As all working within the arena will have noticed, the Cabinet Office yesterday released its cyber security strategy.
Whilst we of course welcome the Government’s move to implement the strategy, I am still concerned about whether the move will be robust enough to shift thinking and bring cyber security from the periphery to the core of national security considerations.
The power went out at Intellect HQ last week. No servers, no email, no phones and no coffee machine. The office ground to halt. Although it was nice to see people’s faces rising from their screens and hear the level of natter rise, it was a reminder of the hazards of national reliance on information infrastructure.
The UK is a net-enabled society. Our businesses are technology junkies, becoming ever more reliant on networked infrastructure as the years progress. And rightly so – with the use of technology we are have been able to develop our economy, improve our national health system, our security services and our police systems.
It was only yesterday I was reminded about the perils of national digitalisation whilst sat in an Intellect cyber threats group meeting. When you talk to people working in the security and resilience field, it really does drive home the importance of backing up our national move towards a digital economy with the correct processes and contingency plans to hold the system up when things go wrong.
And things really do go wrong. Hackers can bring down government websites and disrupt access to public services and power outages from manmade or natural disaster can bring businesses to their knees.
In January this year BERR and DCLG released their interim Digital Britain report. Intellect supports the move towards digitalisation and the benefits it can bring to citizens. But this move must not be made blindly – Government must consider that a move towards a digital nation means that appropriate security and resilience measures need to be put into place to ensure that new infrastructure is robust. Loss or denial of that infrastructure, whether intentional or accidental has a number of nasty consequences that can be mitigated with thorough scenario planning and appropriate security and resilience considerations. To be fully effective, security must be considered as an intrinsic part of the process, not simply an afterthought when things go wrong.
p.s title is reference to a Satnogold song about power outages - for a musical accompanyment to your blog reading please feel free to listen here
There seemed to be less suspicion amongst commuters on the London Underground this morning as the papers reported a slow-down in the spread of the Mexican swine-flu outbreak.
Having been party to discussions on pandemic flu in my role as Defence and Security Programme Exec, I knew that a full blown outbreak could be devastating. With only a third of workers off sick, business would grind to a halt, money would run out at cash points, supplies would run out at shops in under two days and hospitals would be overwhelmed. For the moment we have got off lightly, but pandemic flu remains at the top of the Governments security concerns, above natural disaster and terrorist attack.
So in one sense swine-flu can be seen as a blessing – it is a timely reminder of what could be, and a prompt for Government agencies, organisations, businesses and citizens to work together to prepare in earnest for a pandemic.
Some good work is being undertaken by business continuity experts and voluntary organisations to prepare for such eventualities, but as always, more must be done.
What is often forgotten, and should be addressed in the post swine-flu fallout is the use of technology to improve emergency response. As we have seen this week, timely information is key to directing emergency responses, and in the case of flu-outbreaks requires multi-agency, international communications. These communications are currently hampered by a lack of information standards, and any detailed testing or analysis of the adequacy of national and international information flows in emergency situations. Work must be undertaken with the technology community to ensure that in the case of a sustained pandemic outbreak, the right people have the right information to act in time to save lives.
As a newcomer to the criminal justice locale, with little previous knowledge of the history of police IT policy, the objectives of the new ISIS programme seem wholly sensible; an intelligent coordination of procurements across the 44 police authorities to drive efficiencies, a drive to improve interoperability and an overall objective to improve police productivity.
The power struggle between actors trying to implement cross-authority objectives and the 44 independent minded police authority chiefs persists, but must be overcome if the police are to embrace technological advancement, without digging themselves into an interoperability nightmare.
The idea of the re-use of information is a key objective emerging from the new police information strategy, with an emphasis on giving the public access to information, crime mapping and a focus on the public outcome. Although un-related, it appears that this tangential objective may serve to help the police forces drive efficiency and implement policy across the forces.
The public wants access to reliable and consistent information about how safe their neighbourhoods are, regardless of police authority boundaries. In the internet era, public services must learn to embrace technology, and really interact with the public to improve public services. And technological change will happen regardless of boundaries, the question is will the police be driven by technological change or will they drive the change themselves?