(테크놀로지) 영국정부 데이타 보안문제로 최근 감사보고서에서 두드려맞다

출처: http://www.bbc.com/news/technology-37348019

Government data security slammed in new report 영국정부 데이타 보안문제로 감사보고서에서 두드려 맞다

• 14 September 2016
 
• From the sectionTechnology

Image copyrightGETTY IMAGES

The National Audit Office has issued a damning report of the UK government's approach to digital security. 감사원(the National Audit Office/NAO)

The central teams and departments dedicated to protecting information were found to be operating without cohesion and governance.

There are 73 teams and 1,600 staff across government with data security responsibilities. 영국정부에서 데이타 보안 책임을 진 팀은 73개이고, 전담인력은 1,600명이다.

However there was a lack of awareness among staff about who to contact for guidance, the NAO said. 그러나 담당직원들의 보안의식이 부족했다.

"None of the departments we interviewed understood the specific roles of the various bodies involved, making it difficult to identify any single arbiter of standards or guidance," the report stated. 만나본 어느 부서에서도 여러 조직의 특별한 역할을 제대로 이해하지 못해, 누가 최고 결정권자인지조차 모르고 있었다. (arbiter: 결정권자)

The Cabinet Office came under fire for failing to establish leadership in the area.

A Cabinet Office spokesperson said the majority of the data breaches cited in this report were "very minor", but acknowledged it needed to do more. 감사보고서에 인용된 데이타 위반 대부분은 "아주 경미"했으나 더 노력할 필요성이 인정되었다. (breach: 위반)es

"The Cabinet Office conducted its own review of government security in early 2016 and many of our findings are consistent with the NAO report.

"So we are already well under way in strengthening oversight of information security by bringing together nine separate central teams into just two. 9개의각기 다른 팀을 2개로 통폐합함으로써, 정보 보안의 관리감독을 강화하기 시작했다. (oversight: 못보고 지나침, 간과, 관리나 감독. 여기선 후자의 뜻임.)

"We have also appointed the government's first ever Chief Security Officer to bring together all disciplines of government security under central leadership," they added.

In addition three major projects: the Government Security Classifications (GSC) system, the Public Services Network (PSN) and Foxhound, which were supposed to have delivered significant financial savings, had yet to do so, the report found.

The PSN, a network designed to limit duplication in the public sector by allowing various organisations to share data, was forecast to save £200m - £400m per year in 2012. By 2014 it had saved just £103m and no further savings are expected, according to the NAO.

'problematic and costly'

It was also criticised for its lack of security. 보안의 미약도 비판을 받았다.

"The increased security requirements, for example around encrypting data, proved problematic and too costly for many local authorities," the NAO noted.

"For example, many local authority staff used mobile digital devices that represented 'unsecured endpoints', potentially allowing unauthorised access to the PSN."

The report also described the reporting of security breaches within government as "dysfunctional".

"Departments must report data breaches in their annual reports, but each organisation reports its breaches in different ways," it stated.

"Protecting information while re-designing public services and introducing the technology necessary to support them is an increasingly complex challenge," said Amyas Morse, head of the National Audit Office.

"To achieve this, the Cabinet Office, departments and the wider public sector need a new approach, in which the centre of government provides clear principles and guidance and departments increase their capacity to make informed decisions about the risks involved."