The Government's laughable security strategy
Posted on 29 Mar 2010 at 16:49
Davey Winder despairs of the Government's repeated security blunders - and offers a few obvious tips
Those of us who spend a lot of time in the world of IT security know that there’s no such thing as 100% security.
Sure, it’s a worthy state to aim for, but the reality is that there are no guarantees in this game – and too many possible variants to make any such claim. You can only do your very best to close all doors and lock them behind you, figuratively speaking, to keep your data as secure as possible.
This being so, it should come as no surprise to hear about things going wrong from time to time. What’s surprising (and also totally unacceptable) is the frequency with which stories hit the newswires about things going wrong in the world of public-sector security.
It seems as though lessons are never learned, as though the last security slip-up never happened or didn’t matter, and nowhere is this strategic blindness more apparent than in the Government’s IT security.
It seems as though lessons are never learned, as though the last security slip-up never happened or didn’t matter
It was recently revealed that a USB memory stick found in a Belfast car park close to the docks contained a whole load of confidential data relating to Royal Navy personnel.
How much is a whole load? Well, in this case it would appear to be 40 pages, plus lots more “restricted” data about naval manoeuvres. Have you spotted how security has been totally ignored here? The fact that such restricted data wasn’t encrypted – and it can’t have been, because whoever found it was able to see what the information actually was – is the least of the problems here.
I realise that a fair few of you will have already fallen out of your chairs and be rolling around the floor laughing; after all, how could a “security expert” such as myself not realise that if the data had been encrypted there would have been no story?
What’s more, aren’t you that same Davey Winder who’s been banging on about the importance of mobile data encryption for years and years? Well yes, I am, but I’m sorry to report that there would indeed still be a story – namely, that the data should never have been “lost” in the first place.
The fact that it was lost reveals a monumental misunderstanding about data security among government employees, as well as a seriously flawed data-protection strategy. I’m not just talking about how such an obviously confidential data device came to be misplaced at all, but rather about what procedures must have been breached for it to happen.
Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site
From around the web
Governments
of all political shades seem to exist to offer "care in the community" for the congenitally incompetent who wouldn't be able to find employment anywhere else.
By Lacrobat on 30 Mar 2010 
Couple of things
First off there is an assumption here that this data wasn't in fact leaked and made into an out-cry for a reason.
Secondly the soluton proposed in the article is little more secure than the use of the USB stick.
Most of the information lost can be had from the phone book, library and DVLA.
By Gindylow on 1 Apr 2010
Huh?
What's the point of leaking data that can be found in "the phone book, library and DVLA"?
By mnj_lim on 5 Apr 2010
many govt depts ARE security conscious
I know of several less high profile govt departments that encrypt all drives, force insert of passcards to login and lock down pcs to all but authorised accessories like specific encrypted usb drives. These restrictions should apply to all employees but I suspect that those at senior levels and their advisors are the ones who are losing data - they actually think it doesn't apply to them , that they know what they are doing...Darling were's that pen drive, I know I had it earlier...
By Rahere on 29 Apr 2010
advertisement
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- VeriSign slammed for security breach cover-up
- SAP willing to share HANA with Oracle
- Why using a tablet could harm your health
- New RIM boss: no need for drastic change
- RIM founders fall on their swords
- Slow economy helps boost Red Hat revenue by 23%
- Google+ pages get multiple admins
- One in five companies lack card industry compliance
- Oil industry warns hacking attacks could kill
- British workers fear email monitoring
advertisement
Printed from www.pcpro.co.uk