In an open letter to British Prime Minister Boris Johnson, security experts urge him to modernize the Computer Misuse Act.

The Computer Misuse Act (CMA) of 1990 makes it a crime to access, alter, or destroy data on a computer without permission. However, experts argue that the law is "unfit for purpose" and needs significant reform to take into account modern cybersecurity threats and practices.

A letter released by the Cyber Up Campaign, a coalition of businesses, organizations, academics, lawyers, and think tanks, calls on the government to update the law, which is 30 years old since it became law. [In 1990, when the CMA became law, only 0.5% of the UK population was using the Internet, and the concepts of cybersecurity and threat intelligence research did not yet exist.

"Thirty years later, the CMA has become the central institution for managing cybercrime in the UK, even though it was originally created to protect the telephone exchange. This means that the CMA inadvertently criminalizes most modern cyber defense techniques.

Experts warn that current laws "prevent thousands of UK threat intelligence researchers from conducting research to detect malicious cyber activity and prevent damage and disruption to organizations and citizens."

They point out that Section 1 of the law "prohibits unauthorized access to programs and data held on any computer and has not kept pace with technological advances," making it difficult for cybersecurity professionals to do their work and thus putting the national security of the UK putting the UK's national security at risk, according to the report.

"With the advent of modern threat intelligence research, defensive cyber activities often involve scanning and interrogating compromised victims and criminals' systems to mitigate the effects of attacks and prevent future incidents. In such cases, it is clearly unlikely that the offender would explicitly grant such access," they say.

"With less threat intelligence research being conducted, critical national infrastructure in the UK is left at increased risk of cyber-attacks from criminals and state actors.

As cyber attacks continue to increase and become more complex, the signatories of the open letter believe that the UK government needs to create a new cyber regime.

They said: "Other countries, such as the United States and France, have much more permissive regimes in place that provide legal certainty to bona fide cybersecurity researchers while retaining the ability to prosecute those who seek to exploit their systems.

"Moreover, this gives the competing cybersecurity field an edge, and without reform, the UK could lose an additional 4,000 high-skilled jobs by 2023.

The letter concludes: "The government is committed to investing in the UK's digital and technology credibility, and as we move past the pandemic, we are calling on the government to introduce a new cybercrime regime as part of this commitment. This will give cyber defenders the tools they need to keep the UK safe."