Hmm

It'll break. As sure as roses are red, violets are blue. Just like the NHS national database pilot system..

Not Invented Here Syndrome?

I wonder how much more secure it was than ssh over the internet with a decent cryptography algorithm and key length?

Good Guys 1 .... Bad Guys 0

"but one UK spooks reckon will give the bad guys an advantage in working out the strengths and weaknesses of current techniques. ®"

The Good Guys though will present them with a wholly new technique with wholly new techniques to counter and overwhelm those who have left Office and traded secrets for their thirty pieces of silver. And yes, that would be QuITe Probably everything to do with Royal and Ancient Arts and Covetous Dark Matters and the Post Modern Binary Interpretation and Analysis of them in the Holiest of Holy Grail Territories.

Step into that Fray underprepared and the Gods you Bank on and in will lose all Interest in your Support. And if they be Gods in Banking at all, they will already already be Shifting Invisible Supports to the Good Guys 42 Feed their Sweetest and Darkest of Pleasant Milk and Honey Addictions.

And the penguin because it is cold in the mountains, especially in the winter and on dark nights.

What!? Again!?

So another government IT system is late, presumably over-budget, and leaks like a sieve. And this would be surprising, how?

The Paris Hilton Angle.

Could it be any worse if it had been put together by the oft misunderstood heiress? Nah. Thought not.

Strengths and weaknesses?

If intercept use is common in most other countries, then I'd of thought that most of the bad guys would already know the strengths and weaknesses of current techniques.

@ Anyone

Data is read, something just blew; no more CDs

Over to you.

A case of...

"The slow progress of the SCOPE project"

Hmmm, sounds like creeping SCOPE.

Right, got my coat...

how long

how long before someone hacks it.mmmmmperhaps its done already knowing the UK gov. so called security when it comes to data.

The funny thing is that this was an already solved problem..

When GSi was put together, another layer called xGSi was also developed. As an aside, a full plan was developed for en embassy extranet (which is what this thing really is) which used a variety of techniques to keep information safe.

So, that's then really 13 years late - and that platform would have worked as well as GSi has. Sigh.

Does that mean

The SCOPE network was disabled?

sorry....

Already solved

Why don't they just use Tor like everyone else?

Re: Mike

"How long before someone hacks it.mmmmmperhaps its done already knowing the UK gov. so called security when it comes to data."

Doubt it. Gov inter-network security is actually pretty good. How often do you hear of the GSI or xGSI being hacked? The problems they've had recently with CDs going missing are a direct result of a lack of a secure network connection between the sites involved - where there has been no gsi connection or network like this to enable the secure transfer of the data, so some muppet has resorted to sticking the data in the post.

How do you know this?

If this project is Top Secret, how do you know it was late?

It may have been two years early but no one told us. And how do we know data has been lost if it was top secret? think about it eh (picture me tapping my nose!)

Still not the first goverment project to be fleeced by the private sector eh?

@ Chris Miller

..."Why don't they just use Tor like everyone else?"..

Because they want security not *ANONYMITY*.

Presuming your talking about using tor in the way of having "Organisation1 -> TOR -> Organisation2", you don't want "Organisation2" to not know who "Organisation1". Which, AFAIK is what tor provides for.

The difference between anonymity and privacy has been covered thousands of times on El-reg and all over the web, not to mention countless papers and text books. Hell, its even covered on the Tor site. Tor does not provide security, it provides anonymity and these are very different things.

Digital security encompasses (among other things) the following:

Privacy - (making sure no one but the intended recipient can see the message) [Tor allows anyone running an exit node to see the data going in and out and where its going to "in the clear"]

Integrity -- (Knowing a message has not been tampered with (and in some cases even viewed when in encrypted form)) -- [Tor cannot stop an exit node from manipulating data]

Authentication -- (Knowing the message has from from someone authorised to send the message) [Outside of remote server control, Tor has no mechanism to provide for authentication as far as I know.]

Non-repuduation -- (Proof that the person who stated they sent the message actually did send the message. (e.g. to prevent replay attacks) -- [Tor cannot provide this]

The SCOPE system presumably has to provide for all these. Not simply hide the source of a message.

ummmm....

VPN over SSL anyone?

http://openvpn.net/

So easy Paris could do IT

Lol at suggestions

I have to laugh at ridiculous security suggestions for a Secret/Top Secret government network. Suggestions of SSH or a VPN over SSL etc. Don't forget most forms of internet encryption involve doing a key transfer over a public key system in order to set up a private key session. The public key system used is usually RSA with either 1024 or 2048 bit keys. The largest number known to have been factored in the public domain is 663 bits. GCHQ invented RSA 4 years before Rivest, Shamir and Adleman, and recently allowed that tit-bit of information out into the public domain. Also public key algorithms are very susceptible to meet-in-the-middle style attacks, especially if government scale resources are involved.

The symmetric algorithm used typically has a 128 bit key length. US restrictions were at 40 bit for a while but then those restrictions got dropped got dropped. Anyone want to guess why?

Who would like to bet that no government on the planet has found a way into SSL? Especially with the amount of resources that get swallowed up by NSA and GCHQ. I certainly wouldn't make that bet.

Paging King Harold

Your Mark 1 eye protectors are ready for testing.

"counter-terrorism priorities"

"This has led to a focus on counter-terrorism priorities to the possible detriment of other work."

Surely priorities should be focused on real threats such as China/Russia/NKorea/Iran/especially the USA. and counter-espionage against these countries. I'm not saying that a bomber setting off a bomb and killing people isn't bad but I would say its not the biggest problem is it?

Its not a regular occurrence or as bigger threat as the gov./media would like us to believe.

Also ROFLCOPTERS at the guy above who said just use TOR: http://www.theregister.co.uk/2007/09/10/misuse_of_tor_led_to_embassy_password_breach/

The full SP

xGSI only offers accreditation upto CONFIDENTIAL. Properly implemented SSL (as per Manual T guidance) is acceptable for RESTRICTED only. The main problem comes with any kind of network connectivity when you are at SECRET or above.

As for TOP SECRET ATOMIC PRINCIPAL ARTIFICER well, I'll tell you...oh hang on there's somebody at my front door....

Code Direct

I don't know what was wrong with CDs. They seem to be perfectly secure.

Beats throwing them out of the car in a lap top anyway. Waste of a perfectly good lap top, I always thought.

For goodness sakes

Now they're giving away top secret intelligence data.

Not enough that they give away military secrets, now it is intelligence data?

What next?