Re: [ga] Many MoD IT Systems Do Not Meet Security Guidelines

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Matthew and all,

  Thanks for your detailed explanation.  I can't say that I am excepting

of it as is, but it is at least appreciated accordingly.  Nice bit of
Spin
here!  Well done!  >:)

  What this has to do with DN's TLDs, DNS, but nothing to do with
ICANN is that MoD's "IT" systems are insecure as the article clearly
states AND that co.uk zone is significantly exposed as well.  Ergo
pointing back to the articles rightly stated concern and it's potential
impact on any user or other zones/TLD name spaces accordingly.
One has to understand how DNS works before one can respectively
understand fully the relevant potential global user and other
registrant's
DN impact.  It appears you lack that understand in sufficient depth.

  However this again in less detail that would be technically complete,
it is good that the UK Govt. is taking yet another look and addressing
this glaring security problem more seriously and that routing around the

damage by other zones and registrants Domain Names can mitigate
potential damage from these security exposures for the time being.
Yet clearly and understandably many will not get the word and take
any action, or know what effective action for their own safety and
security, they need to take for some time.  As such, why it is always
best and prudent to do your basic IT security properly the FIRST
time, and adjust in a proactive manner rather than a reactive. >:)

Matthew Pemble wrote:

> Or, to look at it another way ...
>
> "We significantly changed the Information Assurance rules 6 months
> ago, in response to the Data Handling Review, to increase the security
> for data that, while of limited military significance under our
> classification rules, contained personal information..  These changes
> were issued a third of the way into the budget year, without
> additional spending authority from the Treasury, and while we are
> operationally deployed in two war zones, as well as maintaining our
> other military commitments worldwide.
>
> Not surprisingly, our auditors have found that not all of our current
> systems yet meet these new standards, although we have put in place
> other mitigating measures that we are not going to talk about in
> detail because they are classified.  We are on track to meet the
> required changes in accordance with the timescales issued by the
> Cabinet Office and the procurement rules have been changed to ensure
> that new systems are compliant."
>
> And I might remind any US govt employees thinking of taking the advice
> based on Jeffrey's usual uncritical parochialism of "agent.btz".
>
> BTW, just what does this have to do with ICANN, roots, TLDs, DNS etc?
> They are talking about end-user system security (mostly, it has to be
> said, about encrypted hard drives & removeable media).
>
> Matthew
>
> 2009/1/16 Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx>
>
>
>      All,
>
>       As I reported more than a year and a half ago, co.uk zone
>      was inherently insecure.  It also seems that the UK's
>      government
>      web sites and respective Domains are also perhaps even
>      worse.
>
>       I hope in the new Obama administration that his new
>      nominated
>      secretary of state will be able to be effectively persuasive
>      or
>      insistent to convince the UK government to get it cleaned up
>
>      ASAP, and that DHS and DOC will take precautionary steps
>      to mitigate the potential transferable damage such
>      irresponsible
>      IT security from our most trusted ally and work with the UK
>      government IT security officials and commercial industry in
>      the
>      UK to rapidely improve to a significant degree such huge
>      security
>      holes.
>
>      See:
>      (January 14 & 15, 2009)
>      Nearly three-quarters of IT systems tested thus far at the
>      UK Ministry
>      of Defence (MoD) and associated agencies do not meet
>      established
>      security guidelines, according to a data handling review.
>      The security
>      guidelines were established last summer following a number
>      of publicized
>
>      and embarrassing data security blunders at government
>      departments.  The
>      MoD has tested just 58 percent of its systems against the
>      standards.  In
>
>      a separate but related story, the MoD has confirmed that
>      malware
>      infections have shut down "a small number" of IT systems,
>      including
>      networks on Royal Navy warships.
>      http://news.zdnet.co.uk/security
>      0,1000000189,39591619,00.htm
>
>      
> ttp://www.vnunet.com/computing/news/2234069/quarter-mod-systems-tested-far
>
>      http://www.theregister.co.uk/2009/01/15/royal_navy_email_virus_outage/
>
>      Regards,
>
>      Spokesman for INEGroup LLA. - (Over 284k
>      members/stakeholders strong!)
>      "Obedience of the law is the greatest freedom" -
>        Abraham Lincoln
>      "YES WE CAN!"  Barack ( Berry ) Obama
>
>      "Credit should go with the performance of duty and not with
>      what is
>      very often the accident of glory" - Theodore Roosevelt
>
>      "If the probability be called P; the injury, L; and the
>      burden, B;
>      liability depends upon whether B is less than L multiplied
>      by
>      P: i.e., whether B is less than PL."
>      United States v. Carroll Towing  (159 F.2d 169 [2d Cir.
>      1947]
>      =====
>      =========================================================
>      Updated 1/26/04
>      CSO/DIR. Internet Network Eng. SR. Eng. Network data
>      security IDNS.
>      div. of Information Network Eng.  INEG. INC.
>      ABA member in good standing member ID 01257402 E-Mail
>      jwkckid1@xxxxxxxxxxxxx
>      My Phone: 214-244-4827
>
>
>
>
>
>
>
> --
>
> Matthew Pemble
> Technical Director, Idrach Ltd
> Office:  +44 (0) 1324 820690
> Mobile: +44 (0) 7595 652175

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln
"YES WE CAN!"  Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827