The Human Element
When it comes to security, too many people are looking for ever more advanced technical solutions, but recent reports remind us that humans are the weak link in the chain and can cost us dear.
Last week the Home Office terminated a £1.5 million contract with PA Consulting after it lost the personal details of the entire UK prison population. Home Secretary, Jacqui Smith, said it was a clear breach of the terms of the contract and added that a further £8 million of immigration, identity, and law enforcement contracts would also be reviewed. PA Consulting issued a statement in which it apologised for the loss, saying "The loss of data on this project was caused by human failure; a single employee was in breach of PA's well established information security processes."
It should be pointed out that critics of the government have suggested that this hard line taken by the Home Office is less to do with PA Consulting and more to do with creating the illusion that the government is cracking down on security. Personally, I think there is political posturing on both sides, and the data losses we read about within the civil service would happen regardless of which party occupies Number 10. Security cannot be instituted overnight with edicts to use longer passwords. It is about humans as well as machines and it needs cultural change and human commitment within the organisation.
Almost all the government data losses we have heard reported over recent months have been down to human error, things like stolen laptops, CDs missing in the post, and memory sticks left in pubs. Put that into context. We also had a police fire arms officer who left behind her semi-automatic Glock pistol in the toilets at a central London Starbucks. If a trained police officer can lose a loaded gun, then is it that surprising that marketing men lose memory sticks?
18th September 2008