The UK government’s ambitious Transformation Strategy aims to fundamentally change the way the public sector operates online. If this is to happen, and to happen safely, the government must make ditching outdated legacy software a hard priority.
The UK’s Government Transformation Strategy was finally released earlier this year after significant delays to allow Whitehall departments to “embed” the proposals. The wide-ranging document aims to revolutionize how government uses data and digital technology in the public sector and seeks to create a “fundamentally digital government.”
A precondition for all of this work is for agencies to exit “legacy IT contracts” that offer outdated software. As the document explains: “We need to have the right commercial models to effectively deliver the next stage of our transformation: shared platforms, components and business capabilities.” However, the current plan lacks any detailed deadlines for achieving this.
For the sake of securing public networks, change needs to happen as soon as possible. We believe that within a year, the government must release a hard timetable for transitions and hold public sector leaders accountable to it. Further, we recommend the full process of upgrades be underway by 2020.
The Strategy notes “not all old technology is toxic,” which is certainly true, but as the paper states, legacy technology is “challenging to secure.” This insecurity stems from a lack of product innovation and an evolving threat from criminal enterprises. Breaches become inevitable when technology used by government bodies doesn’t keep pace with the changing cyber risk, and the systems used to defend the networks are way past their prime.
The government is demonstrably aware of the limitations of its legacy tools, yet the current timeline of updating “progressively [and] at the right pace” is beyond vague. Politically, the ample wiggle room serves to ease the argument of achievement in 2020, when the Strategy expires. But when it comes to cyber, we can’t give ourselves an easy ride.
Sticking to legacy products, such as the Home Office’s 1995 Casework Information Database, presents a risk to public sector data and critical national infrastructure. Damage to either of these can have potentially catastrophic consequences. Legacy products are also a waste of public money, stifling future innovation as entrenched firms who consistently underdeliver are monopolizing lucrative government contracts.
Setting hard deadlines for migration from legacy products, and making public sector leaders accountable to these deadlines, are the only ways to mitigate the potential risks of standing still. The newly created Chief Data Officer (who will oversee Whitehall’s use of data) should make creating a timetable for change a priority.
Moving away from legacy IT systems is a big ask of any organization. Familiarity is comfortable, and change often meets resistance. But the growing risk to government agencies and citizens alike means decisive action should be taken now. The public sector must commit to phasing out insecure products as quickly as possible if it is to achieve its goal of becoming fundamentally digital. The right time for change is now.