back to article UK.gov state of the nation report: Infosec's very important, mmmkay

The UK government’s first annual report on the implementation of the 2015 National Security Strategy has reaffirmed that cyber-security remains a key priority. The 39 page report (pdf) lists cyber-security alongside Russia’s actions in Syria and Ukraine and terrorism as among the greatest threats Britain faces. The range of …

  1. Anonymous Coward
    Anonymous Coward

    Not a lot of investment then

    [quote]"For example, the FCO’s £3.5m Cyber Security Capacity Building Programme is delivering a portfolio of 35 projects, benefiting 70 countries to support the “openness and security of networks that extend beyond our own borders”."[/quote]

    So £100k per project to backdoor our allies systems. It'll be massively over budget fortunately since we'll be using child labour of 14-17 year old script kiddies, unpaid internships weren't banned this summer and we can profit as a nation through the intellectual property / trade secrets we steal, it could be worse.

  2. Chris Hills

    On one hand...

    On one hand, cyber security is a backdoor. On the other hand, they want encryption backdoors. Talk about mixed messages.

    1. Lee D Silver badge

      Re: On one hand...

      NOBODY ELSE must be given a backdoor. Except us.

      Because, obviously, when you have a backdoor, it's specifically designed so that only one person / organisation can ever utilise it in its entire lifetime and it will never get stolen, misused, discovered, etc. by anyone else.

      The days of them actually understanding why what they're asking for is impossible are long gone.

  3. Anonymous Coward
    Anonymous Coward

    The UK Government's view:

    The UK Population are all Thought Criminals.

    Their every last action should be monitored and recorded for indefinite future reference.

    They should all be locked up in Bentham's Panoptican Prison.

    We can legally lie in Court and this immunity is granted retrospectively for previous actions.

    "Give me 6 lines written by an Innocent Man ..."

  4. Pascal Monett Silver badge
    FAIL

    "cyber-security remains a key priority"

    The first condition for successful cyber-security is : having a fucking clue.

    Count UK Gov out of the race right there.

  5. Anonymous Coward
    Anonymous Coward

    Skills are always a key problem in the cyber security arena.

    The problem isn't the lack of skills, it's the distribution. Far, far too many firms keep security as a tiny corner of the IT department, where someone like me (dear reader), equipped with a soul corroded by 20 years of disinterested, vendor-blinded management failure, arrogant developers and idiot ops persons, toils away getting absolutely nothing of any value done -- because that's what they want us to do, because they don't know the first thing about security. Any suggestion that perhaps an inventory would be useful or that risk assessments might be interesting would get you laughed out of the room and then excluded from subsequent activity in case you accidentally manage to fix some fail. My current berth's a perfect example. It handles gigantic sums of money and any halfway competent pentester would go through them like a knife through butter. Patching? They've heard of it. They've spunked a ton of cash on garbage commercial snake oil, because the relatively small number of clueful techies are never asked for input -- let alone us peons in security. I won't go into details for obvious reasons, but the state of security here is as bad as any I've come across in my career. It's 90s level stuff like admin passwords being called out across the office, no access to logs, almost complete lack of policies, and an ISMS? "Why do you hate America?"

    I could fix it all myself in 18 months with a bit of clueful headcount and management backing (so for instance devs who put plaintext passwords into a database on the LAN get fired, rather than being able to tell us to fuck off and stop being so paranoid...) but of course I'm a bit of a nerd rather than a schmoozer and I didn't go to the right sort of school, so... fergedd abaad it. Nothing ever changes. Management blunder on, happy with the delusion that spending money means they don't need to worry about security any more. And one day they'll discover they've been pwned from top to bottom, probably shortly after wondering why all those millions of dollars of transfers were just made to bank accounts in unfriendly or regulation-light jurisdictions. I would say "I hope so!" but of course I'd be a prime suspect in that scenario, and I'm allergic to anglepoise lamps. I suspect a lifetime toiling in the mackerel-gutting sheds of Scarborough would have been less soul-crushingly awful.

    1. Anonymous Coward
      Anonymous Coward

      The problem isn't the lack of skills, it's the distribution

      Oh yes. If they got themselves skilled managers who could handle talent rather than soulless consultants who will say "yes" to anything as long as they can rip off the government in change control and other hidden fees, and politicians who think that having an agenda equals to skills they would GET that security they were after, and at a cost that would not be an insult to the tax payer.

      The prices the government pays for service should result in gold plated kit everywhere - instead it must have funded quite a few yachts and I don't see that end soon, however much that is in conflict with delivering the quality they need.

  6. Tony S

    Pretty much everyone that works in any form of security, will advise you that the biggest threats are usually internal. Most research will also identify that this is more often due to a failure of process, or inept workers, than due to malicious activity.

    In other words, you have far more to be worried about by idiots screwing up than you have from any external hackers. But obviously, it doesn't go down too well when you tell ministers that they are more of a threat than [insert foreign name of choice], and as the government advisers want to keep on being paid, they'll go with the overseas options.

    1. Anonymous Coward
      Anonymous Coward

      Pretty much everyone that works in any form of security, will advise you that the biggest threats are usually internal. Most research will also identify that this is more often due to a failure of process, or inept workers, than due to malicious activity.

      Strange as it may seem, that's actually less of an issue with the way the Government is networked. Unfortunately, the OSA prevents me from elaborating, let's just say that the way things are hooked up allows for a good deal of segregation which helps.

      1. allthecoolshortnamesweretaken

        Security by inefficiency is still security...

        1. Anonymous Coward
          Anonymous Coward

          Security by inefficiency is still security...

          Yes, but only sustainable if they don't bring in new people who work harder :).

          The segregation thing was by design, btw, not by accident. Many years ago, they DID have competent people involved. Those have mostly retired now, though.

  7. David Pollard

    Open learning?

    The Open University does a free course, Introduction to cyber security: stay safe online. At first glance this looks as though it might be a cost-effective way of getting members of the public to be more aware and more able to defend themselves against at least some of the threats. There probably won't be too many takers, but at least someone is trying.

    http://www.open.edu/openlearn/science-maths-technology/introduction-cyber-security-stay-safe-online/content-section-overview

  8. Camilla Smythe

    The article only managed...

    To mention Cyber 45 times...

    Let me help out here,

    Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber Cyber

    I could, possibly and if I were so inclined, implement something using FOSS that would render the use of the word 'Cyber' more incredibly stupid than it is at the moment. I may be certain that others are more capable.

    "Blah, Blah, Blah... Cyber. OW!"

    "Gosh. That looks like a nasty broken nose. I have no idea how your head got forced down and managed to connect with my rapidly ascending kneecap."

    1. Anonymous Coward
      Anonymous Coward

      Re: The article only managed...

      It's cyber this and cyber that,

      and cyber get away from 'ere,

      but it's this way Mr. Higgins

      when the hackers are in your bay.

      [Apologies to all and sundry, especially to Mr. Kipling!]

  9. John Smith 19 Gold badge
    Gimp

    "The UK government wants to promote cyber security education"

    How about starting with the fact the HMG is spying on your behaviour 24/7/365 and will retain that information indefinitely because they can.

    Don't type anything that's going over the internet that you wouldn't mind at least a dozen complete strangers reading, again not because you're important or famous, but because there's nothing stopping them if they decide to do so.

    That should be a good starting point.

  10. acid andy

    Cyber Cyber Cyber

    How many times can you get the word "Cyber" into a report?

    All together now:

    Cyber Cyber Cyber

    Cyber Cyber Cyber

    Cyber Cyber Cyber

    Cyber Cyber Cyber!

    1. Camilla Smythe

      Re: Cyber Cyber Cyber

      You have been illed by the forums posting mechanisms.

      Type Cyber | Shift Left Arrow back to highlight Cyber | CTRL C | End | Shift Insert and hold until bored...

      I'll just check that one for you.

      CyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberTheresaMaysuckedatherpreviousjobandisusinghernewpowers toimplementherpreviousfailuresevenifweallgetfuckedoverCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberIfyouvotedforbrexityouareafuckingidiottrynottogetoveritCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyberCyber

      You may need to add a !!11!! at the end.

      Also useful as a one time Cyber pad to transmit 'hidden messages'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021