T: +44 (0) 1794 301052 E: info@ploughshareinnovations.com

Public Accounts Committee sets out recommendations to boost UK cyber defence

News and Views

If you have a specific media enquiry or would like to know more about Ploughshare and what we do, please contact us at:

Ploughshare Innovations Ltd.
Unit 2, Nine Mile Water Business Park
Nether Wallop, Stockbridge
Hampshire SO20 8DR
United Kingdom

T: +44 (0) 1794 301602

Connect with Ploughshare

Public Accounts Committee sets out recommendations to boost UK cyber defence

February 2017

The UK Public Accounts Committee (PAC) has laid out a series of new recommendations for the Cabinet Office to address the major failures revealed regarding the protection of Government data, with the improved co-ordination of cyber defence moves across the public sector being a main area of focus.

The six recommendations that have been made by the Committee were laid out in a new report analysing the ongoing protection of key Government information.

The PAC said in its report: "There is little oversight of the costs and performance of Government information assurance projects, and processes for recording departmental personal data breaches are inconsistent and dysfunctional.

“Poor reporting of low-level breaches, such as letters containing personal details being addressed to the wrong person, reduces our confidence in the Cabinet Office’s ability to protect the nation from higher threat cyber attacks,” the report added.

Traditional security boundaries have been blurred by an ever-increasing gulf between the public sector as a whole and central Government, the PAC said, with the threats of cyber crime and accidental disclosure of key information rising in line with this.

Indeed, every month in 2015, the UK Government Communications Headquarters was forced to deal with 200 national cyber security incidents that posed major threats to national security in the UK. This alarming figure represented a rise from 100 per month the year prior, it was confirmed by the PAC report.

The report read: "Concurrently, personal data breach reporting remains highly variable, with some departments recording thousands of incidents in the 2014-15 financial year and five departments recording none at all."

The PAC said that despite the opening of the National Cyber Security Centre (NCSC) at the end of last year, which aims to bring together all of the UK's cyber security arms, there was still much work to be done to protect the UK from future attacks. Indeed, the threat of cyber attacks has been in the top four major threats to the UK's national security since 2010, and the Government needs to try harder to consolidate its resources to fight this, said the Committee.

“The breadth of the NCSC’s role is considerable and it is still unclear which organisations from across the public and private sectors can call on the NCSC for assistance," the report said.

The PAC recommended that the Cabinet Office places more emphasis on informing and supporting citizens as well as all service users, and the public sector as a whole, as well as creating a far more flexible and clear approach for protecting all information across central Government and the public sector in its entirety.

Another issue is the lack of suitably skilled people within the security profession, said the PAC. Although a security profession was created back in 2013 by the Cabinet Office in order to develop professional learning routes for civil servants across the security sector, many skills gaps remain and the way in which to fill them also remains a work in progress.

The report said: "The Cabinet Office is also unwilling to mandate a minimum skills standard for departments in the security profession. It is planning to amalgamate 40 separate departmental security teams into four larger clusters, and has established the first pilot cluster, to better enable the sharing of scarce skills across central Government.”

The PAC report also recommended that the cost and performance of Government data security activities should be assessed on a regular basis against a series of baseline indicators in order to test whether the objectives are being met. Other recommendations included the Cabinet Office consulting with the Information Commissioner’s Office in order to work out best practice in reporting guidelines in order to make sure of consistent personal data breach reporting as of the start of the 2017-18 financial year.

A Cabinet Office spokesman said that it was already hard at work on the issue of security: “The Government has acted with a pace and ambition that has been welcomed by industry and our international partners right across the globe. Our comprehensive and ambitious national cyber security strategy, underpinned by £1.9 billion of investment, sets out a range of measures to defend our people, businesses and assets; to deter and disrupt our adversaries; and to develop capability and skills.”

Ploughshare licensed to APMG a Dstl developed cyber resilience assessment tool CDCAT in support of the UK governments Cyber Essentials Scheme.

Back to News and Views

Share this article