Feeds

BT cranks VoIP & BlackBerry Enigma machine

UK spooks don't believe the hype

Top three mobile application threats

BT is crowing for the second time in two weeks about how its products have been security certified by GCHQ, the government's main listening station.

Snag is, they've been certified for "restricted" communications, which are only slightly more secure - in military terms - than shouting in a crowded pub.

Today's announcement from BT is of a pre-existing hosted and "highly secure" VoIP product developed with Nortel aimed at public and private sector organisations. It's being made available to more customers after successful trials with a single client.

Investigations by GCHQ's "Information Assurance" arm, the Communications Electronics Security Group (CESG) have led to the kit winning approval for Restricted traffic.

The basic UK military "protective marking" scheme for communications runs as follows:

  • Unclassified - information which can be shouted in a pub or put in a press release.
  • Restricted - in theory such info should pass only via internal MoD phone/intranet, and now by BT VoIP and secure BlackBerry too. Any document at all which isn't an actual press release will be Restricted: this is the default marking for ordinary internal material.
  • Confidential - almost any information of interest will be marked at this level or higher: for instance a document giving details of more than one military unit's planned diary for the next year, or internal assessments of terrorist threat levels worldwide. In theory, such info should pass only via specialist secure landline systems or encrypted signals channels. BT's new products don't qualify.
  • Secret - personnel must have been vetted and cleared to have routine sight of Secret-marked information. Sheets of hardcopy with Secret or higher information on them must be accounted for individually, with every photocopy or shredding witnessed and countersigned. Secret manuals or books have their pages checked against the contents at regular intervals to make sure none are missing - a hated task. Often additional caveats will be applied, such as "UK/USA/AUS/CAN/NZ Eyes Only" - eg not to be released to NATO, only to people who will probably keep it secret. Secret marking is arguably massively overused, frequently being applied to military-intelligence assessments culled from media sources. It is the lowest level of marking seen as much different from pub-shouting by many in the military and intelligence communities.
  • Top Secret - much like Secret, but routine access to Top Secret material requires a further and more intrusive level of vetting, covering sexual and financial history in some depth. This is the highest level of non-compartmentalised marking, e.g. where you can often see this material simply because of who you are rather than because you need to see it. Top Secret tends to be the default marking for any information at all emanating from secret-intelligence organisations like SIS/MI6, no matter how rubbish it may be.
  • Codeword - this is sensitive information which might cause major trouble if it got into the wrong hands: for instance the planned route of a submarine sent on a spying mission into foreign territorial waters, or intel which might identify a highly-placed traitor in an overseas government. Usually there will be a specific list of people or offices which can receive information marked with a given codeword, chosen at least theoretically because they need the info in order to do their jobs.

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
All those new '5G standards'? Here's the science they rely on
Radio professor tells us how wireless will get faster in the real world
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
Oh girl, you jus' didn't: Level 3 slaps Verizon in Netflix throttle blowup
Just hook us up to more 10Gbps ports, backbone biz yells in tit-for-tat spat
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.