Ministers told to do more to protect UK's critical IT

MPs on the Intelligence and Security Committee are pressing ministers and the government's Joint Intelligence Committee to review...

MPs on the Intelligence and Security Committee are pressing ministers and the government's Joint Intelligence Committee to review the vulnerability of the UK's critical computer systems to electronic attack.

There are growing concerns that defences against electronic and physical threats are not sufficiently co-ordinated.

The Intelligence and Security Committee said it was "unconvinced" by assurances that the government's National Information Security Co-ordination Cen- tre (NISCC) and the Communications Electronic Security Group are reducing the vulnerability of the UK's critical national infrastructure to electronic attack.

Secure government communications systems are not reliable enough to ensure that a minister outside London could be contacted to make decisions in an emergency, the committee warned in a report this month.

The MPs are understood to be concerned that there is insufficient co-ordination between the Civil Contingencies Secretariat, which is responsible for preparing for physical emergencies such as terrorist attacks and flooding, and the NISCC, which is responsible for defending against electronic attacks.

Neil Fisher, vice-president of the Information Assurance Advisory Council, a network of public and private sector security specialists, said that although there is a good working relationship between the organisations, the MPs were right to scrutinise their performance.

"NISCC is looking after electronic infrastructure and Civil Contingency is looking at something similar. There might be public concern that there may be no effort, because each thinks the other is doing it, or there is duplication of effort," Fisher said.

The committee's report raises concerns about the lack of central funding for the Government Strategy for Information Assurance, leaving funding of work to protect the national infrastructure to individual departments. "Our concern is that this is going on the back burner," said Fisher.

John Handby, director of user group CIO Connect and former IT director of National Power, said, "There is a very real threat out there, both in terms of electronic terrorism and terrorism by attacking utilities. It is important we review our vulnerabilities."

Jeremy Beale, head of e-business at the CBI, said the government should consider expanding the definition of critical national infrastructure to include firms that are dependent on supply chains.

Vulnerability to electronic attack 

 A major area of concern are Scada (supervisory control and data acquisition) systems, which control power stations, waterworks and other national infrastructure.  The issue came to the fore in Australia in 2001 when a man was arrested for causing the release of sewage into streams after hacking into a control system. Government agencies are only beginning to get to grips with the problem.

Read more on IT for government and public sector