MPs’ Cybersecurity Admissions Highlight Need For Culture Change At Westminster

What do you think would happen to you at work if the IT department found some suspect activity on your work PC and you tried to argue that it couldn’t have been you because you routinely share your login credentials?

It’s unlikely that admitting to either offence would let you off the hook, but that’s exactly what MP Damian Green is attempting to do. And it seems several MPs are supporting his excuse, claiming that sharing passwords is common practice in Westminster.

“My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!” declared Nadine Dorries on Twitter.

Parliament cybersecurity

Dorries was supported by her conservative colleagues Robert Syms and Nick Boles, while Will Quince not only admitted to it but went one step further and said he frequently left his machine unlocked.

The MPs seemed to think that being busy people excuses them from basic security measures, ignoring the fact that their computers receive communications from constituents and demand privacy.

It also opens their machines up to abuse – giving someone with less than pure intentions access to Westminster networks to stage cyberattacks or to stage social engineering assaults.

The whole point of having a user name and password is to protect the user and their data, and allow IT departments to track use. If Damian Green hadn’t shared his login details as he claims to have done, it would have been quite easy for investigators to find out who accessed porn on his system.

The admissions make a number of things clear. Firstly, it serves as a warning to organisations that people are just as much a threat to cybersecurity as hackers and malware.

Secondly, it demonstrates an element of security fatigue, with many seeing basic protection recommendations as simply too much to bother with.

“All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, ‘what is the password?’” continued Dorries.

It seems that for some politicians, those enforcing cybersecurity policies are jobsworths and are to be treated with the same disdain that they might greet health and safety or political correctness.

It’s clear that security at Westminster has some massive problems and many MPs need to be reminded of their obligations and perhaps re-educated. The human element of cybersecurity cannot be ignored and it’s not enough to claim there’s nothing interesting on your PC, as Dorries has done, as our elected officials have a duty to the people they represent.

Finally, its concerning that many in Parliament have such a primitive knowledge of technology. Given our politicians are responsible for surveillance, has waged war on encryption, and believes the sector can be a pillar of the post-Brexit economy, a change in culture is needed.

Do you know all about security in 2017? Try our quiz!