Embed Size (px)
Citation preview
ne
ws
6In
fosecu
rity Tod
ayJanuary/February 2006
Suppliers face risks on UKidentity schemeSA Mathieson
The risks for IT suppliers
bidding to build the UK
Home Office’s biometric identi-
ty card and register were high-
lighted recently by a parliamen-
tary vote demanding more fi-
nancial detail on the plans.
On Monday 17 January, the
House of Lords (the UK’s revising
chamber) voted that the scheme
be blocked until the government
provides more information on
costs:opponents have argued
that the data provided by the
Home Office is inadequate and
unrealistic.The Labour govern-
ment,which does not command
a majority in the Lords, argues
that revealing financial details
would damage its ability to se-
cure a good deal from suppliers.
But Eric Woods, government
practice director for UK IT re-
search firm Ovum, disagreed.“If
there is more information avail-
able, arguably it would reduce
the risk for suppliers as they
would feel there was more visi-
bility,” he said, describing the ar-
gument as “a red herring”.
Nick Kalisperas, director of
UK IT trade body Intellect, said
that suppliers were more con-
cerned with clear contractual
requirements which they are
capable of delivering, and there
is a dialogue between industry
and government to achieve this.
He added that the Home
Office would be hard-pressed to
produce financial details, and
these would anyway be subject
to changes, as many aspects of
the scheme have not been final-
ized.“In some ways, I don’t think
the Home Office can win on this
one,”he said.
The government is likely to
seek to reverse changes made
by the Lords in the House of
Commons. However, although
the Commons is still likely to
pass the bill, political opposi-
tion has hardened. On Sunday,
David Cameron, recently-elect-
ed leader of the main opposi-
tion Conservative party, strongly
criticised the plans, dubbing
them ‘un-British’.At last year’s
general election, Conservative
opposition was more qualified.
The next general election is
due by 2010, ahead of the
scheme’s final phase planned for
2013 or afterwards. Before this,
enrolment will be compulsory
when renewing documents in-
cluding passports – for which
some biometrics will anyway be
required under European agree-
ment – but afterwards, all adults
would have to enrol. Only then
could the scheme be used for a
full range of identity checks.
Eric Woods said that suppli-
ers may feel that the years be-
fore the next election will allow
the scheme to bed in, but they
may question revenue flows
that would only start after
everyone was enrolled.
He added that political opposi-
tion created other brand and rep-
utation risks for suppliers:“This
will come under a massive
amount of scrutiny,”he said.
Forensic company forced to do self-analysisSarah Hilley
Guidance Software, a com-puter forensic company,
is embarking on a computerinvestigation of its own corpo-rate systems.
The company has been
hacked and had 3,800 customer
credit card details stolen.
As a result one customer –Kessler International – has$20,000 worth of fraudulenttransactions on its creditcard, according to theWashington Post.
The Californian-basedcompany notified all 9,500
customers by letter, which ismandatory under state law.
Many Guidance customersare law enforcement whobuy its software to forensical-ly analyse computers to in-vestigate hacks, and othercases.
The company has report-edly managed to block theintrusion.The hack tookplace in November but was-n’t discovered until 7December.The US SecretService is investigating thebreach.
The Institute for Information
Security Profession-als (IISP)
has launched in the UK,with
sponsors that include Vodafone
Research,BP, the CESG,and the
British Cabinet Office.
The Institute is conceived of
as international, but will be UK
based initially. It hopes to emu-
late such traditionally British
professional institutes as the
British Medical Association.
In an article to be published
in Elsevier's Information
Security Technical Report,
David Lacey, one of the leading
lights of the new Institute,
writes:‘[this is a] milestone for
an emerging profession whose
time has now come to establish
itself on a more formal basis. In
much the way that the intro-
duction of electricity into busi-
ness and society in the last mil-
lennium led to the foundation
of the Institute of Electrical
Engineers, so the onset of the
Information Age has led to the
need for an Institute to shape,
formalize and govern the stan-
dards, behaviour and skills of
the professional staff who ad-
vise Government, Industry,
Academia and Society on how
best to safeguard … informa-
tion assets’.
Fred Piper, founder of the
Information Security group at
Royal Holloway, University of
London, and one of the leaders
of the project to establish the
IISP, has stressed that the
institute's goal is not to reinvent
the CISSP or CISM, but is in-
stead about what comes next.
“The CISSP is a qualification;
this will be a professional insti-
tute.There is a big difference”.
Alan Stanley, founder of the
Information Security Forum,
and another key figure in the
formation of the new body has
said:“members of the body
must be seen as embarking on a
stimulating journey and not just
seen as getting a one off tick in
a box”.
Judy Baker, deputy director of
the National Infrastructure
Security Co-ordination Centre
(NISCC) has expressed whole-
hearted support for the ven-
ture.“We want the right profes-
sionals in the right jobs doing
the right things”, she said.
Meanwhile, Institute protag-
onist Paul Dorey, confirmed
that his own company, BP's cri-
teria for infosec professional
employment “is in alignment
with the way the insititute is
going”.
The new body will organize
a series of CISO master class-
es, funded by participant spon-
sors, a series of workshops,
and cross-organizational men-
toring.
The IIISP is confident that it
will have “several thousand
members” by the end of 2006.
Individual membership is be-
ing set around £100; corporate
membership is £6,000.
Infosec institute opens doorsBrian McKenna
