provide for minimum standards, although schools are able to set differing standards for staff and children.

  Schools are advised to establish and seek conformance to an Acceptable Use Policy and may install local monitoring software and manage access to specific sites as well, as generic types of sites, and follow up specific abuse allegations within their child protection regime. Some students have found ways round school security systems. The operation of esafety security systems can be seen as an overhead and limit the opportunity for innovation by staff.

  The reporting of security breaches operates within frameworks established by Local Authorities and Regional Broadband Consortia as well as in schools. Reporting to appropriate authorities follows locally determined procedures, increasing in line with the guidelines offered by CEOP and BECTA.

  As specific security and safety threats are dealt with in school, young people revert to open email and mobile phones out of school constraints.

  Schools often focus on Internet security for young people overlooking the threats posed by staff to people in school and wider afield.

4.  How well do users understand the nature of the threat?

  School teaching and non-teaching staff often have a limited understanding of the nature of the threat or its pervasiveness, although schools are often aware and have formal policies in place—it is embedded practice that needs to be established.

  Young people and school staff are generally confident they can look after themselves.

TACKLING THE PROBLEM

5.  What can and should be done to provide greater computer security to private individuals? What, if any, are the potential concerns and tradeoffs?

  All schools should offer access to the Internet through accredited education ISPs. This may be seen as draconian; perhaps other controls can be established, such as relying on the inspection regime for maintained and independent schools. There is a balance to be achieved as a prescriptive regime in schools and other institutions means children will use other means of Internet access and use services outside of a context for safeguarding children.

  School level filtering needs to be appropriate for the age, capabilities and maturation of the children, staff and community.

  The continuous training of staff, children and the school community needs to be established.

  Monitoring of staff needs to take place alongside children—it cannot be assumed that it is only children who will create the personal and network security threat.

  All users to have a unique identity for monitoring purposes.

  A greater understanding of the benefits and consequences of an increasingly diverse range of access mechanisms and applications to exploit the Internet.

  It is likely that the greatest impact on computer security will not be through some technical means, but by focusing on user awareness and training so they become safe users.

6.  What is the level of public awareness of the threat to computer security and how effective are current initiatives in changing attitudes and raising that awareness?

  The education "public" is generally not well informed—a few headlines grab the attention—paedophiles and social web sites current—cyber bullying, but on the whole it is limited.

  Provision of education ISP accreditation is affecting the technical provision but user awareness and understanding still low priority; LAs are responding, but the wider ISP marketplace is still relying on the IWF lists and users.

7.  What factors may prevent private individuals from following appropriate security practices?

  Current filtering standards apply over a wide range of situations. However, there can be considerable differences between a person being in school and their being out of one. The general lack of understanding by parents regarding the nature of the controls that can be applied to risk is also an obstacle to improving the current situation.

  There is a need for different levels of security when a child is in school from when they are in the safety of their home.

8.  What role does software and hardware design play in reducing the risk posed by security breaches? How much attention is paid to security in the design of new computerbased products?

  Education tends to include security and personal safety as high priorities which works well on school sites, however off site and in the home the situation is more problematic, especially for family computers used by adults and children.

9.  Who should be responsible for ensuring effective protection from current and emerging threats?

  National agencies and key vendors have a role in intelligence and keeping users aware of the changing nature of threats and prevention steps.

  Education, so that young people know how to deal with and assess information and contacts on the internet and take appropriate precautions.

  Parents through the rules and procedures they apply at home with the support from ISPs and other IT service providers.

10.  What is the standing of UK research in this area?

  The emergence of national education systems using the Internet has lead to the setting of standards—not aware of any research.

  The Cyberspace Research Unit at the University of Central Lancashire[1] has a research focus and has developed web-based materials.

GOVERNANCE AND REGULATION

11.  How effective are initiatives on IT governance in reducing security threats?

  The role of BECTA in defining standards has assisted in schools although the majority of schools still do not have a BECTA accredited supplier and even when they do they can override the accredited standards.

  The role of BECTA is not fully accepted by schools and the ISP marketplace.

Standards outside of schools are subject to the vagaries of the marketplace and the selected ISP accessed in the home and at other sites.

  The requirements for school level governance are ambiguous and can lead schools to believe they can self govern; a few can, but the majority who make such claims appear not have effective systems.

12.  How far do improvements in governance and regulation depend on international cooperation?

  Essential, but also needs to be sensitive to local contexts.

13.  Is the regulatory framework for Internet services adequate?

  No.

14.  What, if any, are the barriers to developing information security systems and standards and how can they be overcome?

  The expectation that all ISPs are the same and that the user should determine what is appropriate in terms of access and use.

CRIME PREVENTION

15.  How effective is Government crime prevention policy in this area? Are enforcement agencies adequately equipped to tackle these threats?

  CEOP are in their infancy but are already making a significant difference in raising the profile of esafety and ensuring training becomes more effective.

16.  Is the legislative framework in UK criminal law adequate to meet the challenge of cybercrime?

  No comment.

17.  How effectively does the UK participate in international actions on cybercrime?

  No comment.

October 2006

1   http://www.uclan.ac.uk/host/cru/ Back


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index
© Parliamentary copyright 2007