The Ministry of Defence has admitted that only 27 per cent of its computers (of those so far checked) are fully compliant with the government's security standards. Minister for the Armed Forces Bob Ainsworth, in answer to a parliamentary question, laid out the Ministry of Defence's IT security position: 58 per cent of systems …
Did he say that with a straight face?
You can see why McKinnon wants to be tried in this country, I bet the American systems are the same, they would just never admit it
From those numbers you could also have chosen the headline "No computers fail security check", since all of the systems tested so far have either passed unconditionally or passed conditionally.
Reminds me of the old joke about the chap walking down Whitehall who asks "Which side is the War Office on?" Back comes the retort, "Ours, I hope!"
Tux because he's secure :-)
Point of order
As I read it, for every 100 MoD machines:
58 have been assessed of which:
- 27 have passed
- 31 have failed (in some major or minor fashion)
42 remain to be fully checked.
So it's really the case that 47% (27/58) of the machines that have been checked are secure.
Here endeth the maths lesson.
Re:Did he say that with a straight face?
Why do you think they're throwing the book at him? They know the systems are less protected than an Essex girl's cherry, they just don't like it being shouted about.
Paris.. well given the Essex girl comparison, there wasn;t anything else to choose really...
dont they mean
27% are not connected to the Internet?
Is the MOD missing an opportunity to present favourable numbers? They have checked 58% of their systems...that 58% represented by 27% being fully OK and 31% less than fully OK.
So 27/58 or just under 47% of their systems are fully OK? And all things being equal (which they might not be) the 47% figure would only vary marginally whereas the 27% figure quoted will change dramatically.
the other 73%...
must be running Windows.
Must be hard to loose a complete network of computers on a train..
Picture it now the MOD Guidelines as follows:-
1. Dont leave desktop on train or other public transport
2. Remeber to use a password (And not password as a password)
Feel free to add more lol
Openness and transparency
I think Mr Ainsworth should be praised for his full disclosure - it doesn't happen often!
Plenty of work to get the accreditation status of the remainder up-to-speed; pity that there are insufficient MoD Accreditors...
Only half of the story ...
The real fun begins whenever you are contracted to "break" MODified Operating System and render them liable to catastrophic attack with zero defence. That fairly causes them a few concerns and highlights some very glaring deficiencies/insufficiencies.
I always love Lewis' definitions of classification levels...
If that's how the military and MoD look on Secret, Confidential and Restricted then it's no wonder that so much stuff goes missing!
"and to non-networked systems which contained data "above Secret" - in other words classified information of some importance. Information classified Secret and below (Confidential, Restricted) in the MoD is typically not very significant in a national security context"
This is absolute bullshit of the highest order. Having worked on classified systems, systems and data protectively marked as SECRET most definitely are important in a national security context.
Whilst it may be true tha tmuch data classified as RESTRICTED is not that important, SECRET definitely is.
The level above SECRET is TOP SECRET. If your article was correct, then anything worth protecting would all be classified at TOP SECRET and would require everyone using those systems and data to be developed vetted, which is a very long and uncomfortable process to go through, and is only undertaken if absolutely necessary. People that are security cleared are not routinely DV'ed and do not have routine access to information at TOP SECRET.
Your article is wrong.
Heads up El'reg
and Bob forgot to mention that the RAF is currently crippled by network outages due to a virus
Lewis is always on with this "anything less than top secret is dull" stuff.
The definition of SECRET, promulgated by the Cabinet Office, is 'information, the unauthorised disclosure of which is likely to cause grave damage to the interests of the nation'.
Having said that, I agree that to have such a high proportion of systems with no accreditation, or interim/conditional accreditation, is an indictment. It's been a requirement for networked systems for well over a decade, now.
"Information classified Secret and below (Confidential, Restricted) in the MoD is typically not very significant in a national security context - although it may be personal and private."
This is incorrect.
I've just decided to stop reading this website for a good while. If the information supplied as purported analysis is not at all reliable then what is the purpose?