back to article UK gov: Brit biz barons, get your privates in check before the spooks arrive

Spooks from GCHQ and MI5 will be given insider access to the UK's top 350 companies in a bid to reduce any damage caused by hackers wreaking havoc upon Blighty-based businesses. A letter to the FTSE 350 chairmen – signed by MI5 director general Andrew Parker, GCHQ director Iain Lobban and Universities Minister David Willetts …

COMMENTS

This topic is closed for new posts.
  1. cupperty
    Black Helicopters

    Oh the irony ..

    See subject

  2. John Smith 19 Gold badge
    Unhappy

    Why don't they just tell the FTSE350 which companies they could get into?

    Or perhaps just leave a note of the high points on the desktop of the CEO's PC?

    Seriously knowing you have issues with your IT security is irrelevant if they don't do anything about it.

  3. JimmyPage Silver badge
    FAIL

    So let me see

    HMG want the UKs security services to perform a security audit of our 350 most capitalised companies, and then store that all in one place.

    What could possibly go wrong ?

    1. streaky
      WTF?

      Re: So let me see

      Can't imagine. Another reason not to go public is all I'm seeing here.

      The public and business needs protection *from* GCHQ, not by it.

  4. Irongut

    "Company chairmen and chairs of audit committees will be asked to complete a questionnaire"

    So the group of people that know the least about IT. Useful.

    1. billse10

      so get the answers from the audit committee, then separately get the answers to the same questions from the IT people at the sharp end. If the two sets of answers differ, start sacking people. Sorry, I meant "suggesting they consider new and exciting challenges in their career outside of the current organisation" (we are talking audit-speak, after all)

  5. Harry Kiri

    Er, as a Govt funded agency should GCHQ be touting for business like this?

    Aren't they taking advantage of their position, just a huge bit?

    1. amanfromMars 1 Silver badge

      Hacking into GCHQ .... an Empty HyperRadioProActive In-House Intelligence Space/Place‽

      Er, as a Govt funded agency should GCHQ be touting for business like this?

      Aren't they taking advantage of their position, just a huge bit? … Harry Kiri Posted Friday 26th July 2013 13:51 GMT

      Such would appear to be part of their mandate/raison d'être, Harry Kiri …….

      The Government Communications Headquarters, GCHQ …. Produces intelligence from communications, and takes the lead in the cyber world ….. Report of the Intelligence Services Commissioner for 2012, The Rt Hon Sir Mark Waller

      However, that cited report also contains this enigmatic conundrum/zeroday exploit opportunity/abiding systemic flaw for those and/or that into Intelligence Server Provision and/or SMARTR IntelAIgent Supply ……

      The intelligence services do not choose what they want to do.

      There be no need to further wonder and ponder why things are so bad, and as they are, whenever that be the case, methinks.

  6. JimmyPage Silver badge
    Stop

    also ...

    I would hope, as a starting point, all companies would be ISO27001/27002 accredited ?

    1. Anonymous Coward
      Anonymous Coward

      Re: also ...

      Yeah cos that will help

  7. Anonymous Coward
    Anonymous Coward

    E&Y

    There was a session at CTX2013 this year which from a rather arrogant consultant from one of the top 5 telling everyone that there are 2 types of companies - those that know they've been cyber infiltrated and those that don't. He spent 20 mins telling everyone that when this happens it will be a countrywide economic disaster and it'll be YOUR FAULT!

    So he was challenged at the end as to why, if everyone's being attacked why we don't hear about it all the time. Why do we not hear consistently about companies going under. Yep, some places get busted, some even high profile, but in the grand scheme of things, not much really happens in the way of cyber apocalypse. And by the way, where are your figures and statistics?

    But he had none. It was a scaremongering sales pitch. And it was poor.

    1. billse10
      Pint

      Re: E&Y

      "It was a scaremongering sales pitch."

      Most big 4 pitches look like that at some point ..

      "And it was poor."

      unlike the partners in the big 4

      oh look, it's Friday afternoon :-)

      1. Anonymous Coward
        Anonymous Coward

        Re: E&Y

        Here's a starter for ten:

        http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html

  8. Cliff

    Not as daft as it sounds?

    One of the world's leading electronic security agencies helping to audit the internal systems of the biggest contributors to the economy makes sense. In terms of the number of jobs they provide, tax revenues, etc, those 350 companies are all ones we'd rather not see losing data/plans/designs/reputation to any attacker for the overall health of the country as a place to do business. Sometimes doing security is about being seen to do security as well.

  9. heyrick Silver badge
    WTF?

    "Spooks from GCHQ and MI5 will be given insider access to the UK's top 350 companies"

    Given that spooks from this side of the ocean seem rather happy to talk to spooks over the other side of the ocean (and that's only the stuff we know about), if my company was big, important, and had competitors in the US, there is no way in hell I'd willingly let them anywhere near the business.

    It's pretty bloody audacious for spooks to be saying ANYTHING at all right now.

  10. Dan Paul
    Devil

    "Spooks from GCHQ and MI5 will be given insider access"

    What...do they need more access than they and the NSA have already taken?

    Seems to me that the companies that the "Spooks" approach first, must be the ones that have some level of security that the "Spooks" have not been able to penetrate yet.

    Is there a 512 bit version of PGP out yet? Who ya gonna call? Spookbusters?

  11. Anonymous Coward
    Black Helicopters

    And as a part of the audit, GCHQ and MI5 will want all your encryption keys.....

    Just to check that you are using proper encryption, of course. And they will install some "purely diagnostic" software on your network! :)

    When the spooks show up for the audit, have some fun with them and have your team meet them at the door--wearing tinfoil hats :)

  12. Anonymous Coward
    Anonymous Coward

    Ooh, sneaky spooks

    They're not worried about any major threat to those FTSE350 companies, or they'd just hack whatever exploits they found themselves and let the company get on with fixing it (maybe taking their slice off the top for providing 'consultancy' from their own monopoly pool).

    They want to build 'business' relationships with the firms, and not just for the cash. It means that Mister Top Bod at GCHQ gets an excuse to wander into the office of Mr.CEO, or Mr.Head of Compliance & Audits whenever he fancies to have a little chat.

    The Yanks use the blunt instruments of court orders and leaning-on to gain access. In the UK, our backdoor state uses meetings, ostensibly about one subject ('something came up in the security audit') to make a quiet, but contractually binding, agreement on another subject ('how about you route that cable through this here black box from now on?').

This topic is closed for new posts.

Other stories you might like