Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

UK Public Accounts Committee slams government on cybersecurity strategy

Tamlin Magee | Feb. 7, 2017
The government's approach to personal data breaches has been described as "chaotic"

The Public Accounts Committee has taken the government to task over a lack of action on addressing cyber security in the UK - and that poor reporting of breaches and low oversight in general reduces its confidence in the Cabinet Office to protect the country from cyber threats.

The report cites cyber security as one of the biggest threats that faces the country today, but committee chair Meg Hillier said that the government's approach to personal data breaches "has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher threat attacks".

She went on to say that the Cabinet Office is "undermined by inconsistent and chaotic processes for recording personal data breaches".

And Hillier said that it "should concern us all that the government is struggling to ensure its security profession has the skills it needs". She recommended that government communicates "clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support".

The first of the PAC's recommendations is that it develops a plan for the National Cyber Security Centre, a recently formed body created to foster dialogue between government and industry in cybercrime. It should, the report argues, clearly set out what and who it will support, as well as the assistance it will provide and exactly how it intends to communicate with organisations that need its assistance.

The government should also create a "clear approach" for the protection of information in all public sector institutions, and not just in central government, the report says. Central government should also commit to regular assessments of performance and cost for cyber security, review information projects such as the Public Services Network, and regularly consult with the Information Commissioner's Office (ICO) on establishing best practice guidelines.

And the last point is that the government is struggling to bring in cybersecurity professionals with the right skills - and recommends that the government replies to the PAC within six months, to report on how it plans to improve this.

Speaking with Computerworld UK, Javvad Malik, security advocate for AlienVault, acknowledged that the skills gap has been a challenge for businesses - but will be compounded for government.

"Private enterprises can often offer greater salaries and other benefits to security professionals," Mailk said. "Therefore, it's not just finding talent that's tough, but also retaining the skill - in the big scheme of things the cyber security industry is still in its infancy and as a result it's difficult to establish what constitutes an adequate baseline for what's appropriate."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.