Councils threatened with disconnection from PSN in escalating security row

A London council was hours away from being disconnected from the public sector network, in an row between central and local government over security compliance

One London council was just hours away from being disconnected from the public sector communications network, Computer Weekly has learned, in an escalating row between central and local government over security compliance.

The unnamed council is just one of many across the country that has been threatened with disconnection from the Public Services Network (PSN) for failing to comply with “highly prescriptive” new security rules issued by the Cabinet Office.

Being disconnected from the PSN could mean a local authority is unable to fully carry out its public duties. Connection to PSN is required for public services that are centrally and locally managed or delivered, such as housing benefits. If a council lost connection to PSN, it would be unable to exchange benefits data with the Department for Work and Pensions, for example.

Computer Weekly has seen a copy of a letter from Carolyn Downs, chief executive of the Local Government Association, sent to Stephen Kelly, the Cabinet Office chief operating officer, which contains scathing criticism of Whitehall’s approach to forcing councils to comply with the PSN Code of Connection (CoCo).

“We wish to convey the growing frustration and level of concern about the approach to councils regarding their compliance to the code of connection for PSN,” said the Downs, in her letter, which was co-signed by several local government representative bodies, including Solihull Council CIO Steve Halliday, as president of user group Socitm, and Hampshire County Council CIO Jos Creese, as chair of the Local CIO Council.

The letter talks of “real anger” from councils, and describes the current situation as a “car crash that is waiting to happen”.

More on local government IT

The situation has worsened since the summer, when councils received correspondence warning of potential disconnection from PSN if they were unable to comply with the CoCo in time.

Local authorities have warned that a number of IT initiatives put in place to support digital government plans, and moves to cut costs such as mobile working, have been jeopardised by the demands.

For example, according to a report on Publictechnology.net, Falkirk Council has been forced to stop staff accessing council systems remotely or risk disconnection over security fears.

Mobile working and bring your own device (BYOD) schemes have been actively pursued by local authorities as one way to meet the budgets reduced by the government’s austerity policies.

The letter to the Cabinet Office stated that councils support the principles of PSN security, but have real problems with the expectations placed upon them.

“The current approach being taken with councils is very ‘blunt’, at best patronising and at worse creating a very negative perception of the Cabinet Office’s approach to PSN, joint working and the programme. As such it is proving ineffective and counterproductive,” said the letter.

“A more collaborative approach [is] welcomed by the sector. However, subsequent actions have demonstrated that nothing has changed in how councils are being dealt with individually, which is resulting in real anger and challenges to the integrity of the PSN office,” it said.

“Letters threatening disconnection continue to be sent widely without any meaningful conversation with the councils concerned about compliance issues, which is both frustrating for the recipient and unlikely to result in the issue being resolved. It is creating avoidable costs for all concerned at a time of increasing resource pressures,” it continued.

“While we completely understand the need for a central place of security in the PSN programme, the insistence that the sector adopts a blanket approach to a highly prescriptive security requirement, actively hinders transformation, reform, efficiency, collaboration and shared working across the public sector and improved staff productivity – all critical government policy priorities.”

Councils that have embraced progressive flexible working strategies and schemes such as bring your own device (BYOD) over the last year will, in all probability, have to abandon them or change them so much that they become unaffordable or untenable

John Jackson, CIO, Camden Council

In October, public sector user group Socitm negotiated a revised compliance programme for PSN CoCo with the Cabinet Office, which aimed to alleviate the pressure on councils. At that time more than 300 public sector organisations had yet to achieve PSN compliance amid a “zero tolerance” approach to compliance.

But the letter to Kelly, dated 14 November, suggests that a revised programme failed to remove the pressures and frustrations felt by councils.

The Cabinet Office told Computer Weekly that most councils have already achieved PSN compliance.

“Any organisation connected to government networks must comply with minimum security standards. Of the 588 public sector organisations that need to establish Public Services Network (PSN) compliance, 370  have now completed the process," said a spokeswoman. 

"We have gone to great lengths to make the process as straightforward as possible, but will continue to work with all organisations, including local authorities, improving the support, guidance and advice we provide to help them make the transition to PSN.”  

Writing in an article for Computer Weekly, Camden Council CIO John Jackson described the PSN CoCo requirements as “draconian” and warned that vital projects will be affected.

“Councils that have embraced progressive flexible working strategies and schemes such as bring your own device (BYOD) over the last year will, in all probability, have to abandon them or change them so much that they become unaffordable or untenable,” wrote Jackson.

“Strong-arm enforcement tactics have not helped either. Over the summer the application of a zero tolerance approach for PSN CoCo compliance created unnecessary tension. It meant that councils that were previously felt to be secure received correspondence threatening to cut them off from PSN.”

Local government representatives met with Cabinet Office officials on 22 November to discuss the situation, in the hope of agreeing “a plan that is credible to win back the support and co-operation of the sector”.

Computer Weekly has learned that Socitm is due to release an updated briefing note on the latest developments this week.

 

Read more on IT for government and public sector

CIO
Security
Networking
Data Center
Data Management
Close