Research released by Dods suggests that despite awareness in the public sector about cyber-security risks, government officials feel that not enough attention has been placed on ensuring key ‘Digital by Default’ platforms are also ‘Secure by Default’.
Findings from a study, commissioned by IT security company McAfee and surveyed 815 government employees, indicates civil servants have concerns about the security posture of priority initiatives being driven by the Cabinet Office:
· Less than third of respondents agree or strongly agree that adequate consideration is given to cyber-security within the government reform agenda
· 28pc of central government respondents believe SMEs are vulnerable to cyber attacks due to their involvement in the supply chain for the delivery of government projects. This figure rises to 35pc amongst those working in roles which require a high level of knowledge or some knowledge of cyber-security issues
· Only 14pc of respondents feel G-Cloud gives adequate consideration to cyber-security
· A mere 13pc of civil servants stated cyber-security occupies a prominent enough position in the Universal Credit Programme
Cyber security is considered a tier one threat to national security and awareness for the potential ramifications were evident in the results with 60pc of civil servants confirming cyber security is a high or top priority within their department. However, 47pc believe that little or no knowledge of cyber security is needed in their positions. With more than 80 per cent of those questioned working in central government and presumably handling highly-sensitive information, this lack of ownership and accountability could have serious ramifications, it is claimed.
The public sector faces a multitude of security challenges. The study found that the areas of most concern are data protection and security (36pc), direct hacking attempts like DDoS attacks or SQL injections (1pc%) and attacks from foreign governments and criminal or terrorist organisations (14pc). Considering the negative ramifications of these types of breaches – fines from the ICO watchdog, damaging news headlines, interruption of public services offered online and the safety of Britons – it comes as little surprise that these were ranked as the top three.
While civil servants do acknowledge the risk posed by cyber attacks, just over half of respondents feel an important solution to the problems caused by the lack of digital skills is to run more dedicated training courses and high-potential development programmes for specialists in this field, while 41pc call for stronger specialist teams within departments. Anecdotal responses gathered during the survey also hint that experience outside of the public sector may bring much needed cyber security expertise to government departments, with respondents saying the skills of those who have private sector experience are not fully utilised. Some examples of this feedback provide greater context to the current state of affairs within government:
· “There IS no shortage of digital skills in the civil service. The most highly skilled civil servants in this area are in the lowest grades. This needs to change.”
Department of Health
· “Look within, there are many ex-private sector individuals including those working in ‘new media’ now working in the civil service who are frustrated with the silo approach, i.e. you only have an opinion if you are in GDS. Basic open invite asking for those with experience/interest would get you started.”
Department for Work and Pensions
· “Develop, strengthen and use existing staff with these skills. We don’t need to buy it in, we have the capabilities in house, it’s just that we don’t utilise them properly.”
Department for Education
This skills gap in the public sector may be compounded by a perceived disadvantage for those who leave the public sector to go on a secondment. A third of respondents believe that if civil servants leave central government and re-enter, it either slightly or badly damages their career.
Graeme Stewart, director, UK public sector strategy at McAfee said: “Government has invested £650 million in the National Cyber Security Strategy which ranks cyber security alongside terrorism as one of the four key security challenges facing the UK. Civil servants are our nation’s first line of defence, yet current government policy does not appear to be providing them with the incentives nor the training required to fully address the challenge. The results from this study are further proof that initiatives such as the Digital Government Security Forum (DGSF), designed to help counter specific cyber threats posed by digital service transformation by sharing best practice use cases across industry and wider public services, are needed. It’s only with a coordinated and concerted set of efforts that UK Plc can remain safe and a place for digital business to flourish.”
Methodology
Study commissioned by McAfee in May 2013 and by McAfee in association with Dods surveyed UK civil servants and local government staff about the importance of data, security awareness, security incidents, security education in their companies as well as their needs and wishes with regards to IT security education. The surveys were sent to a field of over 30,000 civil servants and generated 815 responses. Visit http://www.mcafee.com
