Public Sector Focus

25.04.17

A period of inevitable risk

Source: PSE Apr/May 17

Dr Daniel Dresner, information and cyber security governance lecturer at the University of Manchester, explains how the public sector’s approach to cyber security is improving.

The public sector’s approach to cyber security governance in the past could be summed up like many school reports: ‘getting better, but room for improvement’, PSE has been told. 

But according to Dr Daniel Dresner from the University of Manchester, the important thing that, particularly with the formulation of the new National Cyber Security Centre (NCSC), “getting the right activities in place is improving – probably much faster than we have seen for a long time”. 

While we are working in what Dr Dresner calls a ‘period of inevitable risk’, he argues that huge strides, like the introduction of Domain-based Message Authentication, Reporting & Conformance (DMARC), are now being made to “improve the systems that we use, to remove and disrupt the vectors that people can attack through”. 

All about the money 

Discussing the major threats facing the sector, Dr Dresner said it always comes down to one underlying factor: money. 

“There are two sides to this,” he argued. “On the whole, there are threats and then there is the crime. I’m fond of saying that, despite the statistics, on the whole there is very little cybercrime. What there is, however, is lots and lots of cyber-enabled crime: theft, fraud and extortion are now being done from the comfort of the criminal’s own premises in countries far away. 

“As has been pointed out, local government handle something like 23 pence in the pound of the finances which are in the public purse. In any government arena there is money to be had. Government, by its very nature, is complex and so it is difficult to communicate at a level where the variety of the criminality can be identified and stopped. 

“The DMARC makes things more difficult, but it is a matter of being aware that criminals will try and use phishing to get in, so they can then plant malware to find out what is going on, understand processes and then attack the processes to get money out.” 

Reflecting on the increasing threat of ransomware attacks, Dr Dresner stated it is somewhat reminiscent of the early days of the web where “one of the big concerns was physical computer sets, where people would have a break-in, lose all their kit, and buy new kit thinking that they were safe. But, of course, they weren’t safe, because the criminals knew that there was going to be a lot of new kit there worth stealing – so they put in the extra effort”. 

He added that while councils may be tempted to pay a ransom in order to get their processes back online quickly, they actually expose themselves to a greater level of risk: “There is a business model in the criminal world in that they sell on their lists of people who will pay up ransoms.” 

One of the big advantages about the NCSC, added Dr Dresner, is that it makes it easier for people to know where to report threats, which helps strengthen the national intelligence.

Good, basic protection 

While acknowledging that there are always going to be risks, he stated that a way to get good, basic protection in place is by using Cyber Essentials. 

“Cyber Essentials is very basic, but I love it because it finally answers the question of where do I start?” explained Dr Dresner. “In a complex organisation, it is still difficult to implement some of its points. But it is a starting point for making things better and for people to ask: ‘what does good look like?’, ‘how good am I?’, and if they are falling down on some of the basics they can look further down the line. 

“It can be good for small departments for creating frameworks to do good stuff, rather than being bowled over by these huge handbooks, which the consultants like, and resemble those magazines that tell you there are 340 ways to make Christmas simple. 

“We are in this period of inevitable risk. People are under pressure, people are still going to click on those dodgy links and the like, but what is getting better now are the systems which make those harder to come through.”

Comments

There are no comments. Why not be the first?

Add your comment

 

public sector executive tv

more videos >

latest public sector news

Greening promises to close DfE’s 5.3% gender pay gap

28/06/2017Greening promises to close DfE’s 5.3% gender pay gap

The Department for Education (DfE) has become the first government department to publish its gender pay gap, revealing a 5.3% difference between ... more >
Unions back Labour amendment to end public sector pay cap

28/06/2017Unions back Labour amendment to end public sector pay cap

Two of the largest public sector unions have given their backing to an amendment tabled by Labour which calls for more funding for the emergency ... more >
Sheffield LEP: Politicians must stay focused on next step of stalled devo deal

27/06/2017Sheffield LEP: Politicians must stay focused on next step of stalled devo deal

Private sector board members in the Sheffield Local Enterprise Partnership (LEP) have signalled their continued support for the region’s de... more >

editor's comment

15/06/2017Challenges remain

As PSE went to press, we were days away from finding out which political party or parties would be leading the country following Theresa May’s decision to call a snap general election for 8 June.  Whoever enters the door at No.10, irrelevant of their political colour, is faced with serious challenges, from social care to the NH... read more >

last word

National policies won’t fix local problems

National policies won’t fix local problems

Andrew Carter, the recently-appointed chief executive of Centre for Cities, argues that the new government will only succeed if it focuses on implementing policies that are adaptable to place-bas... more > more last word articles >
149x260 PSE Subscribe button

the raven's daily blog

Councillors celebrated in Queen’s Birthday Honours list 2017

19/06/2017Councillors celebrated in Queen’s Birthday Honours list 2017

A number of local government leaders and figures have been named in the Queen’s 2017 Birthday Honours list. The list recognises the achievements of people across a number of different sectors by handing out awards for services to their respective fields. All in all, 1,109 people received an award this year, as 554 (50%) of peop... more >
read more blog posts from 'the raven' >

comment

Innovation in commissioning services

26/06/2017Innovation in commissioning services

Malcolm Harbour CBE, who wrote Parliament’s first report on innovation in public procurement in 2008 and now chairs the LGA expert group on... more >
Engaging the voluntary sector: how to make devolution a success

26/06/2017Engaging the voluntary sector: how to make devolution a success

Paul Winyard, senior policy officer at the National Council for Voluntary Organisations (NCVO), explains why it’s fundamental that the thir... more >
The impact of the cyber security strategy on the public sector

26/06/2017The impact of the cyber security strategy on the public sector

Six months on from the announcement of the government’s National Cyber Security Strategy, Talal Rajab, head of programme – cyber and ... more >
Police governance and service delivery in the 21st century

23/06/2017Police governance and service delivery in the 21st century

Barry Loveday, reader in criminal justice administration at the University of Portsmouth, considers the role that the new metro mayors will have ... more >

interviews

HSCN: The enabler for a more joined-up public sector

26/06/2017HSCN: The enabler for a more joined-up public sector

Mark Hall, Chief Assurance Officer at Redcentric, discusses NHS Digital’s project, the new Health and Social Care Network (HSCN) and what b... more >
Maintaining the momentum for further devolution

25/04/2017Maintaining the momentum for further devolution

Ahead of this year’s mayoral elections, Lord Kerslake, the former head of the Civil Service, tells PSE’s David Stevenson why the argu... more >
New social care funding misses the point

13/04/2017New social care funding misses the point

Clive Betts MP, chair of the Communities and Local Government (CLG) Committee, reflects on the social care funding released in this year’s ... more >
Leading transformational change through procurement

01/03/2017Leading transformational change through procurement

Liz Welton, chair of the Society of Procurement Officers in Local Government (SOPO), tells PSE’s David Stevenson why there are lots of oppo... more >