The UK MoD Manual of Security has been leaked (by alaric)
The UK MoD Manual of Security has appeared on WikiLeaks.
I'm not certain this is a good thing, to be honest... the intelligence services are renowned for overstepping their mark, and I'm sure the sections on dealing with investigative journalists and the like will be useful to those who fight against that kind of thing, but I suspect the bits about dealing with foreign intelligence agencies would probably have best been kept secret. Still, the cat is out of the bag, so perhaps it's no bad thing if the MoD are forced to have a total security audit and overhaul their manual 🙂
I've not managed to download it - WikiLeaks servers seem to be rather busy - but the front page does have some interesting snippets from the sections about visitors to China and Russia, discussing the kinds of things the local intelligence agencies do to try and extract Western commercial and military secrets.
This has some interesting bearing on the growing tendency to outsource software development tasks to developing countries. I know a lot of this work does go to China, and so we can probably assume that any intellectual property made available to developers in China is probably scrutinised by their security services and passed on to Chinese companies that may be able to benefit from it.
In the depths of my career history, I once worked on a software system that was to be used in a Government project to protect the nation's "critical national infrastructure"; and I gather that another part of the system was outsourced to an Indian development team. I'm not sure if the client was actually made aware of this, but at the time, I felt concerned that national security might be threatened by this.
Crypto / security | alaric | 
Tue 6th Oct 2009 8:44 am
Subscribe