Skip to main content
The Mandate of Heaven

eGov Monitor Version

“Parliament”, said my distinguished friend “has always leaked like a sieve”.

I’m researching the thorny issue of ‘Confidence in Public Sector Computing’ and we were discussing the dangers presented by the Internet. In his opinion, information security is an oxymoron, which has no place being discussed in a Parliament built upon the uninterrupted flow of information of every kind, from the politically sensitive to the most salacious and mundane.

With the threat of war hanging over us, I asked if MPs should be more aware of the risks that surround this new communications medium? More importantly, shouldn’t the same policies and precautions that any business might use to protect itself and its staff, be available to MPs?

What concerns me is that my well-respected friend mostly considers security in terms of guns, gates and guards. He now uses the Internet almost as much as he uses the telephone and the Fax machine and yet the growing collective threat posed by hacking, information theft, computer viruses or even the spectre of Internet terrorism, were on the margins of his interest.

But as 2002 draws to its close, I would argue that it would be wise for MPs to give the Internet a little extra thought. The problem of unsolicited email, Spam, may be the most immediate and highest profile nuisance but there exists a much wider threat which demands precautionary action on the part of anyone who might be connected to the World Wide Web.

October 25th set a new record for attacks on computers on a global basis. Len Hynds, the Director of the National Hi-Tech Crime Unit, informs me that a majority of UK companies have now been attacked or aggressively scanned for weakness from the Internet while one in five organisations have experienced a security breach according to research from PWC.

Internet attacks are increasingly politically motivated, according to research from Mi2G and eGov monitor reports that government departments have experienced more than 9,000 digital attacks on their IT systems so far this year. The security threat to government was revealed through responses by Ministers to a series of parliamentary questions tabled by Labour backbencher Brian White MP.

According to one report, 9th November saw the compromise of 13 computer servers on a New South Wales state government network in a synchronised assault on a single day

Over half of the attacks on UK government systems this year, were directed towards the Cabinet Office and its agencies, which during 2002 reported some 5,857 attacks, with 1,167 of these occurring in October alone (eGov monitor).

Last month, at the eSummit in London the Prime Minister applauded our continued success, as a growing Knowledge Economy and the conference heard that Broadband Internet access among the population had now grown to 1.2 million subscribers. However, where Broadband offers high-speed Internet access, it also hides a serious problem that most of the population are unaware of. Broadband is the equivalent of an open door into a personal computer, if there is no ‘Firewall’ behind the connection.

I sketched-out this well-know problem in a meeting at the Office of the e-Envoy earlier this year. On average, my own Personal Computer is scanned or attacked at least twice a day, according to the firewall log, which also keeps the many windows and doors into it locked tight shut. The last of these attacks was last night, when a security alert was displayed as the Firewall executed a “Default Block Backdoor/SubSeven Trojan horse”.

Most of us are aware of the computer virus threat, which causes nuisance and data loss on a global scale but few people are informed enough to realise that many of the latest viruses also carry ‘Trojans’, like the ‘SubSeven’ Trojan Horse, which when triggered allow a third-party to effectively control another computer from anywhere on earth.

Broadband makes this far worse because a clever hacker, like ‘Solo’ who wreaked havoc in the US Department of Defence, before being caught by the Hi-Tech Crime Unit’s ‘Operation Sidewalk’ , could effectively ‘take-over’ hundreds if not thousands of computers and turn them into a single weapon as part of a sudden ‘Denial of Service’ attack, which can put an international business like Amazon out of action in a matter of minutes. It’s my own very conservative guesstimate that of our 1.2 million Broadband users in the UK, at least 5% are likely to be infected by Trojan programmes where the owner is quite oblivious to the fact that at any time, somebody else in Shanghai or Sao Paolo, for no other reason than idle curiosity, can pop-in and have a look at what he or she is doing or worse, use a third-party’s machine as a springboard with a more sinister purpose.

So what does this information tell you, if you happen to be a Member of Parliament? It means that if you have Broadband or even dial-up Internet access and you don’t have a personal firewall in place, like ZoneAlarm or Symantec’s popular Norton Internet Security, that your own PC can easily risk compromise or virus infection through simply visiting another Web site.

Spam , unsolicited email can be more than a nuisance. Some Spam will attempt to re-direct the reader to Web sites with allegedly ‘Free’ sexual content. But very little on the Internet is really free and the ‘Content’, if viewed, can drop on of those Trojans I referred to earlier on to your system. Very often, it’s the sites ‘Raison d’Etre’.

If “Parliament leaks like a sieve” then perhaps its better that it does so in a more conventional or traditional sense, one more in standing with its historic purpose. However, as MPs become increasingly ‘Wired’ into the world of the Internet, then they need to be aware of the risks of fraud, identity theft, vandalism, business interruption and all the other crimes that have been given an opportunity that spans a global audience. When you use the telephone, you don’t expect to be bugged. When you speak or write in confidence to a newspaper, a colleague or a constituent, you may not wish to be overheard or have that communication intercepted by a teenager in the Philippines?

Members of Parliament should insist on the same information security precautions, products and policies as are available in the broader public and private sector domains which lie outside Parliament.UK. This exercise should extend to the constituency and advice on MPs’ own websites as well to reduce the risk of hacking or indeed, an MP’s own website being used as a potential host for malicious code.

Based on what I have heard most recently from my own sources, I have passed my concerns to Robin Cook. A sensible first step, might involve an immediate security assessment of the condition of Parliamentary computing, one capable of identifying potential threats and weaknesses to the organisation and its Members. Any business of comparable size to Westminster would conduct such an exercise as a matter of routine.

The second action should address information security and the integrity of the Members’ own personal computers and every MP should have personal firewall software installed on his or her PC by default and those using Broadband, as a matter of urgency. When this happens many may be surprised by what they find is already resident on their system or perhaps relieved to discover what is not.

In considering the Internet risks facing Members of Parliament, a final word goes to Liberal Democrat MP, Richard Allen who believes:

“The whole business of Parliament depends on a secure flow of information, both in terms of the availability of information systems and of the confidentiality of much of their content”.

“As we become increasingly dependent on new technology and networks for storing and transmitting that information, we should take sensible precautions against the potential threats to these systems that we can now see are substantial and growing."

Quick Facts

- October was the worst month ever for digital attacks with 57,977 attacks recorded, according to Mi2G’s Intelligence Unit

- The overall trend for digital attacks is on an upward curve with 31,322 overt digital attacks recorded in 2001 and 64,408 - more than double - recorded in 2002 already

- The revised projection for 2002 is for over 70,000 such attacks mostly targeted at small to medium size businesses. (Mi2G)

- In March of this year the UK Government, admitted facing an average of 84 attacks each week and that between 1st January 1999 and 29th January 2002, Government departments reported 13.146 hacking attempts of which ten resulted in sensitive data being disclosed or compromised. (UNIRAS)

- Europe's sharp plunge in attacks during November accounted for a large portion of the overall decline this was principally due to the UK, where attacks fell sharply by nearly 70% from 2,253 in October to 679 in November. (Mi2G)

- Upwards to $59 billion is lost each year in proprietary information and intellectual property, according to the 10th Trends in Proprietary Information Loss Survey by ASIS International, PricewaterhouseCoopers, and the U.S. Chamber of Commerce. The collective basis for these losses is a lower level of priority for information security—especially at the internetwork, desktop, and public sector user.

- High Tech, Financial Services, and Power and Energy companies continue to show the highest rates of attack activity per company (Riptech)

- On average, every new Web site will be accessed within 28 seconds and attacked within 5 hours (PWC)

Dr Simon Moores is a Director of Zentelligence Research ( and will be speaking on the subject of information risk at the first eCrime Congress in London on 9th December. (

He has worked with the Cabinet Office as an ‘Advisor’ to the Office of the e-Envoy and has provided consultancy to companies which include Microsoft, Quizid Technologies and Symantec on matters relating to information security strategy and the Internet


Popular posts from this blog

A Matter of Drones - Simon Moores for The Guardian

I have a drone on my airfield” – a statement that welcomes passengers to the latest dimension in air-travel disruption. Words of despair from the chief operating officer of Gatwick airport in the busiest travel week of the year. Elsewhere, many thousands of stranded and inconvenienced passengers turned in frustration to social media in an expression of crowd-sourced outrage.

How could this happen? Why is it still happening over 12 hours after Gatwick’s runways were closed to aircraft, why is an intruder drone – or even two of them – suspended in the bright blue sky above the airport, apparently visible to security staff and police who remain quite unable to locate its source of radio control?

Meanwhile, the UK Civil Aviation Authority, overtaken by both the technology and events, is reduced to sending out desperate tweets warning that an airport incursion is a criminal offence and that drone users should follow their new code of conduct. Yet this is not an unforeseen event. It was i…
A Christmas Tale

It’s pitch blackness in places along the sea wall this evening and I'm momentarily startled by a small dog with orange flashing yuletide antlers along the way. I’m the only person crazy enough to be running and I know the route well enough to negotiate it in the dark, part of my Christmas exercise regime and a good way of relieving stress.

Why stress you might ask. After all, it is Christmas Day.

True but I’ve just spent over two hours assembling the giant Playmobil ‘Pony Farm’ set when most other fathers should be asleep in front of the television.

I was warned that the Playmobil ‘Pirate Ship’ had driven some fathers to drink or suicide and now I understand why. If your eyesight isn’t perfect or if you’ve had a few drinks with your Christmas lunch then it’s a challenge best left until Boxing day but not an option if you happen to have a nine year old daughter who wants it ready to take horses by tea time.

Perhaps I should stick to technology but then, the instruc…

An Ockham of Gatwick

The 13th century theologian and philosopher, William of Ockham, who once lived in his small Surrey village, not so very far from what is today, the wide concrete expanse of Gatwick airport is a frequently referenced source of intellectual reason. His contribution to modern culture was Ockham’s Razor, which cautions us when problem solving, that “The explanation requiring the fewest assumptions is most likely to be correct;” sound advice which constantly proves to be true.

A week further-on since Britain’s second busiest airport was bought to a complete standstill by two or perhaps two hundred different drone sightings, it is perhaps time to revisit William of Ockham’s maxim, rather than be led astray by an increasingly bizarre narrative, one which has led Surrey police up several blind alleys with little or nothing in the way of measurable results.

 Exploring the possibilities with a little help in reasoning from our medieval friar, we appear to have a choice of two different account…