In an era of rapid digitalisation, cyber vigilance must be the watchwords for our public services (Guest blog by Civica)
A core pillar of the UK’s National Cyber Strategy published earlier this year is Cyber Resilience. Government has set itself the goal of leading by example in its understanding of cyber risk and having a more sophisticated understanding of cyber risk across critical national infrastructure. These are exactly the right objectives, but achieving them will be no easy task, given the fast-moving pace and ever-greater complexity of cyber-threats.
As more of our public services become digitised, we’re seeing a radical shift in how governments interact with citizens. The opportunities here are endless, from faster, more intuitive services to using data to support earlier interventions to protect the most vulnerable in society. The flip side to rapid digitalisation of course, is the growing potential for cyber-attacks. Almost daily, we hear of malware and denials of service costing millions of pounds and causing large-scale disruption to vital public services. So how then, can public bodies across the UK, from Whitehall to city hall, mitigate against these risks?
Security beyond silos
For any public organisation, be that an arms-length body or the NHS, cyber security must never be seen in isolation. There must be a ‘whole-of-government’ mentality around cyber security across the entire public service community, both local and national. Closely adhering to the principles and guidance laid down by the National Cyber Security Centre (NCSC) is crucial, but that isn’t enough. Public bodies should also be actively sharing experiences (good and bad), to ensure that mistakes can be learned from and best practice spread widely. If one public body has fallen victim to a particular form of cyber-attack, the culprit will almost certainly try the same approach elsewhere.
There must also be a concerted effort to address the issue of Legacy IT across our public services. As highlighted in the recent Digital, Data and Technology Playbook, ageing technologies and processes are a particular cyber security risk for government, making public services increasingly vulnerable to risk. Instead of just scrapping older systems and Apps however, public bodies should be looking to upgrade and enhance them wherever possible. By taking this approach, they can ensure minimal disruption for citizens and also save on unnecessary costs in the longer-term.
The human factor
Even the most cutting-edge, secure technologies cannot always mitigate against the ‘human factor’. With data sharing becoming ever more prevalent across public services, there’s an ever-greater risk of sensitive information ending up in the wrong hands, either as a result of human error or malicious intent. To lessen the risk of this occurring, public bodies must constantly review and test their processes for collecting, managing, and sharing data. They must also ensure that staff at every level of the organisation have continuous training to ensure the highest levels of vigilance.
How secure are your suppliers?
Finally, as the UK’s largest provider of software to the public sector, it would be remiss of me not to mention the crucial role of suppliers in ensuring our public services are cyber-secure. A recent report commissioned by Civica showed that while there is a strong appetite across Government to harness the power of technology and data, significant hurdles have yet to be overcome, particularly around effective data sharing and skills. Tech providers have the solutions to these challenges, but to ensure that your provider is providing the solution and not becoming part of the problem, there must be a very clear understanding between public sector provider and supplier on the roles and responsibilities where it comes to security.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.