New Public Services Network CTO aims to make PSN less complicated
James Duncan admits PSN is difficult to understand and that the current compliance regime is 'fraught with problems'
The new Public Services Network (PSN) chief technology officer (CTO), James Duncan, wants to clarify what the network's role is and expand its user base.
Duncan, who became CTO in October 2014 after a stint as a senior technical adviser at the Cabinet Office, said that he had been told many times that something needs to change with the Public Services Network.
"It's been difficult to understand what the PSN is, what it does, and what it could do. Partly because it hasn't been well communicated, but also because it's been a difficult thing to understand. Is it a network? Is it a group of people? A set of standards?
"The ‘what' has been as complicated as the ‘how'," he said.
Duncan said the simplest way to describe the network was as "the government's high-performance network".
He believes that there should be a stronger focus on "the user need". He said that roughly 380 local authorities rely on the PSN to conduct their business, but suggested that in the past the PSN had "focused on [central government departments] at the expense of many city, district and county councils that make up the majority of [its] customer base".
Duncan suggested he wanted this to change, and for the PSN to also be used by schools, doctors' surgeries, pharmacies, emergency services, hospitals and charities.
The PSN will be changed to accommodate the new government security classification system, as the current PSN is designed to operate within the old protective marking system, said Duncan - suggesting that it wasn't a completely future-proof network in the first place, and that it needs to be altered accordingly.
Another change that he wants to make is to make the PSN "one network".
"The PSN has been two networks, one suitable for what was once called IL2 traffic, and another suitable for data at IL3. However, now both only carry official traffic. This has left us with the question of what the user need is for the ‘protected' network, as what we really need is one PSN," he stated.
His team is talking to suppliers, customers and stakeholders on how best to achieve this.
Another focus for Duncan and his team is to make accreditation and compliance less challenging for users.
He admitted that the compliance regime for customers wishing to obtain a connection to the PSN is "fraught with problems".
"It is costly to implement, for those attempting to comply with the requirements and for the PSN team to assure. It is time-consuming, and complex, and most important of all, there are circumstances where we may not be as aware of the status of security as we should be," he said.
The PSN team is therefore evaluating alternative certification schemes such as Cyber Essentials to help to reduce the burden for customers. It is also changing its accreditation procedures to be more in line with G-Cloud and the Cloud Service Security Principles.
Finally, Duncan said that the team has acknowledged that the majority of customers wishing to connect to the PSN already have internet connections.
"We're creating an option for connectivity that allows customers to connect using suitable encryption, via the internet.
"This will broaden the accessible market for suppliers and increase the number of consumers on the network," he said.