Beware of the weakest link in PSN
Graeme Stewart says the move to the Public Services Network presents some big security challenges for local authorities, and that they need time to develop solutions.
The increased use of shared services and networks in the public sector brings with it a wealth of IT benefits and opportunities for central and local government organisations to improve operations and public services.
Existing networks such as the GSi, PNN and N3 have achieved the dream of efficient and effective data exchange between public bodies, a dream many thought was near impossible to achieve.
These networks have simultaneously helped improve information sharing and enabled organisations to reduce costs. It is therefore unsurprising that the number of users and solutions on these networks is on the rise.
But network growth can bring with it potential security challenges and it only takes one weak link in the chain to trigger problems.
Despite all the comprehensive policies, training and regular checks, one chink in the security armour can trigger a chain of events that could jeopardise the wider network, and thus the services it provides.
Building a robust blueprint for a secure network requires comprehensive, iterative and non-negotiable security base-lines.
This also means the need to regularly scan for threats, and ensure that there is a programme in place to monitor and track the frequency of these checks.
But when it comes to a network as extensive as the Public Services Network (PSN), you could argue that this challenge can increase as you add further numbers of new members with differing budgets and sizes.
In central government, it is fair to say that so far security standards have been have been met with relative ease.
The GSi for example has been operating and delivering with great success since the 1990s. However, when you begin to add new members, with different priorities, budgets and locations, big challenges can emerge.
The political climate in the age of austerity has further inflamed the security challenges posed on networks such as the PSN.
For example, many local authorities are struggling to manage and adapt to significant budget cuts including an average cut of 2.9% over the next year.
As well as managing this financial change, public sector organisations are expected to continue delivering basic standards in frontline services, meaning local authorities have to move quickly to stay ahead of the game.
There is also a risk that cultural differences in terms of procurement and security standards between local and central government could trigger problems for the PSN.
One local council in London was reportedly threatened with ‘disconnection’ from the PSN over a row regarding security policy.
The consequences of such a situation could be disastrous as connection to PSN is necessary for public services that are centrally and locally managed or delivered.
Loss of connection with the PSN could impact vital public services such as housing benefits data, if connection with the Department for Work and Pensions was lost.
With this example in mind, much more care needs to be taken when designing and planning security protocols and procedures around large scale programmes such as the PSN.
Dangers in security breaches
The public sector needs to ensure it delivers a policy of security by default, by allowing adequate time for local authorities to set budgets and deploy appropriate solutions.
It is clear that public sector networks are the lifeblood of efficient and effective public service delivery – but this connection could be damaged if a security breach were to take place or a council found itself disconnected from the network due to a row over security policy.
Both local and central government organisations need to recognise that one weak link in the PSN chain could have disastrous consequences for the whole network and that rigorous secure standards must be upheld at all times.
By working together following these necessary protocols, both local and central government can continue to deliver first class public services, safely and securely.
Graeme Stewart is director of public sector strategy & relations UK & Ireland, McAfee
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
MSPs are issued with advice following consultation with National Cyber Security Centre
Campaigners warn that ‘virtual actions are not adequately addressed’ by existing law or pending legislation
Security minister confirms intelligence agency is investigating the video app
PM announces increase in funding to tackle threats posed by China and Russia