Former government deputy CIO Bill McCluggage has hit out at the way the government approaches cyber security, describing the pace of change as "glacial".
At a time when cyber security is high on the international agenda, with sophisticated and possibly state-sponsored malware attacking critical national infrastructure around the world, it appears the government is not doing enough to ensure the UK's security.
"Security change happens at a glacial pace in government," said McCluggage. "The systems that the government deploys are generally big and brutish [which makes them slower to implement]."
McCluggage, now advisory technology consultant at information infrastructure firm EMC, explained that cyber criminals will benefit most from the inertia, while the UK economy suffers. Prime minister David Cameron claimed in November 2011 that cyber crime costs the UK economy £27bn per year.
"You're going to create an opportunity for fraudsters if you're not rapid in the way you deploy countermeasures in depth," said McCluggage.
He added that government IT is habitually an extremely risk-averse environment, which makes it unwilling to adopt newer technologies, and evolve at the same pace as the private sector.
This problem was compounded by HMRC's experience in 2007, when it lost the child benefit records of 25 million UK families.
"Nobody in government will reward people for taking a risk. Any estimate could be applied to what HMRC had to invest [after it lost the child benefit data]. Certainly hundreds of millions of pounds of investment went into training alone, and the chairman resigned," said McCluggage.
"So where is the incentive for an organisation to move and act quickly, and take risks, in the public sector?"
He added that this problem is even worse in security, which is largely driven from a risk-averse perspective.
"IT in the past put up big firewalls and defended its perimeter in an effort to keep nasty people out, and those times have changed."
[Turn to next page]
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed