The latest journal from the Royal United Services Institute contains a perceptive article, entitled “Terrorism: The New Wave“, which was widely reported last Friday.

It follows concerns I raised in the House of Lords last month:

“Lord Harris of Haringey: My Lords, what is the rate of conversion to Islam within prisons and what steps are the Prison Service taking in terms of monitoring radicalisation and external speakers who come into prisons?

Lord McNally: I do not have precise figures on conversions, but I know the background to this question of whether or not there is radical Islamisation in prisons. The studies that I have been shown reveal no conclusive evidence of this, although there are examples which give rise to concern. The staff and the wider Prison Service keep a close eye on imams in prisons. Bringing them in to lecture, preach and minister within prisons has been one of the benefits, but we must make sure that it is a positive influence, as the noble Lord suggested.”

The RUSI study warns that one of the key threats from this next generation of terrorists comes from within the ranks of the 8,000 Muslims currently serving prison terms who are at risk of being converted to extremism by hardcore inmates jailed for terrorist offences.

The report cites estimates by prison probation officers that up to one in 10 Muslim inmates are being successfully targeted while inside jail, leading to the creation of a new generation of potential attackers who are due for release in the next decade and whose previous convictions do not relate to terrorism.

The report suggests that radicalisation is taking place in British prisons at a rapid rate, especially in the eight high-security establishments where most terrorism offenders are detained.

However, newspaper reports the study’s findings as being dismissed by the Coalition Government:

“The Ministry of Justice said it did not agree that radicalisation was widespread within the prison system. A spokesman said: “We run a dedicated expert unit to tackle the risk posed by those offenders with violent extremist views and those who may attempt to improperly influence others.”"

The response smacks of complacency.  I trust the complacency does not extend to one of the other major findings that large-scale and co-ordinated attacks such as the 7 July bombings are likely to be replaced with terrorist assaults by highly motivated but poorly trained lone individuals whose lack of connection with any major terrorist organisation will make them more difficult for police or MI5 to detect.

RUSI, which is very well-connected and whose reports are normally highly respected, has produced a timely and important contribution to the discussion of the terrorist threat faced by the UK.  Its conclusions should be taken seriously and not brushed aside by the Government.

The Washington Post reports that the US Deputy Defense Secretary has publicly acknowledged what is being described as the most significant breach of U.S. military computers.

The cause was a flash drive inserted into a U.S. military laptop in the Middle East in 2008.

And the consequence was that the malicious code, which had been placed on the drive by a foreign intelligence agency, uploaded itself onto the network run by the U.S. military’s Central Command. Apparently, the code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.

This disclosure was apparently part of a deliberate strategy to raise the awareness of the US Congress and the American people of the cyber-threat being faced by the USA.  Apparently, the Pentagon’s 15,000 networks and 7 million computing devices are being probed thousands of times daily and the US Government’s concern is that cyberwar is asymmetric and that traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult to identify the instigator of an attack.

The problems faced by the Pentagon are no doubt faced – on a smaller scale – by the UK Ministry of Defence and the British armed services.  I do not, however, detect a similar openness about the threat by the UK’s Coalition Government – perhaps because the strategy to address the problem is nothing like as well-developed as it should be.

One of the disturbing features of the last few years has been the way in which terrorist techniques honed in the war zones of Iraq and Afghanistan have subsequently been used elsewhere in the world.

So a news article in Homeland Security Newswire should be considered not only for the horror of what it describes, but as a warning of a tactic that might be used by terrorists thousands of miles away.  The article reports that:

“The Taliban continues its violent campaign to push Muslim women back into Medieval times; in Afghanistan, the Taliban is pursuing a campaign against girls’ education; the organization’s latest tactics: poisonous gas attacks on girls’ schools, aiming to scare students and teachers; Taliban operatives launched eight poisonous gas attacks on girls schools since April, and earlier today it launched the ninth attack, this time against a girls high school.

Dozens of school girls and teachers were sickened today (Wednesday) by poison gas in Afghanistan, medical and government officials said. The latest incident, this one at a high school, is the ninth such case involving the poisoning of school girls, said Asif Nang, spokesman for the nation’s education ministry (“Taliban uses poisonous gas in attack on Kabul girls school,” 5 May 2010 HSNW).”

The BBC reports today on the loading of the first nuclear fuel at the Bushehr reactor in Iran tell us that the international community can be reassured on the basis that (1) the nuclear fuel rods are all being supplied by Russia and (2) the spent rods and waste will go back to Russia.

At the risk of sounding like an unreconstructed cold warrior, I have to confess to not finding this at all reassuring.

Why does Russia want to do this and what do they expect to get out of it?

And as for the waste, the work I have been doing in recent months on the safeguards (or lack of them) at reprocessing plants hardly makes any of this sound any better.

Please somebody persuade me that this is good news ….

Thanks to my good friends at Team Cymru, I have been keeping up-to-date on current developments on cyber security while I have been away.

Two items, in particular, caught my eye.

The first was that India is now developing its own army of software professionals to hack computer systems of hostile nations.

The second was about the vulnerability of major companies to “spoofing” – plausible sounding cold callers seeking information over the telephone AND being provided with enough material to assist hackers to penetrate information systems.  Apparently, at the recent DefCon conference in Las Vegas there was a “social engineering” contest challenging hackers to call workers at 10 companies including Google, Apple, Cisco, and Microsoft and get them to reveal too much information to strangers.  According to an article in The Age,  one employee was conned into opening programs on a company computer to read off specifications regarding types of software being used, details that would let a hacker tailor viruses to launch at the system.

The article continued:

‘”You often have to crack through firewalls and burn the perimeter in order to get into the internal organisation,” said Mati Aharoni of Offensive Security, a company that tests company computer defences.

“It is much easier to use social engineering techniques to get to the same place.”

Other companies targeted were Pepsi, Coca Cola, Shell, BP, Ford, and Proctor & Gamble.

The contest, which continued Saturday at DefCon and promises the winner an Apple iPad tablet computer, is intended to show that hardened computer networks remain vulnerable if people using them are soft touches.

“We didn’t want anyone fired or feeling bad at the end of the day,” Aharoni said. “We wanted to show that social engineering is a legitimate attack vector.”

A saying that long ago made it onto t-shirts at the annual DefCon event is “There is no patch for human stupidity.”

“Companies don’t think their people will fall for something as simple as someone calling and just asking a few questions,” Hadnagy said.

“It doesn’t require a very technical level of attacker,” Aharoni added. “It requires someone with an ability to schmooze well.”

One worker nearly foiled a hacker by insisting he send his questions in an email that would be reviewed and answered if appropriate.

The hacker convinced the worker to change his mind by claiming to be under pressure to finish a report for a boss by that evening.

“As humans, we naturally want to help other people,” Hadgagy said. “I’m not advocating not helping people. Just think about what you say before you say it.”

I suspect most organisations and businesses in the UK would be vulnerable to this sort  of approach …..

From 25th September 2009:

The Parliament Education Service runs an annual Discover Parliament Programme aimed at 16-18 year olds studying higher level politics, citizenship and general studies.  This afternoon I met 80 students taking part in the Programme.  They were from three schools in Pinner, Chelmsford and Bristol.

As ever on such occasions, the questioning was lively, sometimes challenging and extremely wide-ranging.  We covered – amongst other things – such topics as:

• aren’t MPs too old (I’d explained that the average age of members of the House of Lords is 69);
• why aren’t 16 year olds allowed to vote or to sit in Parliament;
• what did I think of Gordon Brown;
• should taxes be put up in the current economic situation;
• should the age for getting a driving licence change;
• what were my views about David Cameron, Lord Mandelson and the BNP (interesting grouping);
• what should be done about knife crime and gangs;
• was “kettling” of G20 protesters fair (from a teacher);
• should children be taught more about current affairs;
• did the LibDems have a better record on MPs’ expenses;
• is the threat of terrorism rising;
• should there be limits on immigration;
• was the war in Iraq right; and
• did I think Labour would win the next General Election and when would it be?

As I said, a lively hour – and an exhilarating one too.

Effectively, these Discover Parliament programmes can only take place during school term time and when Parliament is not sitting.  In practice that means they are only possible for about four weeks a year from the early part of September.  A by-product of Speaker John Bercow’s proposal to shorten Parliament’s summer recess might well be to end these programmes. Whatever the merits or otherwise of Parliament sitting in September (something I personally would favour), it would be a retrograde step to lose this outreach work with young people.

I have already explained that I really don’t mind.

However, just in case you really really want to cast your vote for this blog in the Total Politics annual beauty parade, this is what you have to do:

The rules are:
1. You must vote for your ten favourite blogs and rank them from 1 (your favourite) to 10 (your tenth favourite).
2. Your votes must be ranked from 1 to 10. Any votes which do not have rankings will not be counted.
3. You MUST include at least FIVE blogs in your list, but please list ten if you can. If you include fewer than five, your vote will not count.
4. Email your vote to toptenblogs@totalpolitics.com
5. Only vote once.
6. Only blogs based in the UK, run by UK residents or based on UK politics are eligible. No blog will be excluded from voting.
7. Anonymous votes left in the comments will not count. You must give a name.
8. All votes must be received by midnight on 31 July 2010. Any votes received after that date will not count.

So I’m not asking you to do it, but I really won’t mind if you do……

I have already explained that I really don’t mind.

However, just in case you really really want to cast your vote for this blog in the Total Politics annual beauty parade, this is what you have to do:

The rules are:
1. You must vote for your ten favourite blogs and rank them from 1 (your favourite) to 10 (your tenth favourite).
2. Your votes must be ranked from 1 to 10. Any votes which do not have rankings will not be counted.
3. You MUST include at least FIVE blogs in your list, but please list ten if you can. If you include fewer than five, your vote will not count.
4. Email your vote to toptenblogs@totalpolitics.com
5. Only vote once.
6. Only blogs based in the UK, run by UK residents or based on UK politics are eligible. No blog will be excluded from voting.
7. Anonymous votes left in the comments will not count. You must give a name.
8. All votes must be received by midnight on 31 July 2010. Any votes received after that date will not count.

So I’m not asking you to do it, but I really won’t mind if you do……

Apparently, last weekend the Vatican was subjected to a cyber attack from an unknown source.  According to the Rome-based Zenit News Agency, the attack meant that anyone typing Vatican into Google was directed to the site “www.pedofilo.com” as the first suggestion, rather than the proper Vatican Web page.  According to the Agency:

“When this misdirection was discovered, Google was informed, said Jesuit Father Federico Lombardi, director of the Vatican press office.

The Internet organization immediately apologized and assured the Holy See that it would do what it could to resolve the problem as soon as possible.

On Sunday morning the problem seemed to be corrected, as users were once again directed to the proper Vatican Web page upon initiating a search for it.

Although the person who caused this problem has not been found, the indications suggested that the operation may have been carried out by someone who had significant knowledge of how Google functions.”

Heavens!  Is nothing sacred?

I have just had a meeting with a senior civil servant in his office in one of the more security-conscious parts of the Whitehall diaspora. I couldn’t help noticing the four separate screens on his desk. When I asked, he explained that one screen allowed him to access public material, one monitor was linked to a computer system that was authorised to handle material up to a RESTRICTED classification, another to a system that could handle CONFIDENTIAL material, and the fourth was – you guessed it – was for SECRET items.
I was suitably impressed.