Stuart Monk - Fotolia
The Government Digital Service (GDS) has signalled a move away from the Public Services Network (PSN) – the multi-supplier, high-performance network that provides assured secure connections across a wide range of public sector bodies – after a meeting of its Technology Leaders Network decided the internet was an adequate tool for the job.
Up to now, the prevailing wisdom within government has held that as the public sector shares services and exchanges data, it is extremely important that all parties can rely on the basic security and integrity of everyone else’s technology – hence the controversy over PSN accreditation and security compliance that occurred when the system was being set up in early 2014.
However, as more public sector systems are moved to public cloud services, GDS said the expectation that the public sector would communicate over the PSN could cause confusion and add complexity for both the public sector and its suppliers.
Also, new ways of providing assurance, such as using standards-based approaches to email security, transport layer security for web transaction encryption, and virtual private networks (VPNs) meant the internet was coming to be seen as a more sensible solution.
“For the vast majority of the work that the public sector does, the internet is OK,” wrote GDS director of technical architecture and head of technology, James Stewart, on the government’s technology blog.
“We will often need to deploy the sort of security measures described above, along with a host of other measures to ensure basic application-level security, but we increasingly need to do that even when services are on the PSN. This then opens up the question of whether the extra layer of complexity is really helpful.
“So that means we are on a journey away from the PSN.”
Read more about the PSN
- The government makes public data gleaned from its monitoring of the performance of the Public Services Network to help customers understand their networks.
- Following a successful public beta of the updated Public Services Network compliance regime, the process has now gone live.
As of now, GDS is recommending that new services be made available on the public internet and secured using best available standards-based approaches. In future, GDS will take the opportunity to move services that are being updated or changed to the internet.
Stewart pointed out that organisations that need to access services that – for now – are available only on the PSN will still need to connect to it and meet all current and future assurance requirements to do so.
Moving forward, Stewart did not commit to providing a full timeline for moving off the PSN, but said GDS would remain in close contact with users and suppliers. PSN head Mark Smith had already started to work with data scientists at GDS and the National Cyber Security Centre (NCSC) to look into new ways of providing assurance data, he said.
Stewart also reaffirmed the government’s commitment to ensure that the widest possible range of suppliers offering the highest-quality mix of options were still available, and to work with both the Tech Leaders Network and the wider community to identify common issues and resolutions.