The last remaining local authority has finally transitioned onto the Public Services Network (PSN), almost six months past the security compliance deadline.
Andy Beale, director of common technology services at the Government Digital Service (GDS), confirmed via Twitter that the final council - later named as Telford & Wrekin in the West Midlands - had connected to the network saying it was a “big day” for the PSN team.
GDS took over the management of PSN in April after councils found themselves at loggerheads with the Cabinet Office over its prescriptive approach to compliance.
To connect to the Public Services Network (PSN), public bodies - including local councils, government agencies and Whitehall departments - had to ensure their security connections were compliant with a code of connection (CoCo) set by the Cabinet Office. Organisations were given until 1 April 2014 to become CoCo compliant, but three local authorities missed the deadline.
The Cabinet Office has since been working closely with those organisations to ensure they had a robust plan to transfer off the old GSi/GCSX Government Secure Network infrastructure and onto PSN.
In the months leading up to the compliance deadline, arguments over PSN security compliance between local government and the Cabinet Office hit a tipping point when one local council was only hours away from being disconnected from the network.
The unnamed council was just one of many across the country that had been threatened with disconnection from PSN for failing to comply with the “highly prescriptive” security rules issued by the Cabinet Office.
Some councils were concerned that their bring your own device (BYOD) schemes which were put in place to meet austerity budgets, would have to be reassessed in order to comply with PSN CoCo measures.
More on PSN:
- Why have organisations failed to make PSN compliance deadline?
- PSN gets encryption for higher security levels
- PSN makes changes to reduce risk
- Cabinet Office commissions PSN working group
- 37 organisations at “significant risk” of missing PSN security deadline
- Councils threatened with disconnection from PSN in escalating security row
Last week John Jackson, CIO of Camden Council, told Computer Weekly that GDS has reviewed and revised the strict compliance policies.
“Clearly GDS and others recognise they got it wrong with CoCo and I think they’ve been looking at how they can recover from that and what needs to be done,” he said.
Jackson said that he and Beale have been discussing how to harmonise the codes of connection. The Communications-Electronics Security Group (CESG) - the IT security arm of GCHQ - recently visited Camden Council to talk about its BYOD policy and to learn from the local authority which has seen its BYOD adoption rates soar by 240%.
Only last month, GCHQ produced new guidance to private and public sector organisations who want to allow employees to use personal devices at work. But the document only went into brief detail about how organisations should plan for BYOD policies and consider the risks, while having actions in place to mitigate security breaches if phones are lost or stolen.
“They [CESG] completely get it that PSN isn’t about locking it all down, but how we drive innovation and share collaborative working,” said Jackson. “They recognise there needs to be more flexibility. I just see positives and more positives."
Jackson said the next challenge is how to bring collaborations between health and government closer together.
Currently the two sit on two different frameworks, PSN and the NHS N3 framework, which is due to be upgraded. The two networks also have different security compliance regulations.
But a PSN for Health (PSNH) project - a major project currently being looked at by government - will aim to deliver a wide area network (WAN) to support the needs of health and care.
With information sharing needs across the public sector growing exponentially, PSNH would allow better communication between the NHS and the wider public sector. However, this project and the extension of N3 are currently two of the projects flagged by the Major Projects Authority as "red", meaning they require urgent action or reassessing to be delivered successfully.
“It’s just expensive, different frameworks – it’s a big one. The thing is if we can harmonise and effectively move towards doing it once, simplify the process, drive out costs, and not having to pay for multiple schemes, people working from a common reference point and data sharing becomes less murky,” said Jackson.