03.02.17
PAC: Government must ‘raise its game’ on cyber security
The government must recruit more skilled staff to handle rapidly growing threats to the country’s cyber security, the Public Accounts Committee (PAC) has said.
In its latest report, the committee said that the government has dilly-dallied over developing a co-ordinated approach to cyber security despite it being one of the top four risks to national security since 2010, as shown by well-documented breaches at Tesco and Northern Lincolnshire and Goole NHS FT.
The PAC decried the number of agencies responsible for protecting the country’s cyber security, comparing them to an ‘alphabet soup’, while government departments’ processes for reporting data breaches, especially low-level breaches, remain “inconsistent and dysfunctional”.
Meg Hillier MP, chair of the PAC, said that the government, particularly the Cabinet Office, “needs to raise its game” in informing the public sector and wider society of its “vital” role in overseeing British cyber security.
“[The government’s] approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks,” Hillier said.
“The threat of cyber-crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. In this context it should concern us all that the government is struggling to ensure its security profession has the skills it needs.”
The Cabinet Office’s approach to protecting information is unclear in central government, with little oversight of how well projects are performing, and places “too little emphasis” on informing and supporting service users outside of Whitehall, the PAC said.
The committee also urged the Cabinet Office to develop a thorough plan for the National Cyber Security Centre (NCSC), the new cyber security agency announced last year, by this April, explaining who it will support, what help it will offer and how it will communicate with organisations that need it.
“Leadership from the centre is inadequate and, while the NCSC has the potential to address this, practical aspects of its role must be clarified quickly,” Hillier added.
“Government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support.”
Among the PAC’s other recommendations, the government has been advised to establish a clear approach for protecting information across the public sector.
The committee has also asked the Cabinet Office to write to it within the next six months outlining the findings from the pilot of its ‘security cluster’ initiative, which looks to share rare cyber security skills between central government staff.
Have you got a story to tell? Would you like to become a PSE columnist? If so, click here.