Oh the irony ..
Spooks from GCHQ and MI5 will be given insider access to the UK's top 350 companies in a bid to reduce any damage caused by hackers wreaking havoc upon Blighty-based businesses. A letter to the FTSE 350 chairmen – signed by MI5 director general Andrew Parker, GCHQ director Iain Lobban and Universities Minister David Willetts …
so get the answers from the audit committee, then separately get the answers to the same questions from the IT people at the sharp end. If the two sets of answers differ, start sacking people. Sorry, I meant "suggesting they consider new and exciting challenges in their career outside of the current organisation" (we are talking audit-speak, after all)
Er, as a Govt funded agency should GCHQ be touting for business like this?
Aren't they taking advantage of their position, just a huge bit? … Harry Kiri Posted Friday 26th July 2013 13:51 GMT
Such would appear to be part of their mandate/raison d'être, Harry Kiri …….
The Government Communications Headquarters, GCHQ …. Produces intelligence from communications, and takes the lead in the cyber world ….. Report of the Intelligence Services Commissioner for 2012, The Rt Hon Sir Mark Waller
However, that cited report also contains this enigmatic conundrum/zeroday exploit opportunity/abiding systemic flaw for those and/or that into Intelligence Server Provision and/or SMARTR IntelAIgent Supply ……
The intelligence services do not choose what they want to do.
There be no need to further wonder and ponder why things are so bad, and as they are, whenever that be the case, methinks.
There was a session at CTX2013 this year which from a rather arrogant consultant from one of the top 5 telling everyone that there are 2 types of companies - those that know they've been cyber infiltrated and those that don't. He spent 20 mins telling everyone that when this happens it will be a countrywide economic disaster and it'll be YOUR FAULT!
So he was challenged at the end as to why, if everyone's being attacked why we don't hear about it all the time. Why do we not hear consistently about companies going under. Yep, some places get busted, some even high profile, but in the grand scheme of things, not much really happens in the way of cyber apocalypse. And by the way, where are your figures and statistics?
But he had none. It was a scaremongering sales pitch. And it was poor.
One of the world's leading electronic security agencies helping to audit the internal systems of the biggest contributors to the economy makes sense. In terms of the number of jobs they provide, tax revenues, etc, those 350 companies are all ones we'd rather not see losing data/plans/designs/reputation to any attacker for the overall health of the country as a place to do business. Sometimes doing security is about being seen to do security as well.
"Spooks from GCHQ and MI5 will be given insider access to the UK's top 350 companies"
Given that spooks from this side of the ocean seem rather happy to talk to spooks over the other side of the ocean (and that's only the stuff we know about), if my company was big, important, and had competitors in the US, there is no way in hell I'd willingly let them anywhere near the business.
It's pretty bloody audacious for spooks to be saying ANYTHING at all right now.
What...do they need more access than they and the NSA have already taken?
Seems to me that the companies that the "Spooks" approach first, must be the ones that have some level of security that the "Spooks" have not been able to penetrate yet.
Is there a 512 bit version of PGP out yet? Who ya gonna call? Spookbusters?
Just to check that you are using proper encryption, of course. And they will install some "purely diagnostic" software on your network! :)
When the spooks show up for the audit, have some fun with them and have your team meet them at the door--wearing tinfoil hats :)
They're not worried about any major threat to those FTSE350 companies, or they'd just hack whatever exploits they found themselves and let the company get on with fixing it (maybe taking their slice off the top for providing 'consultancy' from their own monopoly pool).
They want to build 'business' relationships with the firms, and not just for the cash. It means that Mister Top Bod at GCHQ gets an excuse to wander into the office of Mr.CEO, or Mr.Head of Compliance & Audits whenever he fancies to have a little chat.
The Yanks use the blunt instruments of court orders and leaning-on to gain access. In the UK, our backdoor state uses meetings, ostensibly about one subject ('something came up in the security audit') to make a quiet, but contractually binding, agreement on another subject ('how about you route that cable through this here black box from now on?').