Posts Tagged ‘uk news’

In a clear oversight of security protocols, Britain’s most senior counterterrorism officer, Bob Quick, took Top Secret documents out of the office. The documents, in clear view in his arms, were then photographed by the press as he carried the documents up Downing Street. Bob Quick has resigned as a result of the incident.

The documents outline a Metropolitan Police Service and MI5 counterterrorist operation against al-Qaeda suspects. The document revealed details for a planned arrest of terrorist suspects following a long covert surveillance operation. Steps were made to censor the photographs (only successful in Britain) and Mr. Quick’s location fearing that information would tip off the suspects. The operation was able to continue, with arrests made sooner than was planned, but it is still a major security blunder.

Bob Quick says he “deeply regretted” revealing the documents to photographers, and some people seem willing to forgive him for simply holding the paper the wrong way. However, the secret documents should not have been carried outside of secure areas in printed format – at the very least, they could have been transported in an encrypted drive. This is not the first incident where a government official has accidentally shown secret notes to the journalists who often wait outside of Downing Street.

Bob Quick resigned soon after the incidence, following a meeting with the home secretary and the Metropolitan Police commissioner.

“I have today offered my resignation in the knowledge that my action could have compromised a major counterterrorism operation.

I deeply regret the disruption caused to colleagues undertaking the operation, and remain grateful for the way in which they adapted quickly and professionally to a revised timescale.”

It is a pity that the breach was made, but the repercussions are already wide-ranging. Not only has the public outcry damaged the trust in government security, but the MPS has lost its most senior, and experienced, counterterrorism specialist. This should underscore the importance of having a clear security policy and ongoing employee training – at all levels – to ensure compliance to basic security measures.

Via Schneier

The Liberal Democrats in the UK have publicized the results of their research into computer security across Whitehall. According to their results, 3,000 computers have been lost or stolen across Whitehall in the past 7 years. That’s a staggering average of at least one computer lost per day. The data includes an additional 238 laptops and 40 desktops missing or stolen, a very minor improvement in Government laptop security despite continued public breaches and promises of security upgrades, and even laptop bans.

The figures, which were released in Parliamentary answers, include:

• Since 2002, 1,774 laptop computers and 1,035 desktop computers have been lost or stolen across Government, at a rate of nearly five a week and three a week respectively
• In 2008 (as of December 29), 238 laptops and 40 desktops went missing
• Since 2002, 676 mobile phones, 202 hard drives and 195 memory sticks have also been lost or stolen
• The worst offenders are the Ministry of Defence (which handles very sensitive information), which has had 866 laptops stolen and has lost 178, as well as 157 desktops stolen and seven lost

Liberal Democrat Home Affairs Spokesman, Paul Holmes said:

“Everyone understands that things go astray but it is truly staggering that over the last seven years a laptop has been lost every working day across government.

It demonstrates a culture of carelessness across Whitehall that ministers have done nothing to curtail.”

It is clear that fundamental changes need to happen in the Government in terms of the way data is handled. This includes a ‘culture of change‘, changing attitudes and knowledge of security practices, as well as upgrading technology that protects data devices (like Absolute’s Computrace can).

Also in troubling Government security news, the IRS in the US has failed to patch more than half of the cybersecurity problems identified in November. Only 49 of the 115 issues found by the Government Accountability Office have been addressed. Read more here…

Via Daily Mail, ITV ; image: mconnors @morguefile

The Information Commissioner’s Office (ICO) in the UK, with Information Commissioner Richard Thomas, have made a public statement calling on CEOs to take responsibility for data protection safeguards.

The Information Commissioner, Richard Thomas, announced that the number of data breaches reported since November 2007 has reached 277. November 2007 marks when HMRC lost 25 million child benefit records (story here). Of those 277 breaches, 28 are attributed to the central government. The ICO is investigating 30 of the most serious breaches of this past year.

In a speech delivered to the RSA Conference, Commissioner Robert Thomas talked about the state of data security, or “data insecurity“, he adds. The HMRC data breach of 25 million child benefit records merely brought the existing data security issues to public and political attention, Thomas notes.

“The number of breaches brought to our attention is serious and worrying. I recognise that some breaches are being discovered because of improved checks and audits as a welcome result of taking data security more seriously. More laptops have now been encrypted and thousands of staff have been trained. But the number of breaches notified to us must still be well short of the total.”

Arguing that information can be a “toxic liability” as well as an asset, Robert Thomas challenges CEOs to ensure that they are minimizing the amount of data they hold and that appropriate data security measures are being taken. He says this responsibility lies with the CEO, not with the IT department or other staff.

“It’s no good saying the IT boys are looking after this, it’s no good saying the lawyers are sorting out the policies, it’s no good saying human resources are doing the training – it’s right across the organisation.”

Richard Thomas notes that personal information is the lifeblood of both government and business, but that more responsibility needs to be taken to assure that data remains safe. The first step in that is to understand the risks being faced associated with the vast centralized stores of data and its portability across networks and devices.

The ICO continues to offer advice on data security, from the encryption of laptops to improved data access policies. As noted several times by the ICO in their report, the actual figures for data breaches probably are much higher than 277. Currently there is no legal obligation to report data losses in the UK, and many data breaches may go undetected.

Out of the 277 reported breaches, 67 were due to the loss or theft of a computer or laptop. The National Health Service (NHS), the worst breach offender so far for 2008 with 75 breaches, has had 27 of those breaches the result of lost or stolen computers. Learn how Computrace can help provide multi-layered security solutions for your computers here.

Further Reading:

• ICO Press Release – Privacy watchdog calls on CEOs to take responsibility for data protection safeguards [PDF]
• Transcript – Speech to RSA Conference Europe on data breaches
  Richard Thomas, Information Commissioner [PDF]
• ICO Chart – Data security breaches since November 2007, by breach type and sector

Via BBC