- 23 Apr 2019
Date received: 18/03/2019
Date responded: 04/04/2019
2. What summaries / reports does the department have about its cyber security? Please indicate the public facing reports.
3. Has the Department risk assessed the threat posed by social media, especially that owned by foreign corporations and countries and especially US and CIA? What summaries does the department have of this information, including any public facing ones?
4. What social media apps are allowed on the Departments phones and computers? Which are installed?
5. Are Facebook, Google and Twitter apps allowed to be installed and or used on Department computers and mobile phones?
7. If the answer to Qu 5 and Qu 6 are yes, how does the Department stop companies / CIA spying utilising microphones, cameras, and GPS data on those devices?
8. Has the department informed staff of the risk of spying and eavesdropping via social media apps? If so please send a copy of the memo / paper.
9. Has the Department contributed material to the Cabinet Office as part of the cyber security strategy? If so what?
10. Has the Secretary, Ministers or the top 3 civil servants in the Department been briefed about QAnon?
11. If so please indicate the date and the type of recorded information that has been briefed so that any future request may be narrowed down, as per Section 16 of the UK freedom of Information Act and Information Commissioner Guidance.
12. Has the Department any other recorded information on Q / QAnon ? If so please indicate the date and the type of recorded information that has been briefed so that any future request may be narrowed down, as per Section 16 of the UK freedom of Information Act and Information Commissioner Guidance. (If there is a mass of information that will take the request over the time limit, please disregard this question)
While our aim is to provide information whenever possible, in this instance an exemption under section 30(c) of FOISA (prejudice to effective conduct of public affairs) applies to your request.
Disclosing this information would substantially prejudice our ability to carry out the effective conduct of public affairs.
Providing details about the information you have requested into the public domain could subsequently be used by threat actors, taking into consideration both the external and insider threat, to evade any controls we might or might not have in place. This could therefore enable them to target specific types of attack or data exfiltration methods and would constitute substantial prejudice to the effective conduct of public affairs.
None of these reports are public facing.
Yes, the risk from social media has been assessed.
Departmenal computers and mobile phones have access to all mainstream social media platforms.
Social media platfroms are not installed on our departmental computers but users have access to these via their internet browser.
Users are permitted to install offical social media on their mobile phones from either the Google Play Store or Apple App Store. We do not have a definitive list of the apps installed.
See answer to question 4 above.
This is dependant on the classification on the meeting taking place. Guidance is provided to staff on whether it is appropriate for mobile phone and computers to be present in certain environments.
The Scotish Government worked with the UK Government, including the Cabinet Office, to ensure appropriate alignment between Scotland’s 2015 cyber resilience strategy (“Safe, Secure and Prosperous”) and the UK’s National Cyber Security Strategy.
The Scottish Government has since published five action plans, available at https://www.gov.scot/policies/cyber-resilience/, aimed at increasing Scotland’s cyber resilience. These action plans, which support the Scottish and UK strategies, cover the areas of learning and skills, public, private and third sector cyber resilience, and economic opportunity.
The UK National Cyber Security Centre and UK Cabinet Office were consulted during the development of the action plans, including by the provision of drafts for comment and advice, and have been updated regularly on progress during their implementation.
Scottish Government’s Ministers, Permanent Secretary and Executive Team have had, and continue to have, a number of briefings related to cyber security threats, issues and actors. Cyber Security also features heavily on the agenda for our corporate Audit & Assurance Committee, on which all members of the Executive team sit. There has been no specific focus on QAnon.
As per section 12 of FOISA we are unable to provide this information as it is estimated that the cost of locating, retrieving and providing the information requested under this question would exceed the £600 upper cost limit.
Please quote the FOI reference
Central Enquiry Unit
Phone: 0300 244 4000
The Scottish Government
St Andrew's House