Shock of the new

5 Apr 13
The government’s rush to put services online and get Whitehall tweeting fails to take account of the insecure and dated systems being used in the corridors of power

By John Thornton | 5 April 2013

The government’s rush to put services online and get Whitehall tweeting fails to take account of the insecure and dated systems being used in the corridors of power

Online Security, Illustration: Chris Dunn

There is often a conflict between embracing new methods of communication and keeping information secure. Take, for example, recent statements by civil service head Sir Bob Kerslake and Cabinet Office minister Francis Maude on encouraging social media across the civil service. They believe Twitter, LinkedIn, Facebook, YouTube and the like would help to open up dialogue between Whitehall, its staff and citizens.

Used well, social media are ways of communicating, consulting, engaging and making government more transparent and accountable. The emerging view is that these communication channels are likely to become as ubiquitous as email, with staff eventually needing to use some form of them as part of their work.

Unfortunately, many departments are running older versions of web browsers. This is often attributed to the need to access legacy web applications such as HR and finance portals.

Some of these older browsers, such as Internet Explorer 6, were released a decade ago and are either no longer supported or less well supported. They were also developed before the spread of social media. Consequently, they lack the ‘defence-in-depth’ mechanisms of modern browsers, which incorporate significant mitigations against many types of attack.  

These older browsers will also not support modern web technologies, such as HTML5, which are used increasingly to drive social media and other websites. Plus, some of the older technologies that are in place remain inherently insecure.

Constraints are also often placed on the use of video and audio streaming, primarily due to concerns about security and network bandwidth, both internally and in connecting to the Government Secure Intranet and the internet. These  limitations restrict participation in

web-based seminars, teleconferencing and training. Government departments and agencies can also be frustrated in their efforts to make even simple technical changes by the sometimes inflexible, risk-averse or costly arrangements in place with system integrators and ICT suppliers.

You can therefore imagine the responses of ICT managers and information assurance specialists to the security and operational implications of a call for greater and more widespread use of social media across the civil service; especially when you start to introduce questions about the use of mobile devices such as smart phones and tablets.

But they cannot just say ‘no’ to a policy that is being actively promoted by both the head of the civil service and the Cabinet Office minister.  

Fortunately, the Government Digital Service has published some very good advice on the use of social media by civil servants and ways of overcoming the technical barriers to accessing the technology. This seeks to build bridges between the aspirations for greater use and security concerns.

However, this is just an illustration of a bigger issue for government and the wider public services.  There is a commitment that government will become ‘digital by default’, redesigning its services to make them ‘so straightforward and convenient that all those who can use them will choose to do so’, thereby saving an estimated £1.7bn to £1.8bn a year.

Digital by default must also mean ‘trust and security by default’.  Services not only have to be well designed and easy to navigate, they also have to be easy to authenticate. Data and information needs to be secure, with high levels of privacy guaranteed via web or smartphone, while making it simple and convenient to complete transactions.  

Up-to-date and resilient security is integral to operating in the modern world.


John Thornton is the director of e-ssential Resources and an independent adviser and writer on business transformation, financial management and innovation.  [email protected]

Transparent

CIPFA logo

Did you enjoy this article?

AddToAny

Top