§ Miss Emma NicholsonTo ask the Chancellor of the Duchy of Lancaster (1) how many instances have been 409W detected in his Department of computer (a) hacking, (b) viruses, (c) logic bombs, (d) Trojan horses or (e) other types of computer misuse, whether perpetrated by authorised or unauthorised users of computers; and how many unsuccessful attempts have been recorded;
(2) if he will make a statement on all recorded cases of unauthorised access to his Department's computer files.
§ Mr. ForthIt is not the policy of this Department to make public details and circumstances of computer security incidents, their perpetrators and their success or failure, since such information would be of assistance to potential attackers.
§ Miss Emma NicholsonTo ask the Chancellor of the Duchy of Lancaster (1) whether he gives regular advice to the financial sector on how to guard against unauthorised penetration of their computer files by hackers;
(2) whether his Department issues advice to business about computer security;
(3) whether he gives regular advice to the financial sector on how to guard against unauthorised penetration of its computer files by hackers.
§ Mr. ForthThe DTI seeks to promote the development and application of standards addressing computer security, and criteria for the security evaluation of IT products, and to raise the awareness of the importance of computer security measures in business operations. Indivdual businesses should be addressing questions of computer security peculiar to them, as part of good business practice.
§ Miss Emma NicholsonTo ask the Chancellor of the Duchy of Lancaster what representations he has received on the use of bulletin boards for the transmission of private numbers, thereby enabling computer hackers to transfer charges to other people's accounts; and if he will make a statement on the measures he proposes to take to eliminate this activity.
§ Mr. ForthI am not aware of any such representations.
The misuse of computers, and the use of bulletin boards by "hackers", are among the issues being considered by the Law Commission following the publication of its working paper on computer misuse. Its recommendations are expected before the end of the year.
§ Miss Emma NicholsonTo ask the Chancellor of the Duchy of Lancaster if he will quantify the risk of damage by hackers to sensitive computerised files in his Department.
§ Mr. ForthThe Department takes advice from the appropriate Government authorities when addressing the security risks to its computer systems.
In the case of sensitive but unclassified data, the Department can assess the risk of damage by hackers by using the CCTA's risk analysis and management methodology (CRAMM).
§ Miss Emma NicholsonTo ask the Chancellor of the Duchy of Lancaster (1) what measures his Department has taken to protect data in transit by electronic means;
(2) if he will give details of his Department's policy on review of its computer files.
§ Mr. ForthIt is not the Department's policy to make public details of computer security procedures or410W measures. In addressing the security requirement for computer systems, advice is taken from the appropriate Government authorities.
§ Miss Emma NicholsonTo ask the Chancellor of the Duchy of Lancaster whether staff are briefed about computer hacking and computer viruses; whether there are contingency plans to deal with computer downtime caused by unauthorised penetration; and what plans exist to deal with penetration of particularly sensitive systems.
§ Mr. ForthStaff in the Department are briefed on computer security issues. Procedures exist for recovering from incidents resulting in downtime of the Department's computer systems. It is not the Department's policy to reveal details of recovery plans for sensitive systems.