Private sector asked to back government Information Assurance strategy

The private sector will be asked to support government initiatives to improve the quality of the data it collects, stores and shares about citizens and businesses.

The private sector will be asked to support government initiatives to improve the quality of the data it collects, stores and shares about citizens and businesses.

Richard Mottram, the Permanent Secretary for intelligence, security and resilience, will launch the government’s Information Assurance (IA) strategy this week.

Philip Virgo, secretary general of The European Information Security Group (Eurim), an independent body of MPs and business representatives, welcomed the initiative.

“It is excellent news that the government is getting its act together. We are looking forward to seeing what is in the strategy,” said Virgo.

Virgo said the business community has been "annoyed and angry" at the variable quality of security of the government systems with which they have to exchange information.

Eurim is likely to convene meetings to discuss the implications of the Information Assurance initiative and to offer advice, once the details emerge, he said.

Roger Styles, deputy director of the IA project in the Cabinet Office, admitted government’s approach to Information Assurance is “about 10 years” behind the financial services sector.

Speaking at the Cybersecurity Knowledge Transfer Network annual conference, Styles said the Information Assurance strategy aims to give central and local government departments, the private sector and citizens greater confidence in the quality of data in its various information systems.

Styles said it had become increasingly important because of the pervasive nature of IT, the “criticality” of IT in delivering services to citizens, the pace of change in IT, the greater sophistication and frequency of threats to IT systems, and the growing use and impact of data-sharing between government departments and the private sector.

“Data must be used wisely and shared responsibly within the law,” he said.

Styles said it is essential for the UK to have “a sovereign capability” with respect to information assurance. He suggested that the government could leverage its £14bn yearly spend on IT to develop a set of IA tools, such as strong cryptography and best practices, which the UK could export.

“We need a business case that will persuade government and businesses of the value of Information Assurance. We need to break through the glass ceiling to the investing boards because we do not want this delegated down because board members do not understand it.

“We could just be bloody-minded and say ‘do it like this’, but the carrot is business continuity and resilience," said Styles.

He said there are 29 departments of state and another 300-odd government agencies, all of which need to buy into the strategy. “We need to change public sector attitudes to information assurance,” he said, adding he is hoping for some “quick wins” this year.

Styles said the Information Assurance timetable will be tied to the Transformational Government initiative, which aims to change the way government uses IT by 2011.

Government needs to build trust in e-services >>

Cabinet Office awards quality mark for Pocket PC security >>

The European Information Security Group (Eurim) >>

Cyber Security Knowledge Transfer Network >>

Comment on this article: [email protected]

Read more on IT risk management