I and colleagues on the Foreign Affairs Committee were alarmed to read the enclosed report in The Sunday Times on 22 December[1].

  I would be grateful to receive a note on the matters covered in this report, and setting out what steps the FCO is taking to deal with leaks of sensitive material. The Committee is content that the note should be classified, if necessary.

Chairman of the Committee

December 2002

  Thank you for your letter of 24 December in which you asked for a note on press reports about leaks of FCO documents and alleged weaknesses in FCO computer systems.

  The Sunday Times article is correct in saying that FCO document appeared on an American website on two occasions before December. The first occasion involved three internal minutes classified Restricted and Confidential recording meetings and discussions about FCO computer systems. The second occasion involved an FCO reporting telegram of a visit to London by the then Secretary of the Russian Security Council, Sergei Ivanov. On both occasions, the documents were more than two years old.

  We take all security breaches seriously and this is no exception. The documents were widely available on the FCO central database but we are carrying out a detailed investigation to try to identify source of these leaks.

  The Observer also published an article on 22 December containing allegations about FCO computer systems. The claims are vague, generalised and, in places plain wrong.

  I attach a note on the allegations made in The Observer article[2]which might be of interest to the Committee. (Annex A)

Rt Hon Jack Straw MP

Secretary of State, Foreign and Commonwealth Office,

January 2003

FCO IT Systems: Comments on Observer article

  In 2000-01 the FCO undertook a major exercise to transform its IT platform from a UNIX based system called Aramis to a Windows based system, Firecrest. This was a complex undertaking. One of the more difficult aspects was the transfer of documents from the Secret Aramis system to Confidential Firecrest. The objective was to transfer only documents classified CONFIDENTIAL and below from Aramis to Firecrest. But existing technology is such that when documents are copied from one system to another, documents of a higher classification may also be transferred in the process. As part of the contingency plan in place to mitigate this risk, the Firecrest Help Desk conducted a spot check, and, in the process, found a small number of illegally-migrated documents in the new Firecrest Registry. These had been illegally transferred because they had been mistakenly registered on Aramis with the wrong classification. The Firecrest Registry Server was closed down for a few hours while these documents were deleted, but at no time was there a general system shutdown.

  The FCO's response was rapid, positive and clear. The migration software was modified to ensure that subsequent document transfers excluded information classified above Confidential from Firecrest. And the Head of the Information Management Group wrote to all Heads of Departments asking that the Departmental System Administrator review the security classifications of documents registered on Firecrest.

  The comments in the article about Aramis are confused. Aramis is capped at Secret. Top Secret work is carried out on Fortress. The Fortress user community is small and concentrated in those Departments that have a very good understanding of security. It is most unlikely that a Fortress user would deliberately classify a document at Secret rather than Top Secret in order that it could be processed on Aramis. If anything it is possible that a user would opt to classify at Confidential rather than at Secret and thus be able to use the many applications on Firecrest rather than the less user-friendly facilities on Aramis. There is no evidence that this has been happening. FCC staff have, on many occasions during the past few years, been reminded of the importance of correctly classifying information and ensuring that it is only transmitted over the correct, secure channels. They have been warned that failure to abide by these rules could lead to disciplinary action.

  The allegation of weak physical and technological security and poor crisis management is another example of unfounded opinion rather than fact. The Firecrest system and its architecture has been designed to meet central Government security rules. It has been accredited as conforming to such by the FCO's internal security authorities and the UK National Authority. Firecrest operates at three levels, Confidential, Restricted and UBS. Only users with the necessary security clearance have access to Confidential Firecrest and there is a firewall boundary between the networks which conforms to national security standards. Access to the Firecrest Registry is indeed possible from any PC in the FCO and encourages the sharing of information throughout the organisation. But all Firecrest users with access to the Registry have the necessary security clearance and all PCs are protected with passwords which meet national security standards. All communications between UK Firecrest and Confidential Firecrest systems in Posts overseas are protected by encryption approved by the National Authorities.

  Neither Fortress nor Aramis are equipped to send documents or electronic mail to an address that is not within their respective networks. Fortress terminals have removable hard disks, which are locked away overnight. Aramis servers are housed in secure cabinets. The terminals are again protected by an approved password system and are "dumb terminals" (they have no intelligence that would allow data to be recovered from them when they are not in use).

  A great deal of effort has been put into improving the resilience of the Firecrest system, particularly in the aftermath of the 11 September attacks, and the FCO believes it now has a system which can withstand all predictable system failures, and which has appropriate security safeguards against unauthorised attacks.

2   The Observer, 22 December 2002, p1. Back