This wouldn’t normally be the place to discuss the ongoing decline of the fortunes of the British Government, but there have been several IT-security-related stories coming out of the Mother of Parliaments worth a closer look.
Back on March 10th, The Register reported that MP (Member of Parliament) Alun Michael had reported to the police that he had removed malware from his PC, and complained that he’d received no feedback, not even an acknowledgement. That in itself doesn’t seem so remarkable to me: as I’ve pointed out earlier, law enforcement is rarely concerned with IT security-related incidents unless they involve heavy financial loss. He did have a point, though: when such an incident involves a system within the confines of Parliament itself, you might think it worth someone asking one or two questions just to establish that there was no conceivable threat to national security.
It turns out, though, that there’s more to worry about in the Palace of Westminster than the Alun Michael story suggests: Conficker (yes, it’s that one again) has been stalking the corridors of power. Both El Reg and SC Magazine have reported on the issue, following the Dizzy Thinks blog that leaked an internal memo offering advice and instructions to users connected to the parliamentary network. Pretty scary: the memo implies that there are no restrictions on connecting unauthorized devices, And questions asked by Channel 4 News seem to have inspired far too many "I don’t know" responses.
However, a story on the BBC web site (and I don’t even have to mention the Computer Misuse Act) indicates that there are at least some restrictions in place, since there are filters in place to block access to web sites with "offensive or illegal content or [that] are sources of malicious software." So that’s OK then.
Amusingly (well, it amuses me…) the filtering policy came to light when one MP was unable to access fellow MP Lembit Opik’s column on the Daily Sport web site. For our US readers, I should no doubt explain that the Daily Sport is a UK newspaper with a reputation for somewhat sensationalist and racy content: what the Liberal Democrats think about one of their number writing in "the world’s most outrageous newspaper" isn’t mentioned. My favourite quote from the story, however, is an extract from a notice issued to Commons staff and MPs warning them against "knowingly accessing or transmitting emails, text, images or internet material which might reasonably be considered offensive, unless on official business."
So there it is: it’s official. It really is a politician’s job to be offensive.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence.
Author David Harley, We Live Security