§ Miss Emma NicholsonTo ask the Secretary of State for Education and Science if he will make a statement on all recorded cases of unauthorised access to his Department's computer files.
§ Mrs. RumboldOur policy is not to make public details and circumstances of computer security incidents, their perpetrators and their success or failure, since such information would be of assistance to potential attackers.
§ Miss Emma NicholsonTo ask the Secretary of State for Education and Science (1) what measures his Department has taken to protect data in transit by electronic means;
(2) if he will give details of his Department's policy on review of the security of its computer files;
(3) if he can quantify the risk of damage by hackers to sensitive computerised files in his Department.
§ Mrs. RumboldThe Department takes advice from the appropriate government authorities on security matters. In the case of unclassified but sensitive data this includes the CCTA IT security and privacy group (part of HM Treasury) which is the central Government advisory authority in this area, and uses its risk analysis and management methodology (CRAMM). It would not be sensible to publish details of actual counter-measures, reviews and risks.
§ Miss Emma NicholsonTo ask the Secretary of State for Education and Science whether staff are briefed about computer hacking and computer viruses; whether there are contingency plans to deal with computer downtime caused by unauthorised penetration; and what plans exist to deal with penetration of particularly sensitive systems.
§ Mrs. RumboldThe Department has contingency plans and staff education programmes as part of its wider information systems strategy, but their effectiveness would be reduced if details were made public.