The COVID-19 pandemic has placed a huge strain on the UK state, and while the response has demonstrated some of the great strengths of public services and machinery of government, it has also exposed some of the biggest flaws. So says a think tank which is reporting on the theme of ‘Resilient State‘.
Covid-19 has accelerated the digitisation of public services in the UK, which while positive, poses an increased cyber risk, says Reform. Covid has also accelerated the use of remote working tools and multi-agency working, which potentially exposes the public sector to more vulnerabilities. While the UK is world-leading when it comes to cyber security policy, without sound infrastructure, investment in maintaining or updating that infrastructure, and a cyber-aware workforce, there is a threat of large-scale damage both to the UK public sector and wider society, a report warns.
For the full 30-page report, ‘resilient public services in an age of cyber threats’, visit the Reform website.
Ideas for reform by the think-tank include:
The UK official National Cyber Security Centre (NCSC) should conduct an audit of existing Warning Advice Reporting Points, where public sector professionals can exchange information about cyber threats, to identify the best structures and practices that could be extended nationwide. This audit should include an assessment and subsequent provision of the necessary funding to finance these local-knowledge-sharing hubs.
The NCSC should increase the capacity of and mandate attendance to their cyber security training courses to anyone working in the public sector handling sensitive information.
Government departments should, with the Centre, identify jobs that require a level of training in cyber security and change the job specification to reflect that. They should then prioritise opportunities for candidates who have those qualifications or create career pathways for those willing to complete that training. This would help improve the skills gap.
The UK Government National Cyber Security Strategy should explore the possibility of having a yearly random cyber security audit of local public sector bodies. These should be carried out by Government departments and statutory bodies in charge of cyber security policy. This will reveal adherence to standards at a local level, highlight reasons for non-compliance and improve knowledge of what works.
The NCSC should work on a kitemark of cyber secure products to help with procurement of new technology.
An online event heard that it’s imperative that the next National Cyber Security Strategy, due in 2021, responds to this increased threat by seeking to develop skills and target investment to secure the public sector’s digital infrastructure.
