Government digital

Cybercrime: securing local government

By: Phil Davies, Director Network & Infrastructure Systems at Thales UK
Published: Wednesday, September 23, 2015 - 15:54 GMT Jump to Comments

There is a serious cyber threat to local government, but low cost investments can reduce the risk.

Once again, public sector cybercrime was brought into the limelight earlier this summer. Suffering at the hands of a massive breach was the US Office of Personnel Management (OPM); the hack compromised the sensitive information of over 21 million federal employees and their co-habitants.

Whilst the UK looked on with awe and fear at the scale of the attack, few turned to reflect on our own Public Sector information security.

There was less attention, for example, around the cyber attack on our own soil earlier this summer, in which 13,000 email addresses were stolen from an Edinburgh City Council database. As well as 400 council employees, thousands of members of the public who had previously provided an e-mail address when registering online for public services were affected.

Whilst only a tiny fraction of the size of the OPM breach, this recent attack is the second successful data breach on this council in the past five years. The last hack, in December 2011, compromised the personal information of anyone who had contacted the Council’s debt advice service. With credit card details among those stolen, all potential victims were then advised to check bank and credit card statements for suspicious activity.

Government as a target

With the wealth of sensitive information that it holds, government is a serious target for cybercriminals. So much so that the NTT Com Security's 2015 Global Threat Intelligence Report, released earlier this summer, reported that the public sector is now a prime target for malware attacks in the UK.

40% of all malware attacks in 2014 targeted this sector, and the government’s ‘Digital by Default’ programme only looks to increase the attractiveness of cybercrime as more citizen data is captured, stored and accessed online.

With this growing threat, local government must ensure that they are making the right investments to protect the sensitive information of their employees and constituents. This may seem daunting to councils that are increasingly feeling the pinch – but the cost of losing citizens’ data is ultimately significantly higher.

Responsibility for a breach must land somewhere; the former OPM director, Katherine Archuleta, resigned as a result of the OPM hack.

Smarter Procurement

Better security doesn’t have to mean increased cost. In the public sector, departments frequently allow their current suppliers to monopolise security procurement. It is common to only contact existing suppliers when buying new services, in the hope that they’ll provide extra savings or service extensions to avoid paying any initial set-up costs.

Security bolt-ons not only result in more expensive security procurement, but can also miss key vulnerabilities. It’s important that local government works to gain a broader, comprehensive vision for their security needs by communicating with other service providers. Not only will this provide a more complete package, but will ensure that they don’t pay for services they don’t need.

Public Sector IT directors should be reassured that a more cost-efficient contract could be delivered by a third party. For example, web and email boundary protection (or Gateways) can now be bought in as a separate service, rather than being sourced from existing suppliers.

These little changes help councils reduce cost by only buying the security components they need, instead of extending or adding to a large contract which may no longer meet their needs.

It’s clear that as purse strings tighten, local government has a difficult balancing act between reducing spending on security procurement without increasing the risk to citizens’ data. That’s why it is essential that IT directors be smart in their security investment. Sensible, strategic investments are required to reduce information security risk without making security an expensive, inefficient bolt on.

The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of The Information Daily, its parent company or any associated businesses.

Comments

Latest

Outdated infrastructure and an increasingly fragmented market threaten the future of technology-enabled integrated care.

County Durham voters back devolution in the North-East, Sir Digby Jones considers run for West Midlands mayor…

The recent launch of The Mayoral Tech Manifesto 2016 on London’s digital future, sets out a clear agenda…

The manufacturing industry is currently facing scrutiny from parties concerned for its survival. Far from facing…

Almost a year ago, I made some predictions for what would take place in government and public sector customer…

Sheffield, Warrington and Doncaster announce cuts, Lincolnshire is held to data ransom, fight begins for West…

Working for an education charity delivering numeracy and literacy programmes in primary schools, I’m only…

Northamptonshire County Council recently received the maximum four star rating from Better connected after putting…

Historically, the entrance of new generations into the workplace has caused varying levels of disruption. The…

Following another commendation for digital services, Surrey County Council's Web and Digital Services Manager,…

We cannot carry on spinning the roulette wheel that is cyber security, knowing that the “castle and moat”…

This week David Cameron wades into row over £69m of cuts planned by Oxfordshire CC; Stoke on Trent plans…