Logica responds to police database security concerns

Following several reports claiming that the Police National Database (PND), which launched yesterday, might face security problems, technology provider Logica gave Computing a rundown of the security measures deployed in the system.

Its critics argue that putting too much data in one place provides a great temptation to hackers.

The database contains details of 15m people and has been designed to help police forces from different counties share intelligence when national investigations are required.

A spokeswoman from Logica, who acted as director of a technology framework tasked with designing and building the system, dismissed the criticism and said: "The PND will be the most secure national police system to date."

She listed the six key security features of the database:

• The PND service is marked as CONFIDENTIAL under the Government Protective Marking Scheme and forces must deploy the PND in an environment compliant with this;

• Organisations that wish to connect to the PND must abide by the requirements stipulated within the PND Code of Connection and provide evidence of local accreditation to the National Policing Improvement Agency's (NPIA) National Accreditor;

• Information loaded onto the PND has a Data Access Restriction Code assigned to it, which determines who can access and handle that information;

• Only authorised and appropriately vetted users are able to access the system via a single digital identity, using smartcard technology;

• Role-based access controls ensure that users only have access to information that they need for their particular business role; and

• There are extensive auditing systems in place to deter misuse.

In addition to these features, the spokeswoman added that use of the PND is governed by a statutory Code of Practice, which was laid before Parliament in March 2010. This states that the PND and any information held on it can only be used for policing purposes.

In recent weeks, hackers have stolen large amounts of corporate data from Sony, Sega, security firm RSA, and have also managed to force the websites of the CIA, US Senate and the UK's Serious Organised Crime Agency (SOCA) offline.