Britain’s civil servants are starting to feel left out of the Government’s plan for defending the country against cyberattacks and fear its broader security philosophy lacks enough depth, a new survey has found.
Any survey of the people whose job it is to implement some of the Government’s cybersecurity initiatives was always likely to spot the odd reservation, but the gist of the views uncovered by Dods’ McAfee’s survey of 815 civil servants working mostly in central government roles is still bracing.
Six out of ten agreed that cybersecurity was a high priority for their department despite the fact that nearly half believed that knowledge of the area was not required in their own roles.
Data protection was mentioned as the main concern for 36 percent of respondents, followed by more technical worries such as DDoS attacks and SQL injection (17 percent each), with a surprisingly low 14 percent mentioning the threat from foreign governments, criminals and terrorists.
Turning to the Government’s own programmes and the levels of confidence took a sharp dive, with only 14 percent believing the shiny G-Cloud procurement system took enough consideration of security. The Universal Credit system scored even lower in terms of cubersecurity with 13 percent confidence levels.
These are surprisingly low numbers. Many civil servants appear to believe these programmes are not well enough defended from a range of threats, signalling qualms about the Cabinet Office's own more hopeful assessments of their purpose.
Meanwhile, 28 percent of respondents believed SMEs might be targeted for their involvement in the government supply chain, a figure that rose to 35 percent among those who considered themselves more knowledgeable on cybersecurity issues.
Overall, there was sometimes a lack of digital skills within the civil service that could be fixed with more development programmes, secondments from job roles and training courses, McAfee said.
“Civil servants are our nation’s first line of defence, yet current government policy does not appear to be providing them with the incentives nor the training required to fully address the challenge,” argued McAfee’s director of UK public sector strategy, Graeme Stewart.
“The results from this study are further proof that initiatives such as the Digital Government Security Forum (DGSF), designed to help counter specific cyber threats posed by digital service transformation by sharing best practice use cases across industry and wider public services, are needed,” he said.
According to McAfee, anecdotal evidence suggested that there were probably enough cybersecurity skills in the civil service but only among the less influential, lower grades of the organisation.
The service was also hamstrung by the ‘silo’ approach to security whereby different departments or initiatives took on the security challenge according to its own inclination.
A 2012 study, also promoted by McAfee, rated the Uk's preparedness in terms of global cybersecurity as being reasonably good when measured against 23 of its developed-world peers.