The Cabinet Office has suffered almost 6,000 cyber attacks this
year with more than 1,000 incidents occurring in October
alone.
Cabinet Office minister Douglas Alexander revealed the scale of the
attacks in a parliamentary written answer.
With the government stepping up preparations for a war with Iraq,
Brian White, MP for Milton Keynes and a former IT professional,
asked a series of parliamentary questions to ascertain government
department's response to the threat of cyber terrorism.
While the Cabinet Office fought off 5,857 cyber attacks this year,
the Foreign Office told White it had not been subject to a single
attack.
"I was surprised that they were not on a par with some other
departments," said White. "There is a possibility that they are not
necessarily the most open department."
IT security consultants Mi2G said: "It is highly unlikely that
attacks were not even attempted on the Foreign Office. At the very
least the Foreign Office's Internet facing computers would have
been probed or scanned for potential attack as this is a
commonplace occurrence."
Peter Sommer, senior research fellow at the Computer Security
Research Centre at the London School of Economics, said: "Most
attacks people talk about are from the Internet and much will
depend on the extent departments are connected.
"If you put up Web sites, people will throw probes at them but
there is a difference between leaning against a front door and
stamping all over the inside of a computer."
A Foreign Office spokesman insisted that the department was not
trying to hide the number of attacks it had faced. "The reason why
we have no record of digital attacks is probably because the term
digital attacks can be defined in many ways. It is not secrecy," he
said.
The Foreign Office is now upgrading its systems and intends to
carry out a full penetration test in 2003.
White said that overall he was "reassured" that government
departments are reviewing the security of their communication and
information systems, but believes more can be done.
"Policies on security need to be constantly reviewed and monitored.
Re-looking at security can't be done too often. What each
department could do is collate statistics about attacks and publish
them on a quarterly or bi-annual basis."