[Nottingham] GCHQ proposes the Great Firewall of Britain

Martin martin at ml1.co.uk
Wed Sep 21 16:20:18 UTC 2016 

On 15/09/16 21:02, Duncan via Nottingham wrote:

> 
> If you think about it from a "normal" IT security perspective, we are no
> further forward than we were 15 years ago.  We are still shouting the
> same old same old: "choose a good password", "don't click unknown links" etc
> Blaming the end user when it goes wrong has not worked - it never worked.
> When you stop blaming the user and consider the wider "system" you realise
> that a phishing email landing in their inbox is the security failure.
> Them succumbing to the phishing attack is a symptom of that earlier failure.
> 
> That is what is happening here. Government is recognising that despite what
> shouty shouty sysadmins think the evidence is there that we are making
> no meaningful headway on (cyber) security to the extent it is becoming
> a serious national risk. ...

Unfortunately very greatly so.

Worse still, even mediocre 'security' is far too troublesome or scary
for most normal people and various big businesses are all too happy to
ignore the dangers other than to absolve themselves of all costs...

There has to be a better way. That means NOT the way we do IT business
at present.

Phew! That's one for quite a talk in itself!!


> What the NCSC is proposing may not be the best option but government
> mandated security measures, probably at the ISP level, are coming.

It is an easy and convenient patch-over that will have an easy effect
upon the unknowing most users...

Also very easy to silently add an awful lot of mission creep for
monetary and other purposes...

And better still, it is the ISPs and their customers that bear the costs...


> onus is on us to engage with, shout at, argue with and review what is
> proposed to make sure it is technically fit for purpose, we know who is
> in control,  it has enough open scrutiny and the public have the power
> to get things changed when (not if) they go wrong.
> 
> Have fun,
> Duncan
> 
> [1] https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

However, there is far too much 'fun' for normal people to keep up any
sort of 'fight'...

Is this where we need to sponsor some professional lobbying...?

All a game of business and politics gone mad(*)?


Cheers,
Martin


*:
Mutually Assured Destruction...




-- 
- ╔═══════════════════╦══════════════════════════════════════════╗
- ║   Martin Lomas    ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║
- ║ martin@ ml1 co uk ║ Import from   hkp://subkeys.pgp.net   or ║
- ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║
- ╚═══════════════════╩══════════════════════════════════════════╝

More information about the Nottingham mailing list