Seems like they're taking the "Be Prepared" approach to whether their system has been compromised or not, independent audit and shutting down the system until it can be secured seems to be pretty much bang on what they should do (outside of, y'know, securing it in the first place)
Scouts' downed Compass database won't be back 'til autumn
The Scout Association will not have its troubled Compass database — which holds the details of 450,000 young people and volunteer adults — restored to operation until early autumn. The Compass database was taken down in January following revelations by El Reg that members had raised serious concerns over the security of the …
COMMENTS
-
Thursday 16th April 2015 14:24 GMT Jimmy2Cows
Huh?
<In an update this week the association acknowledged that it had been "extremely difficult to carry out many Scouting tasks without a functioning database".>
Pretty sure they didn't have a database when the Scout movement started, nor for most of its history. Yet somehow Scouts were able to carry out Scouting tasks despite this lack of contemporary technology.
Their statements don't seem very "Scouty".
-
Thursday 16th April 2015 15:48 GMT Anonymous Coward
issues were around "potential access"...no one has hacked or broken into the system
I imagine this means that there's no evidence of intrusion: given issues about "potential access" then even if access is fully logged these records would have to be cross-checked somehow ("Scoutmaster Biggins, where were you on the night of the 17th? Logged in and downloading contact addresses?"). It's possible of course that the system is designed with multiple audit trails & so on, but if it was carefully designed and implemented they wouldn't be in the current pickle anyway.
Kudos though for reacting promptly and prudently, and discussing it frankly: many a professional organisation could do worse than go and get badges in a System Fuckup Postmortems and Avoiding the Streisand Effect
-
Thursday 16th April 2015 18:27 GMT Yet Another Anonymous coward
Re: issues were around "potential access"...no one has hacked or broken into the system
IIRC from the original el'reg story - the security was pretty poor and their response was basically that it didn't need to be secure because it was private and could only be used by authorised users anyway. That fell down slightly when it turned out that the authorised users where accessing it over the internet and were "authorised" by the same poor security.
-
-
Thursday 16th April 2015 15:51 GMT Tikimon
Stuck in the past?
I don't know about their upper leadership, but the boots-on-the-ground Scout leaders are often way behind the times. It wouldn't surprise me to find out the top levels are stuck in the 50's as well.
I used to work at an outdoor chain (REI) in camping. Father/son combos came in all the time with "required gear" lists from their scoutmasters that totally ignored decades of improved gear design. Cotton and flannel clothing, external frame packs, pup tents, kitchen-sized pots and pans. As often as possible we would steer them to better, lighter gear and tech fabrics (for a good price, no sales commission involved). We used that old junk when I was a Scout, I know what it's like.
I believe our too-urban populations need something like Scouting, but it seems like the BSA are mired in the past. Just one man's opinion based on limited data...
-
Thursday 16th April 2015 17:42 GMT Anonymous Coward
Re: Stuck in the past?
The first computer programmer I knew was my Scout Leader - back in the late 1970s and most of the leaders I have known are in same era as most others of similar age. However the committees running the local groups and districts are generally where I have seen those who may be described as "stuck in the past", but then no one else wants to volunteer to do these rather thankless task.
When it comes to computers and the Internet UK's HQ was many years behind some of the rank and file members.
-
Thursday 16th April 2015 16:39 GMT Alan Sharkey
I'm chairman of our local scout group and we had input ALL our data into Compass before it got shut down. Its supposed to do everything from basic checks to recording badges to manaaging leaders acheivements.
So, now we have to either do it manually or go to an alternate system (yes there is one). Guess what - we are not waiting till the autumn. Luckily we do have all the entry sheets so it's not as big a job the second time around.