The E-team: Parliament and cyber security

Episode • Oct 20, 2022 • 5m

Parliament takes security seriously, but not just the physical kind. Sometimes the biggest risks arrive through the smallest holes.

Parliament takes security seriously. Getting into the precinct is similar to going through an airport.

But it's not just physical security they focus on, because the biggest threats can come in through the smallest holes.

Parliament has its own Cyber Security team headed by Derek Robson. They manage a wide range of risks ranging from phishy or threatening emails through to preventing electronic spying or other state sanctioned e-naughtiness.

Listen to the audio interview with Derek Robson this story is derived from.

no caption

For example Derek Robson's team provide travelling MPs with burner phones and laptops if they are heading somewhere problematic.

"We'll hook them up with a cellphone that's blank: fresh phone number, no contacts, no data. They can use it while they're travelling. When it comes back we can clean it, wipe it, or potentially shred it."

Yes he did actually include "shred it" as one of the options.

The world has moved on since the days of Le Carre, as Robson makes clear. "You don't need to get a spy into the embassy if you can get a USB stick into the embassy."

Bread and butter emails

But most of us are not potentially targets for professional spies. For most people at Parliament cyber security involves emails and they get baskets of dodgy ones.

Every MP's email is publicly available, so constituents can contact them. But this public face also opens them up to more spam and threats than most of us need to worry about. Especially as Parliament keeps its email filtering light so as not to prevent freedom of (irate) expression.

So what sort of dodgy emails do MPs and their staff get thrown at them? Mostly they get the usual spammy emails.

Fake appeals to donate money on behalf of say, "the Armed Forces of Ukraine". Exciting news that they are owed millions from a fake estate. Convincing looking alerts to pay for an incoming parcel. Fake log-ins and requests to "confirm their account details".

But they also get much nastier scams.

Sophisticated fake blackmail threats claiming to have accessed their computers and stolen data and demanding... payment. Bomb threats demanding... payment. Sextortion threats...demanding payment.

"Before you consider sharing this with an accomplice or that IT guy, consider that you will be exposing your little secret to a third party with many eyebrows raised in disgust... ." I think they mistranslated 'accomplice' for 'colleague' but you get the idea…

Go to this episode on rnz.co.nz for more details

Activity

Switch to the Fountain App

Open in Fountain