security levels
Back in the 1950s in Washington it used to be said that the security levels were
Secret: Only we and the Russians know it.
Top Secret: Only the Russians know it.
BT is crowing for the second time in two weeks about how its products have been security certified by GCHQ, the government's main listening station. Snag is, they've been certified for "restricted" communications, which are only slightly more secure - in military terms - than shouting in a crowded pub. Today's announcement …
The description of protective marking levels and their impact is pretty inaccurate, for example the idea that having a clearance at a level automatically gives you access to any info of that level is just wrong. Its still on a need to know basis, even at restricted. And IT systems are just a bolt-on to all this, they are not the basis for it.
And as a previous poster said, this is hardly news, and not something to be that proud of on BT's part. There have been off-the-shelf certified solutions available means of doing this for a long time.
There are too many ways to count how the article is wrong.
Just for starters,
* The protective marking scheme misdescribed here is promulgated by the Cabinet Office for all of the civil service, not just military use.
* UNCLASSIFIED is not cleared for release so shouting it in the pub is still a security breach.
* RESTRICTED isn't a default marking, but most MOD networks operate as if everything were RESTRICTED; there's a subtle difference.
* You have to be "vetted" (not the right term) for access to any MOD network at RESTRICTED or above.
The proper definitions of protective markings are not widely available, apparently, but do form Appendix A to this document:
http://www.acpo.police.uk/asp/policies/Data/prot_marking_scheme_report_19feb01.doc
ANd what about all the COMMINT and SIGINT levels of security.
e.g A Restricted COMMINT OR SIGINT Signal is generally handled as a normal Secret or Top secret Signal, and securtiy levels all go upwards form there. If you want to know about GCHQ/NSA read a book called The Puzzle Palace. Dont worry, all the information in this post is in the public domain ( I think)...
:o) *sigh* takes me back to the *Cold* war ( and believe me, camped out on the East German border in December is COLD)
Above Top Secret. (Omega) This is the classification reserved for information which concerns ongoing intelligence operations. Also used for information relating to reverse engineered alien technology, such as the Rendlesham Forest crash.
Such information is restricted to a handful of GCHQ members, merely acknowledging the existence of said classification is in itself a breach.
Any faulty media (including PC RAM) which may have been used at any time to store this data) is incinerated at a secure location before disposal, and GCHQ has ongoing arrangements with IT vendors to honour warranties on such equipment,
Accidental breaches have occurred, including members of the public taking pictures of experimental aircraft, in most cases they are too blurred and distorted to be useful. However high quality pictures are removed from the Internet where posted, and replaced with blurred copies.