Lord Toby Harris Logo

Archive for March, 2010

Mar 10,2010

Baroness Manningham-Buller, the former Dame Eliza and Director-General of the Security Service (MI5), gave the Mile End lecture in the House of Lords a few hours ago.  Her topic was “Reflections on Intelligence” and I understand that the text of this will shortly be available on the Parliamentary web-site.

In the Q&A after the lecture one Jack Bauer enthusiast asked her about torture.  She was unequivocal in her reply:

“Nothing – even saving lives – justifies torture.”

She’d earlier made some comments about US “waterboarding” activities at Guantanamo Bay and she added the caustic comment:

“The sad thing is that Cheney, Rumsfeld and Bush watched “24”.”

Mar 9,2010
  • The National Minimum Wage – uprated annually – brenefiting at least a million people per year
  • The shortest waiting times since NHS records began; whatever your condition, you will not have to wait more than 18 weeks from GP referral to the start of hospital treatment
  • Three million more operations carried out each year than in 1997, with more than double the number of heart operations
  • Over 44,000 more doctors
  • Over 89,000 more nurses
Mar 7,2010

Admiral Lord Alan West, the Security Minister, has spoken out today about the cyber-threat that Britain faces.  I am pleased that he has tackled the subject so directly.  Too many businesses and too much of Government have been complacent about what has been happening for years.

When I first started raising the problem in the House of Lords more than five years ago, I was repeatedly assured that there was no significant threat and that the protection around the critical national infrastructure was more than sufficient to fend off any problems.

When I started asking questions of each Government Department about how often their systems had been compromised, it was apparent from the answers that some Departments simply didn’t know.  I was clearly making progress when two years ago, I started being told it was “not in the national interest” to divulge the information.

When I found three reputable penetration-testing companies prepared to check Government systems pro bono, I was assured such external testing was not needed.

Now – at last – the real and present danger of such cyber-attacks is being acknowledged and the necessary systems to combat it are starting to be put in place.  I just hope it is not too little too late.

Mar 7,2010

Liam Fox’s office has been in touch with journalists complaining about Gordon Brown’s visit to British troops.  In an interesting insight into the Tory mindset the troops are described as “political props”.

It is the most cynical of political games to suggest that it is wrong for the Prime Minister to visit now.  Even Liam Fox must know that there will be a General Election in the next few months – for all anyone knows it could be called this month.  Once the Election is announced it will, of course, be difficult for politicians to visit without their motives being misinterpreted.  But what the Tories seem to be arguing is that any visit at any time by the Prime Minister uses the troops as “political props”.

But just imagine the Tories’ complaints if the Prime Minister didn’t visit.

The Prime Minister is right to have gone to Afghanistan to visit British troops – something he has done regularly since he took office.

And it is Liam Fox and Cameron’s Conservatives who are playing politics.

Cynical is hardly an adequate description of their games.

Mar 6,2010

The Guardian this morning produces new evidence of the Conservative Party organisation using surrogates and deniability.  Apparently, a shadowy organisation, called the Young Britons’ Foundation has trained 2,500 Conservative activists including eleven Parliamentary candidates.  The “training” has involved exercises with assault rifles on a shooting range in Virginia and the organisation’s leader has called for the NHS to be scrapped, environmental protestors to be shot and for US-style laws on firearms.  He has also defended waterboarding techniques in interrogation.

Naturally, despite the group’s close links to leading Conservatives, like Daniel Hannan, Eric Pickles, Liam Fox, Michael Gove, Ed Vaizey, David Davis and John Redwood, Conservative Central Office denies that it has official links with the YBF, even though it strongly recommends activists attend Blaney’s courses.

There they go again …..

Mar 5,2010

The DCiC*, Deputy Mayor Kit Malthouse AM, has in a moment of emotional transparency told the readers of  the March issue of The Job (the Metropolitan Police in-house magazine for police officers) about his formative influences.  Lauding the Volunteer Police Cadets scheme and the Scouts Association, he says:

“It is exactly these types of organisations that deserve our support.  They build self-respect, character and a sense of duty to others – qualities we need more of in the capital.”

And then comes the self-revelatory bit:

“In fact, I was an enthusiastic young scout and air cadet and look at the direction my own life went in.”

At this very moment the Scouts Association is planning a new poster campaign:

Kit Malthouse




The DCiC has been in touch.  He thinks I am being a tad unfair.  I’ve told him to blame the picture on the Evening Standard.  But it turns out that what he is really miffed about is that his self-deprecatory exclamation mark at the end of his comment “… and look at the direction my own life went in” was missed off by The Job.

I always knew that there was an irony bypass somewhere in New Scotland Yard so it was probably edited out.

The question is: will heads roll?

Mar 4,2010

It is nice to know that debates and questions in the House of Lords have an impact in the outside world.  In June 2005, I asked the following question in the House of Lords:

“Whether the time spent preparing the e-Government Unit’s document, Tomatoes are not the only fruit: a rough guide to taxonomies, thesauri, ontologies and the like, represents value for money.”

This was not, of course, entirely serious, although it did seem to me to be a particularly jargon-led approach to promoting e-government and the wrong approach to making e-government easy and accessible.

I haven’t thought about the matter since then, so I supposed I should be flattered/embarrassed to discover it appearing yesterday in a blog hosted by the School of Library and Information Studies at the University of Alabama.  The blog has the catchy title: “Metalogues from the Delta” (I wish I’d thought of that one first) and is subtitled “A Bama SLIS student’s weblog on all things metadata”.

The blog’s first paragraph is a classic:

“While reading Heather Hedden’s “Better Living Through Taxonomies,” I couldn’t help but be reminded of a brief article on taxonomy that circulated about Dr. MacCall’s LS 500 class during my first semester in the MLIS program. Really, how could anyone forget a title like Tomatoes are not the only fruit: a rough guide to taxonomies, thesauri, ontologies and the like?”

And the blog then refers to another earlier blog entitled 

025.431: The Dewey blog

Clearly, there is a big academic market out there for Lords debates.

For those who want the original exchange here it is:

e-Government Unit

11.22 am

Lord Harris of Haringey asked Her Majesty’s Government:

    Whether the time spent preparing the e-Government Unit’s document, Tomatoes are not the only fruit: a rough guide to taxonomies, thesauri, ontologies and the like, represents value for money.

Lord Bassam of Brighton: My Lords, yes, the document was published in 2002 by the Office of the e-Envoy, at the request of technical users in government who were new to the subject. It was produced in-house at an estimated cost of less than £100.

Lord Harris of Haringey: My Lords, I am grateful to my noble friend for that information. I ask him to congratulate the civil servants concerned on the diligence and speed with which they must have produced 12,000 words and four charts on the subject of Tomatoes are not the only fruit, containing such gems of information as:

    “How long has it been for many of us since the primary meaning of the word ‘mouse’ has been ‘a small furry mammal that frightens elephants?'”,

 or the information that carrots can be either salad or root vegetables. That will no doubt come in very helpful in promoting e-government.

Can we also congratulate the authors of the Guide to Meta-Tagging with the Integrated Public Sector Vocabulary, which gives another eight pages of valuable advice and information? It includes the information that the phrase “common agricultural policy” may appear under the phrase “European Union” or under “Farming” but will mean the same under both.

Given the diligence of the civil servants in the unit, can the Minister assure the House that the same energy and effectiveness is being applied to delivering information security throughout the public sector? Are such arrangements susceptible, or likely to be susceptible, to external challenge?

Lord Bassam of Brighton:

My Lords, I shall of course pass on my noble friend’s congratulations. However, I have a sneaking suspicion that civil servants are, as we speak, listening carefully to his kind congratulations and warm words.

As to my noble friend’s second point, there is an important issue at root here—I said that with a straight face. The Government are paying careful attention to those information security issues. The document, although it has attracted a certain levity, is, I am sure, most useful to those who work in government IT services.

Earl Ferrers: My Lords, can the Minister not pass on congratulations to the civil servants on producing a document that is completely incomprehensible to a normal person and really does not make any sense at all? Why cannot they learn to write English?

Lord Bassam of Brighton: My Lords, having looked at the document, which has a modest number of words, I disagree with the noble Earl. I believe that IT users in the business will probably find it very helpful and useful. Certainly, when I read it, I began to understand notions relating to taxonomies, thesauri and ontologies.

Lord Maclennan of Rogart: My Lords, although the use of what the Civil Service calls “controlled vocabulary” may operate as a disincentive to get online  
to the Government, can the Government say whether there has been a significant improvement in access to e-government over the past two years? It was made clear in June 2003 that only one-tenth of the population was using the online e-government services, as compared with 50 per cent of the population in Canada, with its single portal.

Lord Bassam of Brighton: My Lords, there have been improvements, and I am sure that the e-Government Unit is aware of its role and responsibility in ensuring that those improvements continue. There is an increasing number of visits to government websites and increased participation—as I understand—in www.govtalk.gov.uk. So I believe that people are learning their way around the system.

Lord St John of Bletso: My Lords, would the Minister comment on how successful the OGC has been in implementing Sir Peter Gershon’s e-government efficiency review?

Lord Bassam of Brighton: My Lords, I can only at large and in general say that I believe that there have been improvements. The work of Sir Peter Gershon has been widely welcomed throughout government, and our IT record is one of continued improvement and success.

Viscount Eccles: My Lords, is the Minister aware that if he were unfortunate enough to have cancer of the bladder, medical advice would be that he should eat no more tomatoes? Is that information on the website?

Lord Bassam of Brighton: My Lords, not that I am aware, no.

Lord Peyton of Yeovil: My Lords, I really wonder whether the noble Lord is aware of the extent to which he has attracted to himself this morning the wholehearted sympathy of the House at the appalling ordeal that he has had to go through in not giving a single answer to a question and really fluffing what he has said beyond the limits of comprehension.

Lord Bassam of Brighton: My Lords, the noble Lord always makes generous remarks across the House, and I suppose that I have to be the beneficiary of those remarks on some occasions.

Mar 4,2010

The former Director of the National Security Agency under President Clinton and Director of National Intelligence under president George W Bush, Mike McConnell, writing in the Washington Post, has expressed his concern that the USA is losing the cyber war.

He says:

“The United States is fighting a cyber-war today, and we are losing. It’s that simple. As the most wired nation on Earth, we offer the most targets of significance, yet our cyber-defenses are woefully lacking.

The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge.

The stakes are enormous. To the extent that the sprawling U.S. economy inhabits a common physical space, it is in our communications networks. If an enemy disrupted our financial and accounting transactions, our equities and bond markets or our retail commerce — or created confusion about the legitimacy of those transactions — chaos would result. Our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy as well.

These battles are not hypothetical. Google’s networks were hacked in an attack that began in December and that the company said emanated from China. And recently the security firm NetWitness reported that more than 2,500 companies worldwide were compromised in a sophisticated attack launched in 2008 and aimed at proprietary corporate data. Indeed, the recent Cyber Shock Wave simulation revealed what those of us involved in national security policy have long feared: For all our war games and strategy documents focused on traditional warfare, we have yet to address the most basic questions about cyber-conflicts.

What is the right strategy for this most modern of wars? Look to history. During the Cold War, when the United States faced an existential threat from the Soviet Union, we relied on deterrence to protect ourselves from nuclear attack. Later, as the East-West stalemate ended and nuclear weapons proliferated, some argued that preemption made more sense in an age of global terrorism.

The cyber-war mirrors the nuclear challenge in terms of the potential economic and psychological effects. So, should our strategy be deterrence or preemption? The answer: both. Depending on the nature of the threat, we can deploy aspects of either approach to defend America in cyberspace.

During the Cold War, deterrence was based on a few key elements: attribution (understanding who attacked us), location (knowing where a strike came from), response (being able to respond, even if attacked first) and transparency (the enemy’s knowledge of our capability and intent to counter with massive force).

Against the Soviets, we dealt with the attribution and location challenges by developing human intelligence behind the Iron Curtain and by fielding early-warning radar systems, reconnaissance satellites and undersea listening posts to monitor threats. We invested heavily in our response capabilities with intercontinental ballistic missiles, submarines and long-range bombers, as well as command-and-control systems and specialized staffs to run them. The resources available were commensurate with the challenge at hand — as must be the case in cyberspace.

Just as important was the softer side of our national security strategy: the policies, treaties and diplomatic efforts that underpinned containment and deterrence. Our alliances, such as NATO, made clear that a strike on one would be a strike on all and would be met with massive retaliation. This unambiguous intent, together with our ability to monitor and respond, provided a credible nuclear deterrent that served us well.

How do we apply deterrence in the cyber-age? For one, we must clearly express our intent. Secretary of State Hillary Rodham Clinton offered a succinct statement to that effect last month in Washington, in a speech on Internet freedom. “Countries or individuals that engage in cyber-attacks should face consequences and international condemnation,” she said. “In an Internet-connected world, an attack on one nation’s networks can be an attack on all.”

That was a promising move, but it means little unless we back it up with practical policies and international legal agreements to define norms and identify consequences for destructive behavior in cyberspace. We began examining these issues through the Comprehensive National Cybersecurity Initiative, launched during the George W. Bush administration, but more work is needed on outlining how, when and where we would respond to an attack. For now, we have a response mechanism in name only.

The United States must also translate our intent into capabilities. We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable. The technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies and trading partners so they will do the same.

Of course, deterrence can be effective when the enemy is a state with an easily identifiable government and location. It is less successful against criminal groups or extremists who cannot be readily traced, let alone deterred through sanctions or military action.

There are many organizations (including al-Qaeda) that are not motivated by greed, as with criminal organizations, or a desire for geopolitical advantage, as with many states. Rather, their worldview seeks to destroy the systems of global commerce, trade and travel that are undergirded by our cyber-infrastructure. So deterrence is not enough; preemptive strategies might be required before such adversaries launch a devastating cyber-attack.

We preempt such groups by degrading, interdicting and eliminating their leadership and capabilities to mount cyber-attacks, and by creating a more resilient cyberspace that can absorb attacks and quickly recover. To this end, we must hammer out a consensus on how to best harness the capabilities of the National Security Agency, which I had the privilege to lead from 1992 to 1996. The NSA is the only agency in the United States with the legal authority, oversight and budget dedicated to breaking the codes and understanding the capabilities and intentions of potential enemies. The challenge is to shape an effective partnership with the private sector so information can move quickly back and forth from public to private — and classified to unclassified — to protect the nation’s critical infrastructure.

We must give key private-sector leaders (from the transportation, utility and financial arenas) access to information on emerging threats so they can take countermeasures. For this to work, the private sector needs to be able to share network information — on a controlled basis — without inviting lawsuits from shareholders and others.

Obviously, such measures must be contemplated very carefully. But the reality is that while the lion’s share of cybersecurity expertise lies in the federal government, more than 90 percent of the physical infrastructure of the Web is owned by private industry. Neither side on its own can mount the cyber-defense we need; some collaboration is inevitable. Recent reports of a possible partnership between Google and the government point to the kind of joint efforts — and shared challenges — that we are likely to see in the future.

No doubt, such arrangements will muddy the waters between the traditional roles of the government and the private sector. We must define the parameters of such interactions, but we should not dismiss them. Cyberspace knows no borders, and our defensive efforts must be similarly seamless.

Ultimately, to build the right strategy to defend cyberspace, we need the equivalent of President Dwight D. Eisenhower’s Project Solarium. That 1953 initiative brought together teams of experts with opposing views to develop alternative strategies on how to wage the Cold War. The teams presented their views to the president, and Eisenhower chose his preferred approach — deterrence. We now need a dialogue among business, civil society and government on the challenges we face in cyberspace — spanning international law, privacy and civil liberties, security, and the architecture of the Internet. The results should shape our cybersecurity strategy.

We prevailed in the Cold War through strong leadership, clear policies, solid alliances and close integration of our diplomatic, economic and military efforts. We backed all this up with robust investments — security never comes cheap. It worked, because we had to make it work.

Let’s do the same with cybersecurity. The time to start was yesterday.”

This is powerful stuff.

And it begs the question for the UK: given the substantial level of resources that the United States Government invests in this area, compared with the investment in this country, where does that leave us?  And are we contemplating the sort of joint working between Government and industry that he advocates?

Mar 3,2010

I have had a rather scary thought.

This evening there was a meeting of the Labour Peers’ Group.  Now normally I follow a strict rule that I never post on this blog about private meetings I have attended, nor reveal any privileged information I acquire on such occasions.  However, to explain my scary thought I have to reveal just a little about this meeting. (I promise I won’t deviate again.)

This evening’s meeting received an oral briefing from Black Rod, who is amongst other things responsible for security in the House of Lords and about which he was briefing colleagues.

I have just remembered the last time Black Rod (or rather his predecessor) attended a meeting of the Labour Peers. It was for a similar purpose.  And I remember on the previous occasion a number of (very) senior colleagues making scathing remarks about the need for any greater security in the Palace of Westminster (there was no repetition this evening I am pleased to say).

And the date of this previous visit? 

Wednesday 6th July 2005. 

Remember what happened the following morning ……

Mar 2,2010

Earlier today, a leading Islamic scholar, Dr Muhammad Tahir-ul-Qadri, issued a comprehensive fatwa which in 600 pages of argument ruled that terrorists were enemies of Islam, that suicide bombers were heading for hell, and that “There is no place for any martyrdom and their act is never, ever to be considered Jihad.”

The fatwa was issued in London at an event organised and funded by Minhaj-ul-Quran International (MQI) UK.  I heard about this from the Quilliam Foundation, which said:

“This fatwa has the potential to be a highly significant step towards eradicating Islamist terrorism. Fatwas by Wahhabi-influenced clerics and Islamist ideologues initiated modern terrorism against civilians. Terrorist groups such as al-Qaeda continue to justify their mass killings with self-serving readings of religious scripture.  Fatwas that demolish and expose such theological innovations will consign Islamist terrorism to the dustbin of history.”

This is apparently the most comprehensive fatwa (religious ruling) on terrorism ever issued and will set a clear context for those Muslims who are seeking a clear lead from mainstream scholars.