Public sector security put to test

Government to start trials of open source technology to bolster network security

The government announced yesterday (Wednesday) that it is testing a security architecture intended to bolster protection of public sector IT systems from hackers and security breaches.

Steve Marsh, director of the Cabinet Office’s Central Sponsor for Information Assurance (CSIA) division, says tests of the Mandatory Access Control system will begin next month.

Marsh says the technology could play a key part in securing shared public sector IT systems and national projects, such as the £6bn NHS National Programme for IT (NPfIT).

‘The ways of delivering services across the government sector are becoming more complex and span departments,’ he said.

‘Traditional security models don’t support that because they are based on building walls around the systems.’

The Linux-based security architecture, developed by IBM, will be piloted first at County Durham and Darlington Acute Hospitals NHS Trust next month.

If successful it could be rolled out across the public sector and support the government’s transformational programme.

‘It will enable us to deliver more services more quickly, and will provide assurance that zero-day exploits can be constrained,’ said Marsh.

Although the government already uses such technologies to secure military and secret-service communications, the systems are often bespoke, have reduced functionality and are expensive and difficult to deploy to large projects such as NPfIT.

‘Where possible we want to use commercial products, and this technology offers full functionality that bespoke systems often cannot,’ said Marsh.

‘The technology will also offer confidence that if there is an attack on an application, then there is a safety net.’

If a hacker does manage to compromise one application, they will not be able to gain access to other parts of the network, says Marsh.

IBM will work with IT suppliers Tresys Technology and Belmin Group to pilot the system in County Durham.

Malcolm Preston, associate director of procurement at County Durham and Darlington Acute Hospitals NHS Trust, says the development of secure systems is vital for public sector IT.

‘As a trust and as a member of a supplies consortium, we procure more than £160m worth of goods and services per annum electronically, and so robust security is essential,’ he said.

What do you think? Email us at: [email protected]