The private sector will be asked to support government
initiatives to improve the quality of the
data it collects, stores and shares about citizens and
businesses.
Richard Mottram, the Permanent Secretary for intelligence,
security and resilience, will launch the government’s Information
Assurance (IA) strategy this week.
Philip Virgo, secretary general of
The European Information Security Group (Eurim), an independent
body of MPs and business representatives, welcomed the
initiative.
“It is excellent news that the government is getting its act
together. We are looking forward to seeing what is in the
strategy,” said Virgo.
Virgo said the business community has been "annoyed and angry"
at the variable quality of security of the government systems with
which they have to exchange information.
Eurim is likely to convene meetings to discuss the implications
of the
Information Assurance initiative and to offer advice, once the
details emerge, he said.
Roger Styles, deputy director of the IA project in the Cabinet
Office, admitted government’s approach to Information Assurance is
“about 10 years” behind the financial services sector.
Speaking at the Cybersecurity Knowledge Transfer Network annual
conference, Styles said the Information Assurance strategy aims to
give central and local government departments, the private sector
and citizens greater confidence in the quality of data in its
various information systems.
Styles said it had become increasingly important because of the
pervasive nature of IT, the “criticality” of IT in delivering
services to citizens, the pace of change in IT, the greater
sophistication and frequency of threats to IT systems, and the
growing use and impact of data-sharing between government
departments and the private sector.
“Data must be used wisely and
shared responsibly within the law,” he said.
Styles said it is essential for the UK to have “a sovereign
capability” with respect to information assurance. He suggested
that the government could leverage its £14bn yearly spend on IT to
develop a set of IA tools, such as strong cryptography and best
practices, which the UK could export.
“We need a business case that will persuade government and
businesses of the value of Information Assurance. We need to break
through the glass ceiling to the investing boards because we do not
want this delegated down because board members do not understand
it.
“We could just be bloody-minded and say ‘do it like this’, but
the carrot is business continuity and resilience," said Styles.
He said there are 29 departments of state and another 300-odd
government agencies, all of which need to buy into the strategy.
“We need to change public sector attitudes to information
assurance,” he said, adding he is hoping for some “quick wins” this
year.
Styles said the Information Assurance timetable will be tied to
the Transformational Government initiative, which aims to change
the way government uses IT by 2011.
Government needs to build trust in e-services >>
Cabinet Office awards quality mark for
Pocket PC security >>
The European Information
Security Group (Eurim) >>
Cyber Security Knowledge Transfer Network >>
Comment on this article:
computer.weekly@rbi.co.uk