The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

ONS Head - Gaping Hole in Government Info Security

16 September 2016 | Updated 01 January 1970

Protecting information while re-designing public services and introducing the technology necessary to support them is an increasingly complex challenge that is leaving a gaping hole in security arrangements, writes Amyas Morse, Head of the National Audit Office.

To achieve this, the Cabinet Office, departments and the wider public sector need a new approach, in which the centre of government provides clear principles and guidance and departments increase their capacity to make informed decisions about the risks involved.

The Cabinet Office has not yet established a clear role for itself in coordinating and leading departments’ efforts to protect their information, according to the National Audit Office.

A report released week ending September 16 found that its ambition to undertake such a role is weakened by the limited information which departments collect on their security costs, performance and risks. It also notes, however, that the UK Government has a strong international reputation in some areas of information security and digital government.

Protecting the information departments hold from unauthorised access or loss is a critical responsibility for departmental accounting officers. Departments are, however, increasingly required to balance this responsibility with the need to make this information available to other public bodies, delivery partners, service users and citizens via new digital services. And increasing dependencies between central government and the wider public sector mean that the traditional security boundaries have become blurred.

According to the NAO, too many bodies with overlapping responsibilities operate in the centre of government, confusing departments about where to go for advice. As at April 2016, at least 12 separate teams or organisations in the centre of government had a role in protecting information, many of whom produce guidance. While the new National Cyber Security Centre (NCSC) will bring together much of government’s cyber expertise, in the NAO’s view, wider reforms will be necessary to further enhance the protection of information.

As accountability for information security is devolved to departments, government does not currently collect or analyse its overall performance in protecting information on a routine basis. This means it has little visibility of information risks in each department and has limited oversight of the progress departments are making to better protect their information.

Reporting personal data breaches is chaotic, with different mechanisms making departmental comparisons meaningless. In addition, the Cabinet Office does not have access to robust expenditure and benefits data from departments, in part because they do not always collect or share such data. The Cabinet Office has recently collected some data on security costs, though it believes that actual costs are ‘several times’ the reported figure of £300 million.

Some departments have made significant improvements in information governance, but most have not given it the same attention as other forms of governance. The Cabinet Office does not currently provide a single set of standards for departments to follow, and does not collate or act upon those weaknesses it identifies.


Skills shortage

In the context of a challenging national picture it has been difficult for government to attract people with the right skills. The government established a security profession in 2013, and has undertaken some initial work to establish professional learning and development. Demand for skills and learning across government is growing and is likely to continue to grow. According to the NAO, plans to cluster security teams may initially share scarce skills, but will not solve the long-term challenge.

According to the NAO, the Cabinet Office is taking action to improve its support for departments, but needs to set out how this will be delivered in practice. The NAO recommends that to reach a point where it is clearly and effectively coordinating activity across government, the Cabinet Office must further streamline the roles and responsibilities of the organisations involved, deliver its own centrally managed projects cost-effectively and clearly communicate how its various policy, principles and guidance documents can be of most use to departments.

Picture: The pace of change in government is leaving it open to security breaches

Article written by Amyas Morse | Published 16 September 2016


Related Tags

Related Articles

Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
UK GDPR Exemptions & Critical Infrastructure at Risk

The Government has outlined (week ending Sept 22) protections and flexibilities for the financial services, journalism and legal services as part of its plans to update...

 Read Full Article
Watch What Staff Click - Ransomware Warning

Colin Tankard says the dust from the ransomware which hit major organisations around the world on Friday 12 may seem to have settled but vulnerabilities still exist in...

 Read Full Article
Ransomware - the Protection Racket

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some...

 Read Full Article
Who's Taking on the Cyber Men?

One in five businesses have fallen victim to cyber attacks in the past year, according to the results of a survey released this week ending April 21 by the British...

 Read Full Article
Sage Stuffing - Alleged Fraudster Nabbed On the Wing

According to massive international payroll and accounting software firm Sage, which now offers nearly all of its services internationally via the cloud, unauthorised...

 Read Full Article
Crime Stats and Cyber Crime Surveys

The results for the Crime Survey of England and Wales (CSEW) by the Office of National Statistics reveal for the first time that fraud is the most prevalent crime...

 Read Full Article
Cyber Security - Tackle Staff Weak-point

With online crime becoming an increasing threat for businesses, new figures from Action Fraud and Get Safe Online released this week show that from March 2015 –...

 Read Full Article
World's Local Bank Back on World-wide Web

The disruption this week for HSBC and its online customers appears to be over as it declared matters were now ‘stable’ but embarrassment remains for the...

 Read Full Article
On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article