TechNEWSworld

Governments need to increase their efforts to protect them from cyber attacks

 

There's no question that governments from all over the world drastically need to increase their efforts to protect them from cyber attacks, DDoSs, viruses and other numerous mischiefs.
A scathing parliamentary report into UK.gov’s information security general practices has called for the government to immediately step up its efforts to protect Britain from cyber attacks in the face of today’s chaotic and unpredictable events emanating from the internet.
The strong criticism is published today in the Public Accounts Committee’s report on Protecting Information Across Government, which follows a similar report in mid-2016 from the National Audit Office that slammed the Cabinet Office’s continuing failures to organize central government’s approach to internet security.
These two official reports have found that the Cabinet Office has failed in both its duty and oversight to fully coordinate and lead government departments’ efforts in protecting government data.
According to the PAC, there is “little oversight of the costs and performance of government information assurance projects, and processes for recording departmental personal data breaches are inconsistent and dysfunctional.”
Meg Hillier, chair of the PAC, said today-- “Government has a vital role to play in cyber security across society, but it needs to greatly ramp up its strategy. Its approach to handling personal data security breaches has been chaotic at best, and doesn't inspire much confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks. The threat of cyber crime is ever-growing, yet daily evidence demonstrates that Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure,” Hillier asserted.
In this context, it should concern us all that the Government is struggling to ensure its security profession has the skills it needs. Leadership from the centre of government is inadequate and, while the National Cyber Security Centre has the potential to address this, practical aspects of its role must be clarified quickly.
“Government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support,” the committee chair concluded.
Where there were formerly “at least twelve separate teams or organizations” with information security duties within the centre of government, many of these have now been amalgamated within Britain’s new National Cyber Security Centre.
Launched in October of last year, the NCSC will offer guidance to all, and has promised businesses that it would not inform the Information Commissioner's Office of any data security breaches they had suffered.
This is at odds with the PAC’s report, which complains-- “Poor reporting of low-level breaches, such as letters containing personal details being addressed to the wrong person, reduces our confidence in the Cabinet Office’s ability to protect the nation from higher-threat cyber attacks.”
There are “major and unexplained variations in the extent to which individual departments report security breaches,” the report continued. “In 2014 and 2015, the seventeen largest departments recorded a total of no less than fourteen data incidents that they considered reportable to the Information Commissioner’s Office, and recorded over 8,980 non-reportable incidents. Of the 8,981, Her Majesty’s Revenue and Customs recorded 6,038 (67 percent) and the Ministry of Justice (MoJ) 2,798 (31 percent).”
To say that this is an issue would be an understatement. The remaining fifteen departments recorded under 2 percent of the total data breach incidents, with the Department for Work and Pensions (DWP) recording no non-reportable incidents at all.
We are aware that numerous low-level security breaches do occur daily, such as letters containing personal details being addressed to the wrong person. However, these are not consistently recorded as data breaches.
Various departments with a high reporting rate are likely to be better protected because they have developed a reporting culture to allow early identification of security threats.
Finally, it recommended that the Cabinet Office “should consult with the Information Commissioners’ Office to establish best practice reporting guidelines, and issue these to departments to ensure consistent personal data breach reporting from the beginning of the 2017-18 financial year.”
Source: Britain's National Audit Office.