Neil Mellor 19 November 2014

So, tell me, what is the point of brakes on a car?

In September, Andy Beale, director of Common Technology Services at GDS, proposed a change from external accreditation of services by CESG for G-Cloud services to a supplier made assertion of capability - statements asserting how services meet certain security principles.

Announcements from GDS last week confirmed that G-Cloud [V6] suppliers will now be subject to self-assertion and this may be extended to present a consistent approach to the base level of security throughout the Government’s supply chain.

PSNGB supports initiatives from GDS that make the public sector marketplace more accessible; as we stated in an earlier piece self assertion could uncork a bottleneck preventing very many commercial services reaching public sector buyers.

What it also does is bring appropriate security, public sector data, shared services and citizen confidentiality front and centre – exactly where it should be. This is an area I have been keen to explore for sometime because I believe security is an essential pillar of a transformed public sector.

It’s a given that some public sector business should be carried out on the Internet as well as via PSN; it’s an essential channel for public communications and digital engagement; and it’s critical to reducing the cost of delivering services.

With public sector to citizen communications and cost transformation increasingly dependent on the Internet, understanding and managing the risks is vital.

A recent report from PSNGB member, BT, suggests that more than one-third (36%) of public sector IT decision makers admit their organisation was hit by Distributed Denial of Service (DDoS) attacks over the past year, with three-quarters (75%) hit more than once.

DDoS protection is a prerequisite to ensuring access to information and services is unimpeded; though only around a third of businesses have taken this measure –according to the same BT survey. Adequately protected, more use can be made of the Internet in public service delivery.

At this point it is worth drawing attention to a report from CSC. It concluded that the increasing digitisation of public services is putting more citizens’ data at risk of cyber attacks.

While protection can help identify the worst repercussions of vulnerabilities, it cannot prevent them altogether. It is PSNGB’s view that no information or application that is mission critical to an organisation should reside on the public Internet.

Public sector organisations, therefore, need to consider optimum use of the Internet, what’s essential to keep within the private or shared private WAN (PSN) and how the gateway between them is protected, especially where a third party provides this and the information provider may have little or none of the control, but all the responsibility.

In the commercial sector, board level understanding of the threat posed by Internet-borne attacks is at a much higher level than in the public sector. Banks and pharmaceutical companies, for example, faced with significant threat to their operations, are now realising the need for additional protection even within virtual private networks in order to defend themselves from attacks.

So, to the question – what is the purpose of brakes on a car? The purpose of brakes on a car is to enable you to go faster and be more agile, knowing that you can avert dangers; and not just to slow you down or stop. Good security should be the same; not intended to be a hindrance, but to enable organisations to deliver services, compete and transform in a trusted environment – faster, better and cheaper.

There’s no ‘one size fits all’ for public sector networks and security. Users need to know they can depend on and trust the network over which they hold and share business-critical information and applications in light of the risks involved.

PSN provides that assurance, but to continue to improve the quality and cost efficiency of citizen communications and interaction, the Internet too has a big part to play. Good security is critical to both.

Neil Mellor is director of PSNGB

Devolution and putting place first image

Devolution and putting place first

The real lesson of Andy Burnham's Makerfield success, argues Dr Jonathan Carr-West, is that place – not personality – is the key to Britain's future.
SIGN UP
For your free daily news bulletin
Highways jobs

Group Engineer - Highway Operations

Kirklees Metropolitan Council
£48,226 - £53,460
We are looking for a Group Engineer to join our team in the Highways Service Kirklees, West Yorkshire
Recuriter: Kirklees Metropolitan Council

Learning and Development Digital Advisor

London Borough of Richmond upon Thames and London Borough of Wandsworth
£32,841 - £39,798 per annum
Job Title
Recuriter: London Borough of Richmond upon Thames and London Borough of Wandsworth

School Crossing Patrol

Durham County Council
Grade 1 £3,701 (approx.) £12.85 per hour
Join our School Crossing Patrol Service! Are you punctual and reliable? Do you have good communication skills and a strong sense of community spirit? Durham
Recuriter: Durham County Council

Social Worker

Durham County Council
Grade 9 - £35,412 - £39,152 / Grade 11 - £40,777 - £45,091 (pay award pending)
Make a real difference at the point where people need it most. Join a fast-paced hospital social work team where no two days are the same and your exp Chester Le Street
Recuriter: Durham County Council

Care Support

Durham County Council
Grade 4 £25,583 - £26,824 (pay award pending)
We're recruiting to a permanent role within our Pathways Service, which delivers day services to adults with complex needs, Monday to Friday. This is Peterlee
Recuriter: Durham County Council
Linkedin Banner