Cyber Defence Announcements

It looks like it’s getting through that IA needs to be taken seriously. In the last two days I’ve heard articles on Radio 4 about hacked wireless and GCHQ announcements on Cyber attacks. If John Humphreys is grumpily enquiring on a topic, that means we have properly arrived.

An article in The Guardian here: http://www.guardian.co.uk/politics/2010/oct/13/strategic-defence-review-cyber-security is a signpost to where this is going. There are two streams to this to my mind.

Stream One is that in the post-CSR world, where it is a logical extrapolation of today’s world that Government services will be increasingly provided online to enable citizen self-service, the defence of UK Government systems have never been more critical. Your average home user is being encouraged to engage with Government online, and badly protected home computers offer a real and continued threat. I am a big advocate of clear and simple guidance being offered to home users, as well as to business and .gov.uk organisations, as to how their diligence can help combat the increasing cyber threat. Microsoft has just issued a report on the levels of infection worldwide http://www.bbc.co.uk/news/technology-11531657 and frankly, this has a direct effect on the execution of the e-Government agenda. Mirroring the increase in publicity around national security and threat levels in the physical world, UK Government should be offering better publicised advice to citizens about the cyber-threat levels, for the good of both communities.

Stream Two is that Government needs to not be shy about IA. Spending needs to be maintained, and IA professionals more prized within Government. Initiatives such as G-Gloud and PSN should have security as their number one consideration. Doing things as cheaply as possible disappeared from the lexicon of procurement a while ago, but I detected a hint of it returning recently. I genuinely thought the era of viruses as news had gone, but it just plain hasn’t. My advice? Slacken up on IA at your peril. Nobody is going to use e-Government services if the websites have been hacked or Local Authorities have been taken out for a few days by a virus. This means increased transaction costs, which reduces expenditure on frontline services.

This isn’t a tenuous link: security = confidence = reduced transaction cost = saving money

PS Happy Birthday to The Lady!

Advertisements

About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in CSR, Efficiency, Security, Viruses. Bookmark the permalink.

3 Responses to Cyber Defence Announcements

  1. Jacqui says:

    I am leaving a really nice comment
    (now come and clean my car…)

  2. Ed Kennedy says:

    Graeme, well said. Customer confidence is a key performance indicator for any organisation. This particular kpi relates to enterprise risks (cost management) that is itself pegged to a strategic objective (provision of services). My humble experience of government organisation is that they lack this view and revert to security as a simple (IT) operational risk….hence the points you make on government procurement.

    The other major stumbling block that many government organisations will likely have is their ongoing outsourcing of IT services. These outsource providers will often be squeezed so hard on the cost of managing services that they will have little or no resource for providing kpi & kri data … and where that kpi &kri management information is provided it is unlikey to be actionable information.

    You are spot on in what you say. The key to resolution is at executive level; where processes, risks and controls are reviewed in the context of the strategic objectives of the organisation.

    • Thanks Ed (and good to hear from you). Looking at it from a vendor perspective, the challenge is actually being made simpler by the CSR process – its all about saving money. But (thankfully) the announcements on cyber defence will not allow service levels/security performance to dip. The worst case scenario was reduced cash/acceptance of poor performance but I think we can say this is not the case (or at least not the intention). The key is how the new investment will be made. Chucking cash at software isnt the answer although I know plenty of vendors will happily settle for this. They key is joined up policy and awareness, coupled with strategic investment in product IN THAT ORDER. If the vendor community does not engage, consult and advise correctly, we will ruin our image once and for all, and miss our opportunity to sit at the top table adding proper value.

      Lets just say its a once in a generatiopn opportunity for the IA Vendor community to make a difference, and I fervently hope we collectively take the opportunity that is offered

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s