IT bods to prove their prowess in bed with spooks The British Computer Society has launched a pilot scheme to certify information assurance professionals in government. The full scheme will be launched in January 2012 and will focus on developing and delivering an Information Assurance Specialist Certification Scheme for anyone working in a government department or those …
GCHQ/CESG may indeed have poor management. But there failure to detect (mind they may have know about it, so this may be an invalid accusation), and prevent 'BT/Phorm. TalkTalk/Huawei. Newscorp/phone hacking. Vodafone/Bluecoat' would have more to do with this being nothing to do with their role.
Whether GCHQ/CESG knew about BT/Phorm. TalkTalk/Huawei. Newscorp/phone hacking. Vodafone/Bluecoat etc., or not, and did nothing constructive, is a matter of grave national security interest concern. For it tells the world and his dog that they pretty useless at this internet intelligence game. In fact, it would probably be perfectly fair and accurate to say that they are a fcuking dead loss at it and IT Command and Control of Computers and Communications from Occupied Creative CyberSpace.
And if they haven't got tabs on everything MPs and senior civil servants are doing 24/7 then they are a clear and present danger to the nation by virtue of their being wrongly presumed to be competent and on guard against threats to the stability of the nation and the wider world. Or are they going to claim that the present ongoing and deepening media pimped crises are part of their obscure game plan and they would be leading it rather than observing it?
In their words;
"GCHQ provides intelligence, protects information and informs relevant UK policy to keep our society safe and successful in the Internet age".
"GCHQ works in partnership with the Security Service (also known as MI5) and the Secret Intelligence Service (also known as MI6) to protect the UK's national security interests."
Yet GCHQ has failed to - 'protect UK national security interests' - from espionage threats time after time after time again.
They are a complete waste of space, matched only by the ICO for sheer incompetence.
The threat to national security arises because what Phorm do is espionage.
Spying on private/confidential personal & commercial communications to gather intelligence which damages the organisations, businesses, and individuals targeted.
That would include police, judges, military personnel, politicians, as well as members of the public, and the businesses and organisations they work for.
Whats worse is that the software BT/Phorm used was supplied by a shady organisation (OCS Labs) with a history of distributing malicious rootkits & spyware.
Thats where GCHQ failed. They failed to protect the UK's national security interests from illegal covert communications espionage.
It's /government/ certification. I'll have to see the material to know whether it's any good or whether it gets stuck in the sort of "if you must leave sticks on the circle line, make sure they're from $approved_vendor" that gave various vendor certificates their poor reputation with those who actually do know what they're talking about. But hey, at least the government finally noticed that particlar bandwagon and is spending good tax money to jump in on it. They're with the times, honest. Wonder if those seeking certification will have to pay yet again, and if so, how much, though.
This post has been deleted by its author
Just how much commentators know about what CESG actually does, and what it's for.
They are not spooks, they are IT security advisors and accreditors.
http://www.cesg.gov.uk/about_us/index.shtml
And like all good civil servants you can never get a stright answer out of them, and they like you to prove that something can't happen.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
