14 February 2014 at 8:50am
The recent TF-CSIRT meeting in Zurich included a talk by the Swiss telecoms regulator (like ours, called Ofcom, though their 'F' stands for Federal!) on the law covering websites in the .ch domain that distribute malware, normally as the result of a compromise.
5 August 2013 at 11:24am
The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on
13 November 2012 at 4:43pm
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack.
12 October 2012 at 9:32am
I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative.
29 April 2013 at 11:47am
Nominet have announced a consultation on allowing (someone with a very long memory has pointed out to me that this is actually re-allowing) the registration of domains directly under the .uk top level domain, as well as in the familiar second-level domains such as,,, etc. Illustrating the sort of domain that could become possible, the proposed service is called
4 October 2012 at 4:58pm
Earlier in the year I wrote about the German ISP Association's scheme to remove the economic disincentive for ISPs to inform their customers of botnet infections on their PCs by providing a centrally-funded helpdesk. In Latvia a different approach has been taken: providing a "responsible ISP" mark that consumer networks can use on their websites and other promotional materials. To be entitled to use the mark an ISP must satisfy three conditions:
6 June 2012 at 11:15am
The House of Commons Science and Technology Committee has published a report on Malware, which recommends increased awareness among Internet users as the best way to deal with the problem. There’s a welcome recognition that “it is clear that there is no easy technological answer to cyber crime...
6 June 2012 at 11:11am
I had an interesting discussion last week with Thorsten Kraft of the German ISP association, eco, on how German network providers cooperate to help reduce the number of their users' PCs that are infected with malware. The UK Government has recently added this as an aim in our national Cyber Security Strategy so the German example may be particularly relevant.
29 April 2013 at 1:04pm
Questions about my last posting on Nominet's DNS domain suspension discussions, have got me thinking a bit more about my idea of "domains registered for a criminal purpose". My suggestion is that these should be the only domains that a top-level registry can remove on its own, rather than asking for the decision to be taken by an independent authority.
Subscribe to Botnets