Public sector may get encrypted connections over PSN in defiance of PM

Civil servants risk clash with Number 10 following remarks made by PSN chief technology officer James Duncan

Days after prime minister David Cameron was pilloried by the security industry for threatening to ban encryption in the UK if re-elected, the Cabinet Office may have set itself on a collision course with Conservative Party policy after Public Services Network (PSN) CTO James Duncan said he was planning to allow PSN customers to connect using encryption over the internet.

In a blog posted to the government technology website, Duncan wrote of the need to acknowledge the majority of local and central government customers connecting to the PSN already had internet connections, while more and more government services were being moved online.

At the same time, he said the Cabinet Office was increasingly aware current PSN policy does not enable connections to be made over the internet.

“We need to embrace the internet as a transit method for data that is, under certain constraints, suitable for [government security classification] Official,” said Duncan.

“To that end, we’re creating an option for connectivity that allows customers to connect using suitable encryption, via the internet.

“This will broaden the accessible market for suppliers and increase the number of consumers on the network.”

Dangerous, ill-thought out and scary

Cameron’s plan to ban encryption came in the wake of increased national security concerns arising from the Charlie Hebdo massacre in Paris.

Besides rendering messaging apps such as WhatsApp and Apple's FaceTime potentially illegal in the UK, the PM was warned such a policy could also leave traffic to banking and retail websites dangerously exposed.

Open Rights Group executive director Jim Killock branded the idea “dangerous, ill-thought out and scary”.

Tech pundit Cory Doctorow tweeted that the move would “endanger every Briton and destroy the IT industry”.

PSN evolution continues

Even though the PSN’s replacement – the Network Services Framework (NSF) – is set to go live in April 2015, Duncan outlined a number of other evolutions the network will undertake to make life easier for the local authorities and government departments that connect to it.

He questioned the need for two PSN networks, one for Impact Level 2 traffic and one for protected Impact Level 3 traffic, now that following the government’s reclassification of security levels in 2014, both networks only carry Official traffic.

He said he planned to talk to suppliers, customers and stakeholders about how to make PSN a single network, where information can travel seamlessly from one end to the other.

On compliance and accreditation, Duncan conceded PSN had been challenging for users and said the compliance regime was “fraught with problems”.

“We are evaluating alternate certification schemes, such as Cyber Essentials, that simplify the criteria and reduce the burden for customers, while ensuring a known baseline standard for cyber security has been reached,” he said.

The Cabinet Office is also planning to change over-the-top service assurance to be more in-line with G-Cloud, possibly removing the pan-government accreditor, which accredits services against the requirements for the Impact Levels and had created a costly bottleneck for suppliers.

Read more on Telecoms networks and broadband communications