Dominic Fortescue, the chief security officer for Whitehall Government, was this morning’s, opening speaker at the Security Institute’s week-long virtual conference, writes Mark Rowe.
The questions thrown at him showed how government security has demanding tasks that touch on everyday lives and ethics. The articulate way that Dominic answered was a sign that any stereotypes of the civil service as bland and set in their ways is old hat – not that civil servants wear bowler hats any more. He’s two years into that job as Government CSO – with 14,000 people under him, and the title of director-general of government security group within the Cabinet Office, the central government department that’s in charge of governing.
But for coronavirus, the story of the year ought to be the strides made by the UK’s Government security function. Featured in our August edition was the remarkably thorough online document setting out Government security – its arms (cyber, personnel and physical), and what qualities and qualifications you ought to have, to seek the various levels of jobs. In short, security management mapped out, in a way that sets a bar for other sectors – whether retail, banking, industry or utilities, or campuses. It’s part of a larger body of work to professionalise the dozen or more functions of government, whether finance or counter-fraud.
He gave full and nimble answers to questions from webinar chairs Rick Mounfield, Institute chief executive, and Sarah Austerberry, who herself gave a recent webinar for the Institute on security culture. Rick invited Dominic to state why government has decided now to open up to engage with the wider security profession (including by speaking and joining in the webinar). Dominic admitted ‘we needed a much stronger centrally driven function from the heart of government’.
Later the questions were as tough as could be – first, about personnel security. When any employee, in the public or private sector, is screened, it can only be a snapshot – did Dominic recommend ‘ongoing monitoring of personnel for signs of them becoming an insider risk’? In his answer he made plain that it’s for line managers – that is, the non-security civil servants – to spot signs of disaffection, and that security in this field is as much as employee well-being (as some CPNI training materials have also laid out).
Even more sensitive was ‘where do you stand on foreign investment and control in critical national infrastructure’? Sensitive because it has cropped up lately – over whether China should have a part in the new nuclear power station that energy firm EDF is building at Hinkley Point in Somerset; and more recently whether Huawei should have products in Britain’s telecoms CNI. And sensitive because it mixes politics – the UK’s relations with such powerful countries as China; and economics – can the UK be choosy about where it takes investment from? Dominic replied that government is working on understanding what foreign control of UK CNI there may be (‘that’s more challenging than you might think’) and a mechanism for managing it.
Answering Rick’s question about inclusivity, Dominic made it plain that he favours diversity for ethical and practical reasons – ‘we want equality across the piece, we want to give everybody equal opportunity’, and because of the ‘business’ benefits, of gaining a range of views, whether setting policies or devising comms campaigns to appeal to everyone, whatever their geographical region, ethnicity or gender.
A final question was about AI; Dominic replied in terms of a balance between gains from its use by government, and privacy concerns (‘there will be a mid-point somewhere which gives decent security advantage but looks sensible from a privacy perspective as well. I am confident we will find the sweet spot’), while showing that data-gathering is ‘a very live debate in government as it is in society as a whole’.
The rest of the week runs at 10am and 3pm respectively, besides a week-long virtual exhibition with a spoken welcome by the Institute’s president, former SIA chair Baroness Henig, who notes that ‘each of you has witnessed changes in your working lives’, meaning the usual physical gathering in London for such a conference is not possible, but the virtual format allows Institute members and guests to log in without disrupting their working day.
The timetable for the rest of the week:
this afternoon, CPNI Engineering.
Tuesday October 20 – 10am Engr Arif – SIRA, the Dubai security regulator. 3pm – Professor Brooke Rogers of Kings College London (KCL).
Wednesday, October 21 – 10am – Minter Dial, author and film-maker. 3pm – Adam Thompson – NaCTSO.
Thursday, October 22 – 10am – Dr David Brooks, of Edith Cowan University, Perth, Australia. 3pm – Libby Jackson of the UK Space Agency.
Friday, October 23 – 10am – Plenary Session with Institute inclusivity SIG co-founder and CISO Mahbubul Islam, Claude Fackha, Tony Gaidhane, and Louisa Schneller.
The week closes at 3pm on Friday with the charity auction in aid of the Security Benevolent Fund.
