Remote working by up to 500 council staff in the north of Scotland could be disrupted after an issue over access to restricted networks was raised.
Highland Council was last month informed it had fallen foul of security rules enforced by the Communications Electronics Security Group (CESG), the cyber security arm of the UK intelligence services and part of the Government Communications Headquarters (GCHQ).
In-house policy on ICT security for mobile and fl exible working allows the council’s email system to be accessed from any location or device, including personal devices, via a facility available on the body’s intranet known as WebVPN.
With the largest local government area in both Scotland and the UK, between 400-500 users make use of the WebVPN connection to facilitate work from far-off locations.
Discussions with CESG are ongoing, though John Grieve, Corporate ICT Manager for Highland Council, said issues over widening ease of access were not limited to one single local authority.
He told Connect: “Regarding the ‘compliance audit’, we recently had a CESG onsite assessment which identifi ed an issue with our current policy of allowing council staff and elected members to use the council email system from their home PCs using a ‘WebVPN’ connection.
“I do not believe Highland Council can be the only public authority facing this issue and while the council is working to agree a plan with CESG, I believe this highlights the type of issues local authorities, who tend to embrace a more ‘open access’ philosophy, have connecting to networks where the ethos is more restrictive.”
It comes as the Scottish Government is developing an action plan for boosting cyber security, with Enterprise Minister Fergus Ewing given responsibility Justice Secretary Kenny MacAskill told delegates at the eCrime Scotland summit in Edinburgh last month that it was vital to tackle the problem. Cyber crime is said to cost businesses in Scotland an estimated £5bn a year.
Professor Simeon Keates, head of the School of Computing and Engineering Systems at Abertay University, told Connect: “The appointment of Fergus Ewing is a very welcome step indeed and we look forward to working with him.
“Cyber crime is an extremely serious issue for businesses, the public sector and private individuals throughout Scotland and a coordinated response is needed to properly address such a rapidly evolving problem.
“Efforts from the Scottish Government to mprove support for cyber security, and popular awareness of this complex issue, are absolutely necessary.
“The explosion of the internet and networked mobile phones into every aspect of our lives is a massive opportunity for criminals, malicious hackers and even cyber terrorists. Forwardthinking education, policy and prevention measures across Scottish society are vital for our future.”
Abertay University launched the UK’s fi rst Ethical Hacking and Countermeasures BSc course and teaches related practical courses including Digital Forensics and Intelligence and Security Informatics.
Alan Robertson
A graduate in Politics and Journalism from the University of Strathclyde, Alan joined the Holyrood team as a reporter in May 2012 fresh from finishing his studies. Alan spent four years in student media, the last of which helping to launch the award-winning Glasgow Journal as Managing Editor, and continues to work part-time as a sub-editor in sport for the Sunday...
There are far more issues with the Netowrk than just the VPN, The deployment of the fujitsu network in certain places was so poor that a privelidge escelation attack wouldn't be difficult to execute, and thats coming from a Highschool student