Date:23/07/12
At a time when cyber security is high on the international agenda, with sophisticated and possibly state-sponsored malware attacking critical national infrastructure around the world, it appears as the government is not doing enough to ensure the UK's security.
"Security change happens at a glacial pace in government," said McCluggage. "The systems that the government deploys are generally big and brutish [which makes them slower to implement]."
McCluggage, now advisory technology consultant at information infrastructure firm EMC, explained that cyber criminals will benefit most from the inertia, while the UK economy suffers. Prime minister David Cameron claimed in November 2011 that cyber crime costs the UK economy £27bn per year.
"You're going to create an opportunity for fraudsters if you're not rapid in the way you deploy countermeasures in depth," stated McCluggage.
He added that government IT is habitually an extremely risk-averse environment, which makes it unwilling to adopt newer technologies, and evolve at the same pace as the private sector.
This problem was compounded by HMRC's experience in 2007, when it lost the child benefit records of 25 million UK families.
"Nobody in government will reward people for taking a risk. Any estimate could be applied to what HMRC had to invest [after it lost the child benefit data]. Certainly hundreds of millions of pounds of investment went in to training alone, and the chairman resigned," said McCluggage.
"So where is the incentive for an organisation to move and act quickly, and take risks, in the public sector?"
He added that this problem is even worse in security, which is largely driven from a risk-averse perspective.
"IT in the past put up big firewalls and defended its perimeter in an effort to keep nasty people out, and those times have changed."
McCluggage conceded that the ambition to evolve the government's cyber security is there, with last year's London Conference on Cyber Space, hosted by foreign secretary William Hague, proving that the issue is high on the Westminster agenda
"But how do you accelerate this lumbering machine?" he asked.
He cited the banking sector's experience as an example of a successful approach to both innovation and security.
"The banking sector has been quite successful," he said. "It has seen a 50 per cent reduction in online fraud in the last four years or so, because it has applied relevant and timely technology on a risk balance equation."
But he added that the government is going to struggle to catch up with the private sector, as there is currently little money left for IT development, with the £650m over four years pledged by the prime minister in October 2010 now largely apportioned.
"When digital by default comes along, the government will start to realise that they need to adopt new processes and measures to enable the security layer to adapt and work in same way as it does in the banking sector," he said. "The alternative is losing lots of money."
In McCluggage's view, the solution is not for the government to create its own solutions internally, but to take what works in the private sector, especially in the finance industry, and drop that into its mechanisms.
However, he believes that this plan will meet with internal resistance from civil servants trying to protect their jobs.
"The constraints are that most of the internal people [in government] are scared about that happening because they don't have the experience, and don't understand the private sector environment," he said.
"They worry that their jobs might be under threat. Their position of power is that government is a dark art and industry doesn't need to know about it. That's now being jeopardised because people are coming in to show other ways of doing things from the private sector."
Former government deputy CIO slams UK cyber security
Former government deputy CIO Bill McCluggage has hit out at the way the government approaches cyber security, referring to the pace of change as "glacial", the Computing reported.At a time when cyber security is high on the international agenda, with sophisticated and possibly state-sponsored malware attacking critical national infrastructure around the world, it appears as the government is not doing enough to ensure the UK's security.
"Security change happens at a glacial pace in government," said McCluggage. "The systems that the government deploys are generally big and brutish [which makes them slower to implement]."
McCluggage, now advisory technology consultant at information infrastructure firm EMC, explained that cyber criminals will benefit most from the inertia, while the UK economy suffers. Prime minister David Cameron claimed in November 2011 that cyber crime costs the UK economy £27bn per year.
"You're going to create an opportunity for fraudsters if you're not rapid in the way you deploy countermeasures in depth," stated McCluggage.
He added that government IT is habitually an extremely risk-averse environment, which makes it unwilling to adopt newer technologies, and evolve at the same pace as the private sector.
This problem was compounded by HMRC's experience in 2007, when it lost the child benefit records of 25 million UK families.
"Nobody in government will reward people for taking a risk. Any estimate could be applied to what HMRC had to invest [after it lost the child benefit data]. Certainly hundreds of millions of pounds of investment went in to training alone, and the chairman resigned," said McCluggage.
"So where is the incentive for an organisation to move and act quickly, and take risks, in the public sector?"
He added that this problem is even worse in security, which is largely driven from a risk-averse perspective.
"IT in the past put up big firewalls and defended its perimeter in an effort to keep nasty people out, and those times have changed."
McCluggage conceded that the ambition to evolve the government's cyber security is there, with last year's London Conference on Cyber Space, hosted by foreign secretary William Hague, proving that the issue is high on the Westminster agenda
"But how do you accelerate this lumbering machine?" he asked.
He cited the banking sector's experience as an example of a successful approach to both innovation and security.
"The banking sector has been quite successful," he said. "It has seen a 50 per cent reduction in online fraud in the last four years or so, because it has applied relevant and timely technology on a risk balance equation."
But he added that the government is going to struggle to catch up with the private sector, as there is currently little money left for IT development, with the £650m over four years pledged by the prime minister in October 2010 now largely apportioned.
"When digital by default comes along, the government will start to realise that they need to adopt new processes and measures to enable the security layer to adapt and work in same way as it does in the banking sector," he said. "The alternative is losing lots of money."
In McCluggage's view, the solution is not for the government to create its own solutions internally, but to take what works in the private sector, especially in the finance industry, and drop that into its mechanisms.
However, he believes that this plan will meet with internal resistance from civil servants trying to protect their jobs.
"The constraints are that most of the internal people [in government] are scared about that happening because they don't have the experience, and don't understand the private sector environment," he said.
"They worry that their jobs might be under threat. Their position of power is that government is a dark art and industry doesn't need to know about it. That's now being jeopardised because people are coming in to show other ways of doing things from the private sector."
Views: 1012
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World