IA15: Debating the Future of UK Government Security with GCHQ

by Raimund Genes

Nowhere in the UK does technology have the potential to positively affect more people’s lives than in the government sector. Digital transformation not only offers the prospect of making government more efficient – so more tax revenue can be ploughed into improving service quality – but it can ensure all members of society have access to the services they’re entitled to. But there are also dangers. Government is one of the most frequently targeted industries when it comes to cyber attacks, so those manning IT security in its various departments and agencies need to be on top of their game.

That’s why we have conferences like IA15 next week (9th-10th November) – the government’s flagship annual information assurance and cyber security event. I’ll be taking part in London next week to discuss how the security industry can keep pace with the ever growing cyber threat.

Government under attack
That threat not only comes today just from nation state spies looking to steal information to give their bosses a geopolitical advantage, but from economically motivated cybercrime gangs and even lone hacktivists bent on making a moral or political point. The government in many ways has a thankless task in being forced to secure an incredibly diverse range of information assets, from national security secrets to NHS records. It doesn’t make it any easier that many of the tasks once undertaken by government employees have now been outsourced to private companies. And all this has to be done in the face of swingeing austerity cuts on an unprecedented scale.

A report last month in the FT, citing an unnamed “Whitehall security official”, claimed that thousands of stolen digital identities that match those inside the centralised “Government Gateway portal were available for purchase on the dark web. If accurate, the report is another concerning indicator of how high the stakes are today: as more government services go digital to improve quality and accessibility, so they will become a major target for the cyber bad guys.

About the show
I think any initiative designed to improve the government’s ability to defend key services and platforms should be applauded. That’s why I’m attending the GCHQ-hosted IA15 event next week. At a debate during the show alongside GCHQ cyber security director general Ciaran Martin and several other senior government security representatives, I’ll try to bring an industry perspective to the discussion.

The UK’s cyber security sector is one of the most advanced in the world. In fact, back in July David Cameron signed an MoU with his Singaporean counterpart which will included a commitment to export the hugely successful Cyber Security Challenge UK competition to the island nation. But despite the maturity of the industry, the government hasn’t always been the best at making the most of its impressive resources. Whitehall could perhaps take a stronger lead in organising cross-industry collaboration, from the nation’s exceptional base of innovative SMEs to world-leading cyber security research at many UK universities.

We’ll also discuss how effectively the government is interacting with private industry to protect critical national infrastructure – a key area of concern identified in its own National Cyber Security Strategy. In too many industries critical infrastructure firms are still being allowed to run out-of-date software on internet-connected systems. It’s an absolute recipe for disaster. In the long term, the government needs to take a lead on instituting ‘security by design’ into these systems, because hiring in expensive consultants to patch current issues is the worst kind of “sticking-plaster solution”.

IA15 should be a fantastic opportunity for the hundreds of information security leaders invited to attend to take part in a crucial and authoritative debate on the future of government security. Hope to see you there.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.