IT Security (Hansard, 20 November 2002)

§ Clare Short

1. DFID has taken a number of steps in recent months to review the security arrangements for the Department's IT systems. A review of the anti-virus (AV) arrangements is currently under way, and is expected to complete soon with any resulting changes implemented by the end of this year. Secondly, another review is considering the way in which classified information is handled and stored within the Department's IT systems. The review paper and conclusions are due to be put before the highest level IT Steering Committee (the KCC) later this month, with accepted recommendations being implemented progressively throughout 2003.

2. DFID's IT systems were subjected to one digital attack during October. The new BugBear virus entered the system via a visiting user from our Dar-es-Salaam office accessing his HotMail account, and the virus subsequently infected 15 PCs. This entry point was immediately plugged when it was discovered.

3. During the rest of 2002 there were two other digital attacks on the systems. In April DFID was infected with the Elkern virus. This entered DFID before there was a pattern file available to detect it. In all, one server and 500 PCs were affected—about one in six of the user population. The pattern file was applied as soon as it was available from the AV software supplier, and no re-infections have been reported. In November, a routine sweep of the databases revealed one occurrence of the Redlof/A virus, which had infected 26 files on one user machine.

4. Virus detection is applied at the DFID Internet Gateway, before messages are allowed into the systems. Logging is not generally left switched on because the logfiles fill up very quickly. However, logging is periodically captured and examinded. During the period 8–15 November, 513 messages appearing at the gateway were found to contain viruses and were prevented from entering.

5. There were no hacking attempts on DFID systems during the year.