Public Sector Focus

25.04.17

A period of inevitable risk

Source: PSE Apr/May 17

Dr Daniel Dresner, information and cyber security governance lecturer at the University of Manchester, explains how the public sector’s approach to cyber security is improving.

The public sector’s approach to cyber security governance in the past could be summed up like many school reports: ‘getting better, but room for improvement’, PSE has been told. 

But according to Dr Daniel Dresner from the University of Manchester, the important thing that, particularly with the formulation of the new National Cyber Security Centre (NCSC), “getting the right activities in place is improving – probably much faster than we have seen for a long time”. 

While we are working in what Dr Dresner calls a ‘period of inevitable risk’, he argues that huge strides, like the introduction of Domain-based Message Authentication, Reporting & Conformance (DMARC), are now being made to “improve the systems that we use, to remove and disrupt the vectors that people can attack through”. 

All about the money 

Discussing the major threats facing the sector, Dr Dresner said it always comes down to one underlying factor: money. 

“There are two sides to this,” he argued. “On the whole, there are threats and then there is the crime. I’m fond of saying that, despite the statistics, on the whole there is very little cybercrime. What there is, however, is lots and lots of cyber-enabled crime: theft, fraud and extortion are now being done from the comfort of the criminal’s own premises in countries far away. 

“As has been pointed out, local government handle something like 23 pence in the pound of the finances which are in the public purse. In any government arena there is money to be had. Government, by its very nature, is complex and so it is difficult to communicate at a level where the variety of the criminality can be identified and stopped. 

“The DMARC makes things more difficult, but it is a matter of being aware that criminals will try and use phishing to get in, so they can then plant malware to find out what is going on, understand processes and then attack the processes to get money out.” 

Reflecting on the increasing threat of ransomware attacks, Dr Dresner stated it is somewhat reminiscent of the early days of the web where “one of the big concerns was physical computer sets, where people would have a break-in, lose all their kit, and buy new kit thinking that they were safe. But, of course, they weren’t safe, because the criminals knew that there was going to be a lot of new kit there worth stealing – so they put in the extra effort”. 

He added that while councils may be tempted to pay a ransom in order to get their processes back online quickly, they actually expose themselves to a greater level of risk: “There is a business model in the criminal world in that they sell on their lists of people who will pay up ransoms.” 

One of the big advantages about the NCSC, added Dr Dresner, is that it makes it easier for people to know where to report threats, which helps strengthen the national intelligence.

Good, basic protection 

While acknowledging that there are always going to be risks, he stated that a way to get good, basic protection in place is by using Cyber Essentials. 

“Cyber Essentials is very basic, but I love it because it finally answers the question of where do I start?” explained Dr Dresner. “In a complex organisation, it is still difficult to implement some of its points. But it is a starting point for making things better and for people to ask: ‘what does good look like?’, ‘how good am I?’, and if they are falling down on some of the basics they can look further down the line. 

“It can be good for small departments for creating frameworks to do good stuff, rather than being bowled over by these huge handbooks, which the consultants like, and resemble those magazines that tell you there are 340 ways to make Christmas simple. 

“We are in this period of inevitable risk. People are under pressure, people are still going to click on those dodgy links and the like, but what is getting better now are the systems which make those harder to come through.”

Comments

There are no comments. Why not be the first?

Add your comment

 

public sector executive tv

more videos >

latest public sector news

District and borough authorities begin challenge against Nottinghamshire super-council

20/07/2018District and borough authorities begin challenge against Nottinghamshire super-council

Gedling council members have emphatically outlined their stance against a potential mega-merger in Nottinghamshire that could see borough and dis... more >
Northamptonshire new CEO approved by Full Council to lead area through ‘unprecedented time of change’

20/07/2018Northamptonshire new CEO approved by Full Council to lead area through ‘unprecedented time of change’

Northamptonshire County Council’s new chief executive has been endorsed at the authority’s Full Council meeting yesterday, with the a... more >
‘Naming and shaming index’ for bankrupt councils fails to offer genuine solution

20/07/2018‘Naming and shaming index’ for bankrupt councils fails to offer genuine solution

An index designed to measure councils’ financial resilience in order to avoid another Northamptonshire-style fiasco would actually risk ove... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this... read more >

last word

The importance of openness after Grenfell

The importance of openness after Grenfell

Following the recent Grenfell Tower tragedy, Lord Porter, chairman of the LGA, argues that if the public are going to have faith in the safety testing process then everything must be out in the o... more > more last word articles >
149x260 PSE Subscribe button

the raven's daily blog

One step closer to voter IDs at elections

19/07/2018One step closer to voter IDs at elections

Chloe Smith MP, Minister for the Constitution, evaluates the outcomes of the voter ID pilots conducted at the last local elections. We are one step closer to strengthening the integrity of our electoral system through requiring electors to confirm their identity before they vote, building on the government’s commitment to safeguard ... more >
read more blog posts from 'the raven' >

comment

One step closer to voter IDs at elections

19/07/2018One step closer to voter IDs at elections

Chloe Smith MP, Minister for the Constitution, evaluates the outcomes of the voter ID pilots conducted at the last local elections. We are o... more >
Accountability in government: what next?

02/07/2018Accountability in government: what next?

Benoit Guerin, senior researcher at the Institute for Government (IfG), explains why accountability in government needs improving and sets out wh... more >
Potholes: The scourge of the roads

02/07/2018Potholes: The scourge of the roads

Potholes are a scourge on our roads and can have much farther-reaching consequences than one might think. Re-routing just a small amount of exist... more >
Can data save the future of children?

02/07/2018Can data save the future of children?

Ingrid Koehler, service innovation lead at the LGiU, takes a look at the untapped potential for a digital, data-led transformation of children&rs... more >

interviews

Data at the heart of digital transformation

03/04/2018Data at the heart of digital transformation

SPONSORED INTERVIEW Grant Caley, UK & Ireland chief technologist at NetApp, speaks to PSE’s Luana Salles about the benefits of movin... more >
GDPR: The public sector scarecrow

03/04/2018GDPR: The public sector scarecrow

SPONSORED INTERVIEW PSE’s Josh Mines chats to Martin de Martini, CIO of Y Soft, about what the General Data Protection Regulation (GDPR)... more >
Keeping London safe

05/03/2018Keeping London safe

Theo Blackwell, London’s first-ever chief digital officer (CDO), speaks to PSE’s Luana Salles about the role he plays in ensuring the... more >
BIM: Digitising the public sector

19/02/2018BIM: Digitising the public sector

PSE’s Josh Mines talks to Stephen Crompton, CTO at GroupBC, and Stuart Bell, the company’s sales and marketing director, about how Bu... more >