Friday, February 27, 2009

UK Encryption Demands Ignored by Quarter of MoD Contractors

Via -

Companies working on confidential UK defence information are not complying with government demands to encrypt data.

One-quarter of contractors which either access the Ministry of Defence Restricted Network or who work on classified or above information have failed to confirm they encrypt all defence data held on laptops and portable media - a requirement under the MoD's List-X Notice security standards.

In a written answer to Parliament, defence minister Bob Ainsworth this week said that just over eight per cent of contractors confirmed they do not comply with the MoD's List-X Notice on laptop and media encryption, while just over 18 per cent have not confirmed whether or not they meet the standard.

An MoD spokeswoman told that a small number of contractors have said that compliance with the encryption standards was "not practicable". The MoD is working with those contractors to minimise the risk of losing data, she added.

Ainsworth said almost 23,000 contracts were placed in the financial year 2007/08 and that the MoD expects to confirm full compliance with all its suppliers by the end of March.

The MoD issued the List-X Notice in response to the government's Data Handling Review last year, which recommended personal data on all portable computers and media be encrypted.

The review was introduced following a number of data losses by the government, starting with HM Revenue and Customs' loss of 25 million child benefit records in 2007.

-------------------------- about cutting ties with those that don't comply?

Demands or requirements with no teeth / bite are pretty much worthless.

No comments:

Post a Comment