Forwarded From: Simon Taplin <stickerat_private> U.K. Asks Network Managers To Safeguard Nation (02/24/99, 9:30 a.m. ET) By Madeleine Acey, TechWeb The British government has asked businesses and civil servants to help protect the country from a cyberattack. In a London conference Tuesday, closed to the media, the leader of the House of Commons, Margaret Beckett, warned those responsible for running vital telecommunications, electricity, and health care networks for the country that they must make those systems more secure because of the increasing interconnectivity of networks and more cracker opportunities. The electronic security division of the secretive government communications agency GCHQ -- the British equivalent of the United States' National Security Agency -- organized the conference. A senior official from the agency, who asked not ot be named, told journalists in a briefing it was working with utilities and other companies to carry out "health checks" on their networks and test for vulnerabilities. But it would not force companies to comply with security standards. "We hope very much we can do it by cooperation and careful private conversations," he said. Several years ago, the government established an official information security standard for businesses and government bodies to aspire to, but this had achieved only 25 percent awareness among its target audience, said officials who also asked not to be named. The level of risk from concerted malicious attack on critical infrastructure networks was low, they said, adding there had been none so far. With the Internet and global interconnectivity growing, the officials added, "The trend can only go upwards." With action now, the impact of any attack could be minimized, they said. Beckett said in a speech relayed to the media via television she didn't want to exaggerate the danger of attack, but the threat had been demonstrated in an attack on U.S. telecom networks. "One major lesson is of the need for a properly coordinated approach to a shared problem," she said. "So with our approach to infrastructure protection, we shall seek to harness the skills and resources of a whole range of government agencies and the private sector," she said. "Network attacks respect no boundaries -- organizational or national. Our response must be equally flexible," Beckett said. But the government didn't seem to be embracing this policy, said Simon Davies, director of electronic security pressure group Privacy International. "The government approaches key players in charge of key systems and just tells the rest of the world what to do," he said. "You have to bring everybody in on this." It's not good enough to have a top-down approach, Davies said. "You can't just leave all the sub-systems out in the cold," he said. He said many essential systems for government agencies were outsourced to foreign computer contractors, such as the tax department's systems run by EDS. "This is all governed by closed contracts and lawyers who slow things down enormously. They simply won't be able to amend their contracts in time," he said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:07 PDT