Logging in at Westminster: What are they doing?

cyber security

This week, an MP brazenly told the internet that she gleefully shares her government computer login details with her staff – to which much of the internet responded ‘wtf?!’. Here, Annie Heath, Digital Product Manager of the Digital First Team at Brighton & Hove City Council, expands on the general feeling of disbelief in public sector IT.

Nadine Dorries MP tweeted recently to inform us all that knowing who was logged in to a PC does not in any way prove who was using it. If someone is sending emails from their personal account and in between viewing and downloading porn, it could be ANY of the staff or interns allowed to use the username and password!

Other MPs replied, backing her comments up, as if it was us who were ridiculous to be horrified at this, rather than them being horrified as they realised they just proved exactly why data protection laws exist.

Doesn’t it just beggar belief? I was both flabbergasted and furious, and it would appear from the likes and RTs of my response that I was far from alone.

I work in the digital transformation team at Brighton & Hove City Council. Our product releases must meet strict criteria to get approved because the Information Governance team have to make sure we meet all the legislation requirements.

Does it meet ISO27001? How will you keep passwords safe? Where is the server based? Who will have access? How sensitive is the data?  Is the browser locked down? Plus, we now have to adapt to the changes coming with the GDPR: we have less resources, more cuts to council funding, less time for Data Privacy Impact Assessment meetings and more demand to have them.

We can’t go full steam ahead with our truly transformative projects as we have to divert resources to reworking existing customer forms and functionality to be GDPR compliant. And who demands that we modernise and reduce duplication with less staff whilst stymying that work with restrictive legislation and the threat of massive fines? Parliament, ultimately. And where is it apparently fine to just share your personal login with all your staff? Parliament!

This shocking security set-up cannot be a surprise to IT professionals in Westminster. Are MPs above the laws and legislation that they themselves pass? Does the set up at Westminster mean that security professionals don’t feel they have the necessary authority and oversight to clamp down on this?

And whilst we are on security, or the lack of it in central and local government, do they not have web filtering security like Bluecoat in Parliament? Gmail is apparently too much of a threat to allow access to in local government; I can’t browse online at Pepperberry at lunchtime (because – for shame! – they also sell “intimate apparel”) but anyone who has anyone else’s login can access anything on the internet of an MP’s computer in Parliament?

If we were to share our login with someone here it would be a disciplinary matter. If an MP does it, she boasts about it on Twitter. We are at two extremes of the spectrum: one shut down too much; one too little. The lawmakers clearly have no idea of the reality of our day to day experience and how much we are slowed down by data security requirements.

It is time, surely, to look at the legislation again and find a middle ground that works well for all.

Logging in at Westminster: What are they doing?

Diversity in IT 2017: Dismal but getting better

Diversity

In case you hadn’t noticed already, the UK’s women are grossly underrepresented in the IT sector, a new report has revealed.

According to The Chartered Institute for IT’s findings, despite making up over half of the population (51%) women fill only 17% of IT specialist roles.

The report – ‘Diversity in IT 2017: Shaping Our Future Together’ – also shows that though 23% of the population are registered disabled, only 8% of IT workers have a disability.

Meanwhile, while 45% of us Brits are aged over 50, only 21% of IT specialists fit that age bracket – though after MP Nadine Dorries’ (aged 60) preposterous cybersecurity ignorance blunder yesterday, perhaps that’s at least in part understandable?

In what appears to be better news for workplace diversity, 12% of the country are from a non-white ethnic background but 17% of IT workers fit that bracket. However, before we celebrate a victory for equality, the report notes that IT specialists from minority groups ‘are more likely than others to be in non-permanent employment and those in temporary positions are more than twice as likely to be so employed as they could not find permanent work’.

And (unsurprisingly, sadly) earnings for IT types are all askew too. The report reveals that earnings for female IT workers are 11% below that of males, while disabled IT specialists are 13% below those without disabilities. Lots of work to be done, then.

In the report’s foreword, Dr Sue Black writes: ‘You could say that this report paints a dismal picture in terms of diversity and women in tech, we are nowhere near 50/50 male to female in the industry. But I believe that we are at a tipping point of a revolution in technology and also in awareness of the importance of diversity.’

It’s an excellent in-depth report and the useful thing for me to do now would be to provide you with a link which you can click and then read it. And that’s exactly what I’m going to do. Any moment now. Wait for it. Ok, here it is.

Diversity in IT 2017: Dismal but getting better

MP: I share my login with staff, so what?

parliament2.jpg

An MP has shot a particularly ludicrous bullet through years of government, expert and industry cybersecurity advice.

Forget Kaspersky and its alleged Kremlin links; forget WannaCry and North Korea: Tory Nadine Dorries has proudly declared that she shares her parliamentary computer’s login with…whoever wants it, apparently.

Attempting to defend her embattled colleague Damian Green, who is at the centre of a porn-at-work storm, the MP for Mid Bedforshire tweeted: ‘My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous!!’

Wow. Even the interns on exchange programmes. Hopefully, there haven’t been too many from the Moscow Academy for Higher Infiltration, but that’ll be for the presumably forthcoming inquiry to discern.

The frank, foolish tweet provoked a swift, astonished response. Annie Heath tweeted: ‘I’m both flabbergasted and furious at this. The fear localgov has, the hoops we have to jump through and central gov, who want us to modernise with one hand tied behind our back, have got MPs sharing logins.’

Justin Williams, meanwhile, tweeted that: ‘Oh dear. As an IT person who has worked on security policies for corporations, the first rule of cyber security is NEVER allow another person to use your login and ALWAYS log out even if you are just going for a toilet break. I think your constituents should be alarmed.’

In many places of work (such as in local government, for example) you’re even supposed to take care that your colleagues can’t readily see what’s on your screen, let alone give anybody your login details – yet an MP of the UK’s ruling party seems to be in the dark about such matters.

Dorries was attempting to protect the honour of Green, the First Secretary of State, who has been accused of using his parliamentary PC to access pornography several years ago. That story is odd enough in itself, but Dorries’ backfired bid to clear Green’s name with the ‘could have been anyone’ defence will surely only add fuel to the squalid fire.

While we’re on the subject, only yesterday we released an Inform Briefing on cybersecurity, offering expert advise on many FREE steps you can take to protect your digital channels. Click here to access it.

***

Attention, state hackers! Are you tired of fighting through layers of complex security as you attempt to bring down the UK? Well, sweat over code no more! Simply apply for a role at your local MP’s constituency office and ask them if you could just pop onto their PC for five minutes to play Minesweeper.

MP: I share my login with staff, so what?

Don’t use Kaspersky, government told

anti-virus1

Poor old Kaspersky has received another blow – now the UK government has been told to steer clear of the Russian firm’s software.

The UK National Cyber Security Centre (NCSC) reckons there’s something fishy about the antivirus company, with director Ciaran Martin taking matters so seriously that he’s actually written a letter to important types in Whitehall (email is just too risky, it seems).

In his foreboding missive, Martin writes that Russia wants to ‘target UK central government and the UK’s critical national infrastructure,’ and longs to adopt the internet for ‘espionage, disruption and influence operations’.

Kaspersky, which, if nothing else, is heading for some bleak sales figures this Christmas, has denied any mischievous involvement with the Russian government – but, then, it’s not the sort of thing you’d admit to, is it?

America’s security services banned the firm’s products from government departments back in the summer.

In a further blow, Barclays bank, which knows all about dishonesty, controversy and fraud, has joined in the anti-Kaspersky fun.

Henceforth, new customers will not be offered free copies of the firm’s anti-virus software. The bank contacted nearly 300,000 customers at the weekend, describing the step as a ‘precautionary decision’ – though the email added that ‘there’s nothing to suggest that customers need to stop using Kaspersky’. Hmm. Ok.

Don’t use Kaspersky, government told

Friday round-up: A week in tech

iphone

Do you have one of Apple’s electric iPhones? Do you access the popular web portal Google through it? Well, let me be the first to bring you the great news: you could be in for some money.

The internet search giant is being taken to court for allegedly sweeping up millions of iPhone users’ personal data by secretly creeping past their device’s security settings.

The case is being led by campaign group ‘Google You Owe Us’ whose head, Richard Lloyd, reckons that users could get ‘several hundred pounds each’ – which I must say, as an iPhone user and Google consumer, is excellent news.

Apparently, during 2011 and 2012, Google put ad-tracking cookies on devices using Safari – the web browser that iPhones come preinstalled with. (Incidentally, this isn’t good news for me – I didn’t get an iPhone until 2013, damn it.)

Since realising that I’m unlikely to get a pay-out, I’ve lost interest in this story to be honest, but I’ll persevere. Richard Lloyd said: ‘In all my years speaking up for consumers, I’ve rarely seen such a massive abuse of trust where so many people have no way to seek redress on their own. Through this action, we will send a strong message to Google and other tech giants in Silicon Valley that we’re not afraid to fight back.’

If you happen to be one of the ‘lucky ones’ who were googling on an iPhone during the 2011-12 golden era, have a read of this BBC report.

***

The world’s most famous, silliest, deranged and maniac Twitter account has done it again. In fact, President Donald Trump’s (for it is he) latest ill-advised digital barrage of contemptible drivel is so belligerent and foolish that it actually provoked a rare rebuke from Prime Minister Theresa May.

From the comfort of the Whitehouse sofa, the president re-tweeted three videos from far-right mob Britain First – a group who love Britain so much that they’ve apparently dedicated their lives to destroying as much of it as possible.

The videos purport to show various Muslims committing various atrocious acts – but, as is often the way with these sort of things, the clips aren’t necessarily what they appear; there are contextual issues; the air is thick with lies; and, ultimately, it all rather feels like an exercise in demonising people and creating greater tensions in our communities, which it obviously is. But some people like that sort of thing, don’t they?

Anyway, Theresa May’s official spokesman managed to muster that it was ‘wrong for the president to have done this,’ which is better than nothing, I suppose.

Knowing it would be foolish to allow the matter of a few tweets to come between the US and its closest ally, the UK, Mr Trump immediately apologised…only joking! Of course he didn’t. Jumping back on the social media network, the president tweeted to May: ‘Don’t focus on me, focus on the destructive Radical Islamic Terrorism that is taking place within the United Kingdom.’

Oh Twitter. Twitter, Twitter, Twitter, Twitter…

In other news, my campaign to resurrect Ceefax, which never had anything do with racist psychos as far as I know, launches in the new year.

***

A broadband firm has found a use for a drone that doesn’t involve blowing things up or pestering commercial airliners.

Openreach has been using one of the small flying marvels to hook cables over hills, woods and probably some startled sheep as it attempts to bring faster internet speeds to a remote Welsh village.

The 20 homes in the village near Wrexham will now have broadband speeds of up to 1Gbps – but, as this is Openreach, that ‘up to’ bit is the key phrase.

Engineer Andy Whale said: ‘If we tried running the cable through woods it was also very likely we’d get it caught up in branches and other natural obstructions, so we figured the best option was to fly it in over the top of the tree canopy and then lift it up to make sure it was clear of the tree line.’

The drone wasn’t strong enough to lift the actual fibre cable so instead was used to string up a steel concertina wire, which the internet-carrying bit was then hoisted to.

Villager Chris Devismes said: ‘It has made a world of difference to us. I live here with my two teenage sons and they’re often online – watching films, streaming music or Skyping their friends.’ In other words, they’ve narrowly avoided the horror of having to spend lots of Christmas in the same room together.

Friday round-up: A week in tech

Shared services? Webinars? I’ll explain…

webinarl.png

Do you like webinars? I certainly hope so or this article is going to be of little interest to you.

Hosted by a not-for-profit provider of industry-leading technology, advisory body Eduserv, a special broadcast earlier this week took an in-depth look at the world of public sector ICT shared services.

Chaired by the inimitable Jos Creese, the event featured the invaluable input of Ed Garcez, CIO and CDO at Camden, Haringey and Islington Shared Service, and Emma Marinos, Director of Modernise at Southwark Council. Unfortunately, representing Socitm was yours truly, though I didn’t appear to spoil it too much.

Emma detailed her experiences of Eduserv’s Readiness Assessment for a Shared Services Programme (RASP) tool – a free application that allows those curious about shared services to map out their strengths and weaknesses. Emma and her team have gained a great deal from using RASP, and I suggest you have a look at it yourself. Click here to access it. Do it. Do it now.

The transmission explored the issues sustainable and successful shared service models face: what works and why; pitfalls and risks, the due diligence needed for a solid foundation; typically risks; and where the benefits lie above and beyond saving money.

Anyhow, the webinar has been lovingly preserved and made freely available via the information superhighway. Click here to watch, listen and learn – and I apologise in advance for the boorish, droning voice that answers to the name ‘Max’.

And I haven’t finished yet, so you’ll have to read for a couple more sentences. Socitm is currently publishing a series of guides on shared services. Part 2 was released just this week, with Part 3 due in December. Click here for access, you won’t regret it.

Shared services? Webinars? I’ll explain…

China’s AI threatening world power, report

China.jpeg

An American think tank has raised concerns that China’s development of artificial intelligence (AI) could upset the delicately balanced world power applecart.

Let’s put that another way: a US think tank is worried that America’s near-complete dominance of world power could be mildly usurped by China.

The Centre for New American Security’s (CNAS) report claims that ‘China is no longer in a position of technological inferiority relative to the United States but rather has become a true peer that may have the capability to overtake the United States in AI’.

Worrying stuff, particularly if you’re a fan of US global interventionism. Sounds like a good reason to invest a few trillion dollars in new AI-based weapons stuff to me.

However, the report might be a load of nonsense. Speaking to the BBC, Professor Noel Sharkey, head of pressure group the Campaign to Stop Killer Robots, said that the think tank’s briefing ‘could just be sabre-rattling’.

Showing remarkable trust in the authoritarian Chinese government, Prof Sharkey said he’d met with officials who’d told him that there was no craving to build AI weapons in the country. And why would they lie?

Anyway, in the report, author Elsa Kania writes that ‘China’s People’s Liberation Army is also investing in a range of AI-related projects and PLA research institutes are partnering with the Chinese defence industry. The PLA anticipates that the advent of AI could fundamentally change the character of warfare.’

Sounds almost like a kind of military-industrial complex-style project. What a disgrace! What other countries would even dream of doing such a thing?!

I thought we were going to use AI to learn stuff, have interesting new experiences and sort out problems. But, no. Looks like it might just be used for more explosions and bullets. Ho-hum.

China’s AI threatening world power, report