Friday, October 15, 2010

Good sense from Great Britain's spymaster

The UK's version of our National Security Agency is the GCHQ.  The GCHQ's head has been in the news lately, making complete sense about security:

GCHQ's director has said that 80 per cent of the government's cyber security vulnerabilities can be solved through good information assurance.

Iain Lobban, the director of the signals intelligence and information security organisation, said if government departments observed basic network security disciplines, such as "keeping patches up to date", combined with the necessary attention to personnel security, their online networks would be much safer.
"But the scale of the challenge is changing, and the remaining 20 per cent of the threat is complex and not easily addressed by just building the security walls higher and higher," he told an audience at the International Institute for Strategic Studies on 12 October 2010. "As Bill Lynn, the US Deputy Secretary of Defense has said, a 'Maginot line' approach to defence will not be sufficient of itself."
Translation: raising the level of Average Practice would be A Very Good Thing, but even Best Practice won't stop very smart, motivated, and well-resourced adversaries.  It kind of seems obvious, but it's good to see an official saying this in public.

If you're a security geek (like me), you'll want to read the whole thing.

No comments: