Outdated government tech increases cyber threats

Fraser Sutherland, Head of Government & Education at Maintel, discusses the surge in government tech spending and how to protect your organisation against future cyber threats

A digital revolution is underway. More and more organisations are opening their eyes to the merits of modernisation, exploring new technologies to help drive efficiency, keep connected and cut costs. This is true not only in the private sector, with public institutions just as eager to reap the rewards of digitalisation.

The UK Government, one of the country’s largest public-sector employers, has spent millions of pounds expanding its digital repertoire in recent months, new research indicates. While this undoubtedly is a good thing, it’s vital that rapid technological expansion is matched with a heightened awareness of cybersecurity, ensuring systems are protected against the latest threats.

Government digital spending on the up

Keen to understand the scope of the government’s digital ambitions, Maintel submitted Freedom of Information (FOI) requests to a number of Whitehall departments. The responses we received back reveal an unmistakable desire to harness the potential of digitalisation.

The Department for Business, Energy & Industrial Strategy (BEIS) alone spent almost two million pounds on laptops and smartphones last year. Some 1,216 mobiles were issued to departmental staff in 2020, with 1,557 computers or laptops also added to circulation.

BEIS wasn’t the only one tooling up with new tech. A separate FOI request revealed that the Cabinet Office — the nerve centre of government-supplied a record number of smartphones in the final quarter of last year, 1,607 devices in total, almost 50% more than the same period twelve months earlier. Laptops and tablets also saw a significant bump — not far off 7,000 were allocated during 2020.

At the Department for Culture, Media and Sport (DCMS), staff equipment is also getting an upgrade. Between September and December last year, bosses spent more than a quarter of a million pounds on the new digital kits, including hundreds of smartphones.

Hybrid working is here to stay

We can see that, right across government, a digital transformation is underway. While this impetus predates the pandemic, the work-for-home culture that COVID-19 necessitated has evidently sped things up.

In keeping with most other sectors, the civil service can expect a high level of hybrid homeworking long after the crisis has passed. A progressive step, many would say; but one that requires an even greater commitment to technological innovation — as well as a deep understanding of global cybersecurity concerns.

On this front, it appears that there is some work to be done. A recently released independent report on the state of government’s digital infrastructure shared plenty of positives but highlighted a fair number of frailties too.

Legacy systems are still an issue

The government is investing heavily in its IT infrastructure — to the tune of almost five billion pounds annually. This spending has, in many cases, borne fruit: the rapid implementation of the NHS coronavirus testing service and the successful launch of the government’s furlough scheme application portal, for instance — two projects singled out for praise by the report.

That’s the good news. Less promising is that almost half of annual tech expenditure — £2.3 billion — goes on shoring up old and mostly obsolete legacy systems, some of which date back decades.

This is potentially problematic. Modern computing systems are data-based, drawing on huge pools of information to speed up sluggish organisational processes. Older IT infrastructures struggle to leverage data effectively, reducing efficiency and holding back progress.

Though a number of government departments collect and store large volumes of data, the report concludes that they make very little use of it. As one senior staff member said: “my biggest surprise when I arrived was how little we do with our data”.

And that’s not all. According to the report’s authors, some government digital services “fail to meet even the minimum cybersecurity standards”. Moreover, unlike most leading private or public sector organisations, the UK Government appears not to be carrying out routine inspections of its IT infrastructure — failing to keep tabs on system uptime, the number of attempted cyberattacks, adoption metrics, cost and efficiency performance, and the progress of major development projects. This is perhaps a reflection of what the report describes as a “relatively under-developed level of digital expertise” among senior government officials.

Cyber vulnerabilities across sectors

Keeping on top of digital obsolescence is a challenge facing all organisations — particularly those with large technological estates. Older systems are often costly, insecure, and lack reliability, while new solutions offer high levels of security, productivity, and flexibility.

Upgrading seems like a simple decision, but understanding precisely what sort of IT is required isn’t easy. Navigating new systems and equipment, capitalising on the benefits that they can bring, demands a certain level of digital leadership. If an organisation lacks this expertise internally, it must be brought in from the outside.

This is particularly true with respect to cybersecurity. Last year was the busiest on record in terms of cyberattacks, with hacks on UK firms surging by some 20%. Staggeringly, British businesses were targeted almost 700,000 times in 2020, with digital incursions occurring once every 46 seconds.

Things haven’t been any easier in the public sector. Hackney Council in London and Redcar and Cleveland Borough Council in Yorkshire were both hit by major ‘ransomware’ attacks earlier in the year, disrupting public engagement and costing tens of millions of pounds to rectify.

It’s to avoid these sorts of setbacks that organisations, both public and private, must keep their digital estates up-to-date; leveraging new technologies that drive productivity and keep systems safe.