§ Miss Emma NicholsonTo ask the Chancellor of the Exchequer if he will make a statement on all recorded cases of unauthorised access to the computer files of(a) the Treasury and (b) the Inland Revenue.
§ Mr. Brooke[holding answer 24 April 1989]: It is not the policy of the Treasury or the Inland Revenue to make public details and circumstances of computer security incidents, their perpetrators and their success or failure, since such information might be of assistance to potential attackers.
§ Miss Emma NicholsonTo ask the Chancellor of the Exchequer (1) if he will give details of his Department's policy on review of the security of Treasury and Inland Revenue computer files;
(2) if he can quantify the risk of damage by hackers to sensitive computerised files in the Treasury and Inland Revenue;
(3) what measures (a) the Tresury and (b) the Inland Revenue have taken to protect data in transit by electronic means.
§ Mr. Brooke[holding answer 24 April 1989]: The Treasury and the Inland Revenue take advice from the appropriate Government authorities on security matters. In the case of unclassified but sensitive data this includes the CCTA IT security and privacy group (part of Her Majesty's Treasury) which is the central Government advisory authority in this area. It would not be sensible to publish details of actual counter-measures, reviews and risks.
§ Miss Emma NicholsonTo ask the Chancellor of the Exchequer whether staff of the Treasury and Inland Revenue, respectively, are briefed about computer hacking and computer viruses; whether there are contingency plans to deal with computer downtime caused by unauthorised penetration; and whether plans exist to deal with penetration of particularly sensitive systems.
§ Mr. Brooke[holding answer 24 April 1989]: The Treasury and Inland Revenue have contingency plans and staff eduction programmes as part of their wider information systems strategy, but their effectiveness would he reduced if details were made public.