Forwarded From: Simon Taplin <sticker@icon.co.za>
U.K. Asks Network Managers To Safeguard Nation
(02/24/99, 9:30 a.m. ET)
By Madeleine Acey, TechWeb
The British government has asked businesses and civil servants to help
protect the country from a cyberattack.
In a London conference Tuesday, closed to the media, the leader of the
House of Commons, Margaret Beckett, warned those responsible for running
vital telecommunications, electricity, and health care networks for the
country that they must make those systems more secure because of the
increasing interconnectivity of networks and more cracker opportunities.
The electronic security division of the secretive government
communications agency GCHQ -- the British equivalent of the United States'
National Security Agency -- organized the conference. A senior official
from the agency, who asked not ot be named, told journalists in a briefing
it was working with utilities and other companies to carry out "health
checks" on their networks and test for vulnerabilities.
But it would not force companies to comply with security standards.
"We hope very much we can do it by cooperation and careful private
conversations," he said.
Several years ago, the government established an official information
security standard for businesses and government bodies to aspire to, but
this had achieved only 25 percent awareness among its target audience,
said officials who also asked not to be named.
The level of risk from concerted malicious attack on critical
infrastructure networks was low, they said, adding there had been none so
far. With the Internet and global interconnectivity growing, the officials
added, "The trend can only go upwards." With action now, the impact of any
attack could be minimized, they said.
Beckett said in a speech relayed to the media via television she didn't
want to exaggerate the danger of attack, but the threat had been
demonstrated in an attack on U.S. telecom networks.
"One major lesson is of the need for a properly coordinated approach to a
shared problem," she said. "So with our approach to infrastructure
protection, we shall seek to harness the skills and resources of a whole
range of government agencies and the private sector," she said.
"Network attacks respect no boundaries -- organizational or national. Our
response must be equally flexible," Beckett said.
But the government didn't seem to be embracing this policy, said Simon
Davies, director of electronic security pressure group Privacy
International.
"The government approaches key players in charge of key systems and just
tells the rest of the world what to do," he said. "You have to bring
everybody in on this."
It's not good enough to have a top-down approach, Davies said. "You can't
just leave all the sub-systems out in the cold," he said.
He said many essential systems for government agencies were outsourced to
foreign computer contractors, such as the tax department's systems run by
EDS.
"This is all governed by closed contracts and lawyers who slow things down
enormously. They simply won't be able to amend their contracts in time,"
he said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:29:11 1999