[ISN] U.K. Asks Network Managers To Safeguard Nation

From: mea culpa (jerichoat_private)
Date: Mon Mar 01 1999 - 01:36:04 PST

  • Next message: mea culpa: "[ISN] SANS Web Briefing: Tuesday - What Hackers Know About your Site 3"

    Forwarded From: Simon Taplin <stickerat_private>
    
    U.K. Asks Network Managers To Safeguard  Nation
    (02/24/99, 9:30 a.m. ET)
    By Madeleine Acey, TechWeb
    
    The British government has asked businesses and civil servants to help
    protect the country from a cyberattack. 
    
    In a London conference Tuesday, closed to the media, the leader of the
    House of Commons, Margaret Beckett, warned those responsible for running
    vital telecommunications, electricity, and health care networks for the
    country that they must make those systems more secure because of the
    increasing interconnectivity of networks and more cracker opportunities. 
    
    The electronic security division of the secretive government
    communications agency GCHQ -- the British equivalent of the United States'
    National Security Agency -- organized the conference. A senior official
    from the agency, who asked not ot be named, told journalists in a briefing
    it was working with utilities and other companies to carry out "health
    checks" on their networks and test for vulnerabilities. 
    
    But it would not force companies to comply with security standards. 
    
    "We hope very much we can do it by cooperation and careful private
    conversations," he said. 
    
    Several years ago, the government established an official information
    security standard for businesses and government bodies to aspire to, but
    this had achieved only 25 percent awareness among its target audience,
    said officials who also asked not to be named. 
    
    The level of risk from concerted malicious attack on critical
    infrastructure networks was low, they said, adding there had been none so
    far. With the Internet and global interconnectivity growing, the officials
    added, "The trend can only go upwards." With action now, the impact of any
    attack could be minimized, they said. 
    
    Beckett said in a speech relayed to the media via television she didn't
    want to exaggerate the danger of attack, but the threat had been
    demonstrated in an attack on U.S. telecom networks. 
    
    "One major lesson is of the need for a properly coordinated approach to a
    shared problem," she said. "So with our approach to infrastructure
    protection, we shall seek to harness the skills and resources of a whole
    range of government agencies and the private sector," she said. 
    
    "Network attacks respect no boundaries -- organizational or national. Our
    response must be equally flexible," Beckett said.
    
    But the government didn't seem to be embracing this policy, said Simon
    Davies, director of electronic security pressure group Privacy
    International. 
    
    "The government approaches key players in charge of key systems and just
    tells the rest of the world what to do," he said. "You have to bring
    everybody in on this." 
    
    It's not good enough to have a top-down approach, Davies said. "You can't
    just leave all the sub-systems out in the cold," he said. 
    
    He said many essential systems for government agencies were outsourced to
    foreign computer contractors, such as the tax department's systems run by
    EDS. 
    
    "This is all governed by closed contracts and lawyers who slow things down
    enormously. They simply won't be able to amend their contracts in time,"
    he said.
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:07 PDT