Security & Secrecy

by Michael Smith (Veshengro)

Two of information security's best known experts, John Colley and Howard Schmidt, said during the RSA Europe Conference in London that cloud computing could provide government with the chance to make significant improvements to protecting data.

However, Colley added that it would help if the government's information security specialist, CESG - the information assurance arm of GCHQ - got involved with the work.
It is only a few years since GCHQ's offices in Cheltenham were actually added to Ordnance Survey's maps. Prior to that they acted as if they did not exist. Much in the same way as the government kept denying for so long that MI5 and especially MI6 even existed.

But government infosecurity is now a vital part of the work of the GCHQ, with CESG certifying products and services as fit for state sector use. It now even has online maps to help you find its offices.
However, CESG remains linked to the secretive world of surveillance. Among infosecurity experts, the UK government has a decent reputation for protecting its most sensitive information, its secrets.

The problem is, thought, that the British government has a terrible reputation for protecting its citizens' data, along with its surveillance state approach to harvesting it.

Having said that, however, Germany is beginning to lead the field in Europe in the data mining from its citizens and we can but hope that that is not a sign of things to come.

It would appear though as if Germany, on the other hand, seems to be better in protecting people's data and does not seem to be losing all that many CDs and USB sticks with sensitive unencrypted data on it as do British government agencies.

I mean, come on, for the lack of a £30 AES 256 hardware encrypted – and some of them are still cheaper nowadays – an entire intelligence network got compromised because some idiot left an flash drive on a railway station in Colombia.

When a secret agent and its agency are that stupid then what hope is there and while the country is over secret and also thinks it has to have all that information on its citizens those protected with safeguarding that information – not that they should data mine such information from the pubic in the first place – could not be trusted with monopoly money.
Government information security has to continue to improve if public trust in state sector data handling is ever to recover. Maybe it time for CESG to leave Cheltenham and GCHQ, and seek a higher profile for its important work.

GCHQ has never been very good in securing its secrets either and I well remember the fiasco some years back when they sold surplus PCs – we are talking before the Internet – with the hard drives – then in the region of 40MB – yes there was a time when we thought that was more than we would ever need – not wiped and very sensitive data on them. Not much has changed, eh?

© 2009