All the latest UK technology news, reviews and analysis
|
|
|
23 Jun 2011
The Police National Database launched on Wednesday to provide law enforcers across the country with access to a pool of shared intelligence on crime, but some experts have raised data security concerns over the single repository of sensitive information.
The Home Office-funded project, implemented by service firm Logica and launched by the National Policing Improvement Agency (NPIA), was created in response to the Soham murder inquiry.
The inquiry found that the inability of police forces to routinely share information electronically was a major hindrance that meant killer Ian Huntley wasn't arrested before he murdered schoolgirls Holly Wells and Jessica Chapman.
The database itself, which is already being used to good effect by law enforcers across the country, is accessible only by authorised and vetted users, according to the NPIA.
Smartcard technology enables the user to log-in, with roles-based access controls ensuring users are only able to view information relevant to their role, while auditing systems have also been implemented to deter misuse.
However, security experts maintain that creating a single repository for sensitive information on criminals as well as victims could lead to a greater risk of data breach.
Alex Teh, director at security vendor Vigil Software, argued that while the database is a positive step in creating a more joined-up system, it has effectively created "one point of vulnerability".
"The reality with central databases such as this is that you're only as good as your weakest link – as all police forces across the UK will now be able to access the database to share intelligence, there needs to be a joined up process for data protection," he said.
"It only takes one weak access connection at one police force for data to get into the wrong hands."
Rob Cotton, chief executive of security consultancy NCC Group. argued that a centralised database such as this act like "a hacker's honeypot".
"Any database that holds personal information should be protected with stringent security measures, but unfortunately the more data is united in one place, the more criminal activity is attracted," he told V3.co.uk.
"Although the claim that LulzSec accessed this year's census data turned out to be a hoax, the reverberations are significant. Organisations should always be wary about bringing such huge volumes of potentially sensitive information into one place, and questioning its necessity."
Martin Lee, senior software engineer at Symantec.cloud agreed that the database could be an attractive target for hackers, but added that designing it to store information securely is not an impossible task.
"Problems tend to occur when organisations store personal information without considering that the information warrants protection and that it may be subject to attack by hackers. The police database is almost certainly to be a system that has been designed with security considerations in mind," he told V3.co.uk.
"One thing is sure, the costs of dealing with the damage of a successful attack are much more than the costs of providing adequate protection in the first place."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Ihre Aufgaben Sie sind zuständig für die Beratung...
***MS Visual Basic Programmierer mit Oracle DB-Erfahrung...
IT Business Analyst Location: London, but...
Senior Software Developer Company overview...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
There are questions still to be asked
The announcement of the Police National Database must be welcomed as a major step forward by the British government in centralising vital information on serious crimes within the UK. We have seen repeatedly that the siloing of information by security departments, ministries and agencies actually undermines efforts to reduce crime, while the integration of data positively aids in efforts to prevent crime and conduct investigations. However, as with all such initiatives, there are some important questions to be asked. For example, how is the information within the database being monitored and overseen? And even if the central database is being monitored, it is just as important to monitor the individual data sources (i.e. the forces’ databases) and their integration. Logical rules will therefore have to be carefully designed to ensure that the replication of the data from the local databases into the central network does not cause conflicts, duplicates or even misinformation – even worse, poor data management will easily cause confusion in the field. Furthermore, as with all central databases in any industry or sector, the more people or agencies who access it, the greater the likelihood of errors. Indeed, will there be auditable records of officers’ access and usage so as to be able to identify any accidental misuse of data? In a similar vein, are there extensions planned that will regulate the data and its use so as to protect the innocent – certainly a concern that will be vocally repeated by privacy lobbies. While there is certainly a long way to go before the ideal scenario of fully integrated and co-operative security agencies, this integration of county police forces’ data is a promising step forward, pending these important – and potentially emotive – questions being answered. Peter Forrest DPM Systems www.dpmsys.com Managing Director
Posted by: Peter Forrest, DPM Systems 24 Jun 2011