Latest Public Sector News

03.02.17

PAC: Government must ‘raise its game’ on cyber security

The government must recruit more skilled staff to handle rapidly growing threats to the country’s cyber security, the Public Accounts Committee (PAC) has said.

In its latest report, the committee said that the government has dilly-dallied over developing a co-ordinated approach to cyber security despite it being one of the top four risks to national security since 2010, as shown by well-documented breaches at Tesco and Northern Lincolnshire and Goole NHS FT.

The PAC decried the number of agencies responsible for protecting the country’s cyber security, comparing them to an ‘alphabet soup’, while government departments’ processes for reporting data breaches, especially low-level breaches, remain “inconsistent and dysfunctional”.

Meg Hillier MP, chair of the PAC, said that the government, particularly the Cabinet Office, “needs to raise its game” in informing the public sector and wider society of its “vital” role in overseeing British cyber security.

“[The government’s] approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks,” Hillier said.

“The threat of cyber-crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. In this context it should concern us all that the government is struggling to ensure its security profession has the skills it needs.”

The Cabinet Office’s approach to protecting information is unclear in central government, with little oversight of how well projects are performing, and places “too little emphasis” on informing and supporting service users outside of Whitehall, the PAC said.  

The committee also urged the Cabinet Office to develop a thorough plan for the National Cyber Security Centre (NCSC), the new cyber security agency announced last year, by this April, explaining who it will support, what help it will offer and how it will communicate with organisations that need it.

“Leadership from the centre is inadequate and, while the NCSC has the potential to address this, practical aspects of its role must be clarified quickly,” Hillier added.

“Government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support.”

Among the PAC’s other recommendations, the government has been advised to establish a clear approach for protecting information across the public sector.

The committee has also asked the Cabinet Office to write to it within the next six months outlining the findings from the pilot of its ‘security cluster’ initiative, which looks to share rare cyber security skills between central government staff.

 Have you got a story to tell? Would you like to become a PSE columnist? If so, click here 

Comments

There are no comments. Why not be the first?

Add your comment

related

public sector executive tv

more videos >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >

public sector focus

View all News

comment

Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >

interviews

Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >