Research by Dods indicates that despite high awareness in the public sector about cyber-security risks and the threat to national security, government officials feel that not enough attention has been placed on ensuring key ‘Digital by Default’ platforms are also ‘Secure by Default’.
Findings from the study, which was commissioned by McAfee and surveyed 815 government employees, indicates civil servants have concerns about the security posture of priority initiatives being driven by the Cabinet Office:
* Less than third of respondents agree or strongly agree that adequate consideration is given to cyber-security within the government reform agenda
* 28% of central government respondents believe SMEs are vulnerable to cyber attacks due to their involvement in the supply chain for the delivery of government projects. This figure rises to 35% amongst those working in roles which require a high level of knowledge or some knowledge of cyber-security issues
* Only 14% of respondents feel G-Cloud gives adequate consideration to cyber-security
* A mere 13% of civil servants stated cyber-security occupies a prominent enough position in the Universal Credit Programme
Cyber security is considered a tier one threat to national security and awareness for the potential ramifications were evident in the results with 60% of civil servants confirming cyber security is a high or top priority within their department. However, 47% believe that little or no knowledge of cyber security is needed in their positions. With more than 80% of those questioned working in central government and presumably handling highly-sensitive information, this lack of ownership and accountability could have serious ramifications.
The public sector faces a multitude of security challenges. The study found that the areas of most concern are data protection and security (36%), direct hacking attempts like DDoS attacks or SQL injections (17%) and attacks from foreign governments and criminal or terrorist organisations (14%). Considering the negative ramifications of these types of breaches – hefty fines from the ICO, damaging news headlines, interruption of public services offered online and the safety of Britons – it comes as little surprise that these were ranked as the top three.
While civil servants do acknowledge the risk posed by cyber attacks, just over half of respondents feel an important solution to the problems caused by the lack of digital skills is to run more dedicated training courses and high-potential development programmes for specialists in this field, while 41% call for stronger specialist teams within departments. Anecdotal responses gathered during the survey also hint that experience outside of the public sector may bring much needed cyber security expertise to government departments, with respondents saying the skills of those who have private sector experience are not fully utilised. Some examples of this feedback provide greater context to the current state of affairs within government:
Department of Health: “There IS no shortage of digital skills in the civil service. The most highly skilled civil servants in this area are in the lowest grades. This needs to change.”
Department for Work and Pensions: “Look within, there are many ex-private sector individuals including those working in ‘new media’ now working in the civil service who are frustrated with the silo approach, i.e. you only have an opinion if you are in GDS. Basic open invite asking for those with experience/interest would get you started.”
Department for Education: “Develop, strengthen and use existing staff with these skills. We don’t need to buy it in, we have the capabilities in house, it’s just that we don’t utilise them properly.”
Furthermore, this skills gap in the public sector may be compounded by a perceived disadvantage for those who leave the public sector to go on a secondment. A third of respondents believe that if civil servants leave central government and re-enter, it either slightly or badly damages their career.
Graeme Stewart, director, UK public sector strategy at McAfee said; “Government has invested £650 million in the National Cyber Security Strategy which ranks cyber security alongside terrorism as one of the four key security challenges facing the UK. Civil servants are our nation’s first line of defence, yet current government policy does not appear to be providing them with the incentives nor the training required to fully address the challenge. The results from this study are further proof that initiatives such as the Digital Government Security Forum (DGSF), designed to help counter specific cyber threats posed by digital service transformation by sharing best practice use cases across industry and wider public services, are needed. It’s only with a coordinated and concerted set of efforts that UK Plc can remain safe and a place for digital business to flourish.”