CREST International gives its support to the CyberUp Campaign

17 January 2023

CREST to help CyberUp to reform the Computer Misuse Act (CMA) that currently outlaws essential vulnerability and cyber threat intelligence research.

CREST, the international not-for-profit, membership body representing the technical cyber security industry, has become an official supporter of the CyberUp Campaign. CyberUp is leading the push for cyber security legislation that is fit for the challenges and threats of the 21st century. The focus of this work is the reform of the UK’s Computer Misuse Act 1990.

The Computer Misuse Act (CMA) is the main law in the UK governing cybercrime so it is surprising that it is more than 32 years old. While the UK cyber security industry is working hard to safeguard the resilience of the UK and its allies against cyberattacks and threat actors, the Act currently prevents and criminalises a large proportion of the vulnerability and cyber threat intelligence research that they are able to do. This makes us all less safe.

“CREST has supported and admired the efforts of the CyberUp Campaign since its inception, so it is great to make this support official,” said Rob Dartnall, Chair of CREST’s UK Council. “The Computer Misuse Act is out of date and its view of security testing and threat intelligence is not fit for today’s increasingly digitised world with ever growing and more sophisticated cyber threats. In 2021 CyberUp secured a comprehensive review of the Act so it is now important for industry in the UK to collaborate to ensure substantial reform happens. We will be working with the Campaign to help engage industry and drive forward successful reform.”

The CyberUp Campaign brings together supporters from across the UK cyber security sector and in Parliament. Following the Home Secretary’s announcement of a review of the Computer Misuse Act in 2021, CyberUp provided a comprehensive response to the consultation that was a collaborative effort. More than a year has now passed, and the consultation findings have not yet been published so it is essential that the Campaign keeps its momentum going with the help of its industry supporters.

As we continue to await the findings of the Home Office review, the Campaign is calling on Government to seize the opportunity to reform the outdated Computer Misuse Act 1990 to allow the industry to flourish, and ensure the UK is protected against growing cyber threats.

“The CyberUp Campaign is delighted to have CREST International on board as a supporter,” said a spokesperson for the CyberUp campaign. We are very much looking forward to working with CREST and its members in the UK to ensure the reform of the Computer Misuse Act. The UK is on the precipice of a historic change in our cyber crime laws. Help from organisations like CREST is essential if we are to make sure this once-in-a-generation opportunity does not go to waste.”

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

For more information on CREST: www.crest-approved.org

For media enquires contact: Allie Andrews, [email protected]