The Cabinet Office want to deliver all public services over the web. Public services should be "digital by default", as they say.
The web is a dangerous place to be if you want to maintain secrecy/privacy and if there's any money around. The web is perfectly adapted to breach confidences and to steal money. Let today's Sunday Times make the point. In Chinese steal jet secrets from BAE they tell us that:
There's a wide selection of cock-ups to choose from here:
CHINESE spies hacked into computers belonging to BAE Systems, Britain’s biggest defence company, to steal details about the design, performance and electronic systems of the West’s latest fighter jet, senior security figures have disclosed.
The Chinese have exploited vulnerabilities in BAE’s computer defences to steal vast amounts of data on the £200 billion F-35 Joint Strike Fighter (JSF), a multinational project to create a plane that will give the West air supremacy for years to come ...
Professor Anthony Glees, director of the Centre for Security and Intelligence Studies ... said: “It seems the Chinese were getting plans which allow them to undermine the defence capacity of the country. It’s deeply unsettling that GCHQ [the government eavesdropping centre in Cheltenham] didn’t spot this for so long because they are the people who are meant to be leading the fight against cyber crime.”
- With £200 billion at stake, the Sunday Times reported on 12 January 2012 that Royal Navy’s new jet cannot land on aircraft carriers. Never mind, you may say, it's only £200 billion and we haven't got an aircraft carrier anyway.
- And three years ago, the Sunday Times reported that BT had bought equipment from China's Huawei telecommunications equipment company despite warnings that it could be used to "shut down Britain by crippling its telecoms and utilities" and that "government departments, the intelligence services and the military will all use the new BT network". Patricia Hewitt, trade and industry secretary at the time the contract was being negotiated, declined to intervene because it was "a competitive tender between two commercial companies". How very upright of Ms Hewitt not to let security interfere with competition.
Rt Hon Francis Maude MP is the Cabinet Office Minister and according to his entry on the Cabinet Office website:
With his cyber security hat on, Mr Maude disposes of a budget of £650 million. Much-needed, judging by the success of GCHQ and BAE's attempts to fend off the Chinese.
He leads on:
• Public Sector Efficiency and Reform
• UK Statistics
• Civil Service issues
• Government transparency
• Civil Contingencies
• Cyber security
• Overall responsibility for Cabinet Office policy and the Department
With his public sector efficiency and reform hat on, Mr Maude wants to put Whitehall on the web. That's what "digital by default " means and that requires him to ignore his cyber security hat.
But it's worse than that. Digital by default requires something called identity assurance, a service which doesn't exist yet but is supposed one day to allow us all to prove who we are, over the web, while we're busy communicating with the government. The development of this service was unfunded until 31 October 2011 when Mr Maude announced that he'd found £10 million of public money to give it.
And where did he get this cyber security-busting £10 million from?
You can have 650 million guesses.
- Looking for more cyber security stories? DMossEsq occasionally remembers to maintain a list here. No need for sleepless nights. The Cabinet Office have got cyber security well and truly gripped.
- Professor Anthony Glees has provided some macabre entertainment in the past. You may remember the unfortunate case of Gareth Williams, the GCHQ employee who was found dead in his bath, zipped up and padlocked into a holdall. Experts by definition are the custodians of arcane knowledge but Professor Glees takes the biscuit. "In my own opinion, a murder of this kind bears all the hallmarks of a professional killing and not a rage attack", he said, "it looks increasingly to me that a hostile intelligence service was responsible. To me this looks like a Russian job – they have killed in London before – but it could also be an Iranian one". And to think that you and I might have identified it as typically Moldovan. Or Yemeni. Reuters were a bit less excitable about the story: "... the fact that the inquiry [into Mr Williams's death] is being carried out by the homicide unit indicates that police do not believe the death to be related to terrorism or espionage matters".
- Over on the Sunday Times website, a commenter called "mikec" tells us that "BAE Systems need to take a serious look at the firm that runs their computer systems – CSC". Them again. CSC (Computer Sciences Corporation) are the company who face a class action brought against them by their own shareholders. CSC were docked $250 million by the US Armed Services Board. CSC also provide services to the UK Border Agency, the Identity & Passport Service and the NHS. And the US Navy. And the US Missile Defense Agency. Among others. Cold comfort, but BAE are not alone.
- MI6 codebreaker Gareth Williams 'probably locked himself into sports bag'
- Police still have open mind over MI6 codebreaker found in locked bag