Wider public sector needs better understanding of cyber security

Local government, the NHS and the wider public sector needs to have a better understanding of the threat of cyber security

Local government, the NHS and wider public sector need to have a better understanding of the threat of cyber security.

In a National Cyber Security Programme update report published today, the National Audit Office (NAO) revealed that, while the government has made good progress improving its understanding of cyber threats to national security, there is still room for improvement across the wider public sector.

The report stated there is a good understanding of the threat by central government, but this understanding “diminishes the further away organisations are from the centre”.

“Central government departments unused to dealing with national security or fraud-related threats and NHS and local government organisations have a more varied, but limited understanding of the threat and do not yet understand what would represent an appropriate level of threat protection,” said the report.

The report also highlighted how the development of internet of things (IoT) and smart cities would see threats increase as government tries to deliver services through these digital channels.

To mitigate this risk, the report stated the Cabinet Office has provided additional support for those departments at the greatest risk of fraud, such as HM Revenue & Customs and the Department for Work & Pensions. 

The Cabinet Office has also included a wider number of central government departments participating in the National Cyber Security Programme for this year, including Department for Transport, the Department of Health and the Department for Environment, Food and Rural Affairs.

The NAO says the majority of local authorities are also now meet the Public Services Network (PSN) local connection standards, with 80% due to be on the Network by 2016.

The National Cyber Security Programme

When the government announced its intentions to create a cyber security programme in 2010, £650m was allocated over four years to close the gap between the ‘requirements of a modern digital economy and the rapidly growing risks associated with cyber space.’ The Chancellor of the Exchequer also announced an extra £210 million investment after the 2013 spending review.

This summer, GCHQ certified six masters degrees focused on cyber security, as part of the National Cyber Security Programme.

The NAO report said the government is continuing to make good progress in implementing the programme, which is helping to build capability, mitigate risk and change attitudes, as well as taking advantage of opportunities for economic growth. The programme is even on track to spend its budget of £860m by March 2016.

 “But cyber threats continue to evolve and the government must increase the pace of change in some areas to meet its objectives,” said the report.

Meanwhile, the report says that, while the government has made some progress encouraging businesses and citizens to protect themselves against cyber attacks, communicating guidance to small to medium sized enterprises has been limited.

Read more on IT for government and public sector

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

The most critical of needs lies at the heart of this - and it is the use of language and the interpretation of cyber security at its most fundamental. We have to step down from the podium of expertise and get to the users. Break down barriers of understanding, and put into place, simple, understandable security strategies. ICT Departments in the Public Sector, and Information Officers need to ensure that they put the knowledge into the hands of the users. I saw a particular situation arise where tardy IT response to user demands led to a near disaster in a local authority, with schools taking upon themselves to allow BYOD without any sort of support or strategy. It was as though the IT Manager was a rabbit caught in headlights.
Start by equipping the users to understand the fundamentals of personal and corporate security - then such mistakes will be less likely to arise.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close