Re: [ga] Many MoD IT Systems Do Not Meet Security Guidelines

[Matthew Pemble <matthew@xxxxxxxxxx>]

Or, to look at it another way ...

"We significantly changed the Information Assurance rules 6 months ago, in
response to the Data Handling Review, to increase the security for data
that, while of limited military significance under our classification rules,
contained personal information.  These changes were issued a third of the
way into the budget year, without additional spending authority from the
Treasury, and while we are operationally deployed in two war zones, as well
as maintaining our other military commitments worldwide.

Not surprisingly, our auditors have found that not all of our current
systems yet meet these new standards, although we have put in place other
mitigating measures that we are not going to talk about in detail because
they are classified.  We are on track to meet the required changes in
accordance with the timescales issued by the Cabinet Office and the
procurement rules have been changed to ensure that new systems are
compliant."

And I might remind any US govt employees thinking of taking the advice based
on Jeffrey's usual uncritical parochialism of "agent.btz".

BTW, just what does this have to do with ICANN, roots, TLDs, DNS etc?  They
are talking about end-user system security (mostly, it has to be said, about
encrypted hard drives & removeable media).

Matthew

2009/1/16 Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx>

>
> All,
>
>  As I reported more than a year and a half ago, co.uk zone
> was inherently insecure.  It also seems that the UK's government
> web sites and respective Domains are also perhaps even worse.
>
>  I hope in the new Obama administration that his new nominated
> secretary of state will be able to be effectively persuasive or
> insistent to convince the UK government to get it cleaned up
> ASAP, and that DHS and DOC will take precautionary steps
> to mitigate the potential transferable damage such irresponsible
> IT security from our most trusted ally and work with the UK
> government IT security officials and commercial industry in the
> UK to rapidely improve to a significant degree such huge security
> holes.
>
> See:
> (January 14 & 15, 2009)
> Nearly three-quarters of IT systems tested thus far at the UK Ministry
> of Defence (MoD) and associated agencies do not meet established
> security guidelines, according to a data handling review.  The security
> guidelines were established last summer following a number of publicized
>
> and embarrassing data security blunders at government departments.  The
> MoD has tested just 58 percent of its systems against the standards.  In
>
> a separate but related story, the MoD has confirmed that malware
> infections have shut down "a small number" of IT systems, including
> networks on Royal Navy warships.
> http://news.zdnet.co.uk/security/0,1000000189,39591619,00.htm
> http://www.vnunet.com/computing/news/2234069/quarter-mod-systems-tested-far
>
> http://www.theregister.co.uk/2009/01/15/royal_navy_email_virus_outage/
>
> Regards,
>
> Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
> "Obedience of the law is the greatest freedom" -
>   Abraham Lincoln
> "YES WE CAN!"  Barack ( Berry ) Obama
>
> "Credit should go with the performance of duty and not with what is
> very often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
> div. of Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx
> My Phone: 214-244-4827
>
>
>
>


-- 

Matthew Pemble
Technical Director, Idrach Ltd
Office:  +44 (0) 1324 820690
Mobile: +44 (0) 7595 652175