Digital by Default versus Cybersecurity: herding the sheep on-line to be fleeced

The formation of government policy has been compared to herding sheep. You check the walls and fences (with ministerial statements as to what will NOT be done) and close the gates (with negative answers to Parliamentary  Questions about unwanted options),  leaving only on line of retreat for when the media dogs panic the sheep. On Sunday night I watched the first episode of the new series of “One man and his Dog“. The main difference was that the shepherds had a specified series of objectives to achieve and the performance marking system was also agreed in advance, even if the dogs who were to the work had no more idea than the sheep as to what the objectives were. 

When HMG announces a cross-cutting strategy it will be that set of compromises which the Cabinet Office can negotiate between the departmental tribes of Whitehall and those of Downing Street, coated with layers of spin and wishful thinking. What is delivered (before it is forgotten or changed) will be those actions which fit departmental objectives and for which there are budgets.  This pattern of behaviour derives from the Haldane Report in 1918, which began the restructuring of public services, (benefits, education, health, welfare etc.)  around centralised vertical silos, fit for a steam-age Nation State.  In 1968 the Fulton report  recommended the professionalization of the Civil service, for the age of data processing.

Enhanced by Zemanta

Martin Stanley gives an excellent account of what has happened since but we cannot wait until 2018 to begin the changes neededfor when the age of on-line communities, (local, global and virtual) destroysfaith in the competence of centralised bureaucracies. HMG, with no speedbetween panic and manana, can be no more trusted to respond constructively thanthe one-way only Eurocrats (with no reverse gear to undo past mistakes) can beexpected to address the failure to create a globally competitive single marketthat underlies the current pan-EU crisis. The big difference between Britonsand most continental Europeans is that the latter have less confidence in thecompetence of their own governments than they do in that of Germany. Hence the apparententhusiasm, even among the French for pan-EU Anschluss

So what faith can we have in policies to encourage the mostvulnerable in society to transact on-line before we have made it safe for themto do so. The budget allocations behind the Cybersecurity strategy indicate thatit is primarily concerned with electronic warfare and surveillance. Butconsider the pain, suffering, cost and political consequences if the digital identities of those most dependenton benefits were to be systemically stolen during the run-up to the nextelections would. 

Will the resources of GCHQ be used to help track, trace andremove those already looting nearly £30 billion a year (and rising as more goeson-line) from public funds?  If so, thepayback to the Treasury for its £650 million would be spectacular and we couldindeed “race on-line” with confidence. We would also be able to afford another£650 million to equip our armed forces for the age of cyberwarfare as UKeconomic recovery is built around London (and its back offices in all parts ofthe UK with gigabit and terabit connections) as a global hub for on-linetransaction and information and entertainment services.

Remember that the future is made by those who want it happenand more “real” change happens during recession (when organisations has to respondto challenges in order to survive) than during boom times (when they can simplythrow money at problems).

On Monday I chaired a meeting of the Conservative TechnologyForum on joining up the networks (broadband, energy etc.). I was agreeably surprisedat the way parts of the broadband implementation programme are acceleratingwhile others appear stuck in regulatory aspic. On Tuesday I chaired a EURIM meetingto plan the provision of guidance on the procurement of trusted computingproducts and services. Again there was some good news. A surprisingly largeproportion of the equipment shipped over recent years for business use containsthe chipsets necessary – the task is “merely” to register and use it to authenticatetraffic.

The big issue is, however, how to join up the socialinclusion and cybersecurity agendas. That entails turning the rhetoric andwishful thinking of “partnership” into reality, driven on the ground by thosewho are serious about cutting the cost of protecting their organisations at thesame time as they improve the security and ease of use of the on-line services theyprovide to their customers.

IT suppliers rabbit on about how their users need to change buthow many are willing to work together in order to improve the odds of collectivesurvival as opposed to pissing in the winds of change – fighting to protectbusiness models that have passed their sell-by date alongside the steam age bureaucraciesof their bankrupt  public sector customers. Once again there is good news. Many, perhaps most, have recognised the need for fundamental change. But there are rumours that some have threatened to go to law in order to delay changes, such as the move to open inter-operability standards (of all types, not just technical)  for public sector procurement, that are inevitable. If that is correct, the consequences may well prove to as expensive for them as for the rest of us.