Be paranoid

Last week's revelations that fraudsters have been targeting the Government's £260m Individual Learning Account (ILA) scheme...

Last week's revelations that fraudsters have been targeting the Government's £260m Individual Learning Account (ILA) scheme highlighted the need for a wholesale rethink of the way we view computer security and misuse.

The Department for Education and Skills has hired Cap Gemini to investigate the illegal trading of learning account details, and has no plans to comment until its investigation has been carried out. Meanwhile, Capita, which manages the site, is adamant that it built it according to the specifications provided, and points out that no hacking of the site has gone on.

Of course no hacking went on - there was, after all, little real security to hack through.

The ILA site was set up in a way that made it easy to defraud. Simply by filling out a form and supplying contact details and an insurance certificate, a training provider could get hold of the password necessary to access the site. Once in, it took no more than some guesswork and a little common sense to navigate the site and track down live account details.

Here we have an example of a Web site where the legality of public access is blurred, leading to a computer breach, not of security, but of trust.

And if individuals can burrow this deep into the Government's ILA systems, regardless of whether they then defraud them or not, how can we be confident that our tax claims or medical records are secure?

In its current guise, the Computer Misuse Act 1990 makes it an offence for someone to access, modify or delete computer data unless they have authorisation. But it does not take into account the fact that people are now routinely invited into corporate IT infrastructures via Web sites. This must change.

Meanwhile, those responsible for corporate security must be more vigilant - and more paranoid - than ever. Designing systems that resort to trust as a means of self-defence will end in tears.

Read more on IT for government and public sector

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.