The British Computer Society has launched a pilot scheme to certify information assurance professionals in government. The full scheme will be launched in January 2012 and will focus on developing and delivering an Information Assurance Specialist Certification Scheme for anyone working in a government department or those …
The major problem in GCHQ/CESG starts with the incompetent leadership.
BT/Phorm. TalkTalk/Huawei. Newscorp/phone hacking. Vodafone/Bluecoat. To name but a few of the communications scams that GCHQ/CESG have comprehensively failed to detect and prevent.
GCHQ/CESG may indeed have poor management. But there failure to detect (mind they may have know about it, so this may be an invalid accusation), and prevent 'BT/Phorm. TalkTalk/Huawei. Newscorp/phone hacking. Vodafone/Bluecoat' would have more to do with this being nothing to do with their role.
Re: The Problem
GCHQ were probably well aware of those "scams" as you put it. But they have little to nothing to do with their remit.
Private companies acting in an abusive manner to their customers is a judicial matter.
An Epic, nay, Colossal Enigmatic Fail
Whether GCHQ/CESG knew about BT/Phorm. TalkTalk/Huawei. Newscorp/phone hacking. Vodafone/Bluecoat etc., or not, and did nothing constructive, is a matter of grave national security interest concern. For it tells the world and his dog that they pretty useless at this internet intelligence game. In fact, it would probably be perfectly fair and accurate to say that they are a fcuking dead loss at it and IT Command and Control of Computers and Communications from Occupied Creative CyberSpace.
And if they haven't got tabs on everything MPs and senior civil servants are doing 24/7 then they are a clear and present danger to the nation by virtue of their being wrongly presumed to be competent and on guard against threats to the stability of the nation and the wider world. Or are they going to claim that the present ongoing and deepening media pimped crises are part of their obscure game plan and they would be leading it rather than observing it?
To quote their home page...
In their words;
"GCHQ provides intelligence, protects information and informs relevant UK policy to keep our society safe and successful in the Internet age".
"GCHQ works in partnership with the Security Service (also known as MI5) and the Secret Intelligence Service (also known as MI6) to protect the UK's national security interests."
Yet GCHQ has failed to - 'protect UK national security interests' - from espionage threats time after time after time again.
They are a complete waste of space, matched only by the ICO for sheer incompetence.
It doesn't mean they have to do anything abort Phorm etc. These are civil offenses and don't threaten national security.
The Threat to National Security
The threat to national security arises because what Phorm do is espionage.
Spying on private/confidential personal & commercial communications to gather intelligence which damages the organisations, businesses, and individuals targeted.
That would include police, judges, military personnel, politicians, as well as members of the public, and the businesses and organisations they work for.
Whats worse is that the software BT/Phorm used was supplied by a shady organisation (OCS Labs) with a history of distributing malicious rootkits & spyware.
Thats where GCHQ failed. They failed to protect the UK's national security interests from illegal covert communications espionage.
According to you the fact that Phorm monitored commercial Internet connections, some of the users of which might have been Police, Judges etc., this would constitute a threat to the UK's national security?
Not mere industry certification
It's /government/ certification. I'll have to see the material to know whether it's any good or whether it gets stuck in the sort of "if you must leave sticks on the circle line, make sure they're from $approved_vendor" that gave various vendor certificates their poor reputation with those who actually do know what they're talking about. But hey, at least the government finally noticed that particlar bandwagon and is spending good tax money to jump in on it. They're with the times, honest. Wonder if those seeking certification will have to pay yet again, and if so, how much, though.
Shame on you.
11/10 for that headline, El Reg. It certainly captured my interest ..... until I read further and discovered it involved the servicing of that pox ridden slapper and self-promoting lost cause, UK.gov
Shouldn't the BCS tell its members that professionals don't read other people's (e-)mail?
That'll be the same BCS that doesn't understand why you don't send security credentials in email then?
Certificated or certified?
The British Computer Society has a name quite considerably less silly than The Worshipful Company of Information Technologists, but both seem to be an irrelevance, whether certified/certificated or not.
Great to see
Just how much commentators know about what CESG actually does, and what it's for.
They are not spooks, they are IT security advisors and accreditors.
And like all good civil servants you can never get a stright answer out of them, and they like you to prove that something can't happen.