|
|
|
|||||||||||||||||||||
  |
||||||||||||||||||||||
 |
 |
 |
 |
 |
 |
 |
|
|
|
||||||
 |
|
|
||||||||||||||||||||||||||||||||||||||||
|
PRIME MINISTER Report from the e-Minister and e-Envoy - 3rd March 2003 This progress report focuses on electronic security. This is an important topic that underpins the delivery of online public services by Government and the broader economic and social well being of the UK. Critical activities in areas such as transport, finance, food distribution, power supply and water processing are increasingly dependent on information and communications technology. These services - as well as those by Government - would be severely affected if there were to be widespread disruption to their information systems. As part of an ongoing process to improve e-Government security, we are working with public sector organisations, the private sector and international bodies, to improve the resilience of our own information systems, against accidental or malicious physical disruption. However, the protection of information systems against electronic disruption presents additional challenges - complex interdependencies, rapidly evolving technology, and the global nature of the Internet - that undermine traditional security measures. The DTI's biennial Information Security
Breaches Surveys have regularly identified the need for greater
information about security management and solutions to be readily
available, particularly for smaller companies. The 2002 Survey indicated,
for example, that whilst 76% of UK companies believe they have critical
or sensitive information, only 27% of them have any kind of security
policy. The new information security element of the UK online for
business website was launched in February, with a view to offering
basic security advice and guidance in jargon-free language; it is
the first website of its type and there has been extensive consultation
with both public and private sector stakeholders. The site can be
found at: The DTI has been instrumental in taking forward a number of security initiatives. It has been closely involved with BS7799 (the British Standard on Information Security); part 1 of the standard has become an international standard and part 2, although it remains a British standard, has in fact been published as a national standard in many other countries. With strong DTI support, the first international Conference on BS7799 was held in London in September 2002, a second is planned for September this year. Other similar initiatives are underway in countries as diverse as China and Mexico. The DTI has provided many guides for small businesses to increase their information security. The new UK online for business website launched by DTI last month provides practical advice and guidance. The National High Tech Crime Unit, within the National Crime Squad, is extending its outreach activities to businesses that are victims of criminal activity. Business has traditionally been reluctant to report these incidents and, following a survey of business views, NHTCU has recently developed a confidentiality charter to address their concerns. To assist public sector organisations, the Office of the e-Envoy published a complete set of Security Frameworks last October. These described the measures that organisations should take to secure their electronic service delivery systems against assessed risks. The Office of the e-Envoy also published advice on the selection of biometric products that are of increasing interest. In January of this year the Office of the e-Envoy published guidelines for the registration of individuals and organisations for government electronic services, and a skeleton Information Security Policy Document that public sector organisations can use to develop their own security policies. The Office of the e-Envoy is supporting the National Infrastructure Security Co-ordination Centre (NISCC) to establish the first Warning, Advice and Reporting Point (WARP) in partnership with London Connects (www.lcwarp.org). DTI and the Office of the e-Envoy continue to support industry security awareness initiatives such as SAINT, and we participate in tScheme, the industry led voluntary approval body for trust service providers. Four commercial service providers were approved by tScheme in 2002, and there is a further 'registered applicant' going through the approval process. But because of the slow take-up of commercial trust services the Office of the e-Envoy is exploring other ways of authenticating users - and is working closely with the Inland Revenue, Department of Work and Pensions and some local authorities to enable customers, employees or others known to trusted commercial organisations to access government services. A wide range of other Government bodies have responsibilities in information security. Recognising the growing importance of this field, the Cabinet Secretary has asked Andrew Pinder to take on the co-ordinating role of Central Sponsor for Information Assurance, alongside his position as e-Envoy. In January, as Central Sponsor, Andrew Pinder signed the Government Security Programme agreement with Microsoft. The UK was the third to sign this, after NATO and Russia, and we hope to enter into similar agreements with other companies. Such programmes will bring substantial benefit by increasing the availability of more secure commercial IT products. The Central Sponsor will be working closely with colleagues across Government and in the private sector over the coming months to establish the strategic direction for the UK Government's information assurance activity. Information assurance must underpin public sector reform and the wider e-economy, to make the UK one of the best, and one of the safest, environments to be online. We will keep you informed of progress over the coming months.
|
||||||||||||||||||||||||||||||||||||||||||
