Even as the UK government establishes itself as a leader in the global fight against cyber threats, last month’s report from the Public Accounts Committee reminds us how much work remains to be done.
The official opening of the UK’s National Cyber Security Centre by the Queen was a watershed moment for the nation as it leads the global fight against cyber threats. The Centre demonstrates the seriousness with which the British Government views cybersecurity.
While such government efforts are laudable, it’s clear we still have a long way to go. As last month’s Public Accounts Committee report highlights, a lack of basic skills and an uncoordinated approach to data management is leaving the public sector open to the most unsophisticated attacks.
Institutions like the new Centre and previous positive moves from politicians — such as the earlier reclassification of cyber to a ‘Tier 1’ threat — are necessary but not sufficient; we also must get the basics right. The Government must address a number of fundamental issues if it is to remain a positive example for businesses worldwide to follow.
What’s holding back UK cybersecurity efforts?
The influential Public Accounts Committee report identified three principal challenges which are making it difficult for civil servants to safeguard networks and hold on to the personal data of the nation’s citizens:
- Poorly trained security staff lack the skills to keep public sector data secure;
- Inconsistent and chaotic processes for recording personal data breaches is leading to uninformed security decisions by government agencies; and
- A lax attitude to departmental reporting has led to poor data protection performance by individual departments.
Poorly trained staff and inconsistent procedures aren’t merely wasteful and inefficient. These factors can leave organizations vulnerable to serious attacks. Real possibilities include damage to critical national infrastructure, such as hospitals and power plants, as well as the loss of sensitive and classified data. Any of these scenarios could result in a loss of faith in the Government’s ability to keep the lights on, and, more fundamentally, its ability to keep us safe.
Leaving these problems unaddressed is not an option, so it’s encouraging to see solutions can be found in the Government’s recent Transformation Strategy, which aims to improve public services through the modernization of digital technologies.
Key cybersecurity initiatives
The paper announced two initiatives which, given the right focus, could be key in Whitehall’s fight against cybercrime.
Firstly, a new Digital Academy, run by the Government Digital Service, will provide skills training to 3,000 government employees a year. If individuals attending the Digital Academy are taught the basics of security hygiene, the public sector can expect to see a reduction in the most rudimentary attacks.
Secondly, the creation of a new role, Chief Data Officer, will provide the leadership and accountability needed to safeguard the public sector’s use of data. If the Chief Data Officer makes the protection of Government-held data a ‘Tier 1’ priority – and is held accountable for that – issues associated with chaotic reporting and a lax attitude will begin to recede.
Other organizations will then see the Government is addressing the fundamentals of the cyber threat, and follow accordingly.
The UK Government has made real progress in recent years toward establishing itself as a world leader in cybersecurity. Now is the time for all involved to keep the momentum going by solving the problems within. The safety of its citizens is one of the government’s top priorities — and this includes cyber-safety. The leaders within government can’t afford to rest on their laurels.