View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 17, 2013

Government Minister has installed his own Wi-Fi in Whitehall

Rik Ferguson, VP and Security Research, Trend Micro, comments on the security risk.

By Cbr Rolling Blog

It appears that Francis Maude, the Minister for the Cabinet Office in the United Kingdom government is getting a little frustrated with technological solutions available to him in the Houses of Parliament. So much so that he has "installed his own wi-fi". In the House of Commons. In his office. In government. Nothing to worry about there then…

The news is particularly ironic, coming on the same day that Mr. Maude’s department issues their press release relating to the "Radical overhaul for Whitehall security". You don’t say!

While we might applaud Mr. Maude’s desire to get the job done, his willingness to endanger the security of the parliamentary network, systems and data is incredible. If he really has "installed his own wifi" as the story suggests, then that network segment will not be configured, managed or audited by security experts in the House of Commons, rendering them blind to the the risks it represents. It will almost certainly connect networks not designed to be connected, effectively punching a hole through numerous firewalls. It will allow access to those systems from unmanaged devices (phone and iPad) which reside outside of the corporate network and represents a massive security breach and a disaster waiting to happen. Quite aside from the worrying practical concerns it will make compliance with almost any standard you care to mention extremely problematic, if not impossible.

The phenomenon is not new, it is called Shadow IT. Shadow systems grow up in the dark spaces under desks and in the cupboards and pockets of employees who are simply trying to get the job done, employees like Mr. Maude. In an effort to access, process or disseminate information quickly and effectively they will buy, install and use whatever technology works. Very often congratulating themselves on their canny technology combinations and their wily ways around the system.

Shadow IT is the USB stick in your pocket, it’s the DSL link under your desk or the wireless access point in the cupboard. In the new paradigm of consumerisation and cloud the problem is exacerbated. Webmail becomes a covert channel, unmanaged file-synchronisation services a back door and virtual servers in someone else’s cloud often end up holding the crown jewels of the organisation outside every process and oversight of the business owner.

Very often, as is the case with Mr. Maude it’s the BYOD aspect of consumerisation that is the prime mover of this illicit infrastructure on today’s enterprise. Francis Maude wants to be able to "use his phone and his iPad in his office" and the (hopefully) secure and managed systems are too "clunky" to allow him to do this. Perfect solution? Throw an unmanaged wireless network in there to bridge the technology gap, not.

Consumerisation, along with Cloud and Cyber-attacks, is one of the three biggest challenges faced by organisations today. The challenges they represent are not insurmountable, but actions like those of Mr. Maude demonstrate, yet again, that it’s not only the bad guys you have to worry about.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU