Can the public sector keep up with computer security?

Written by Professor Bill Buchanan on 9 July 2015 in Comment

Professor Bill Buchanan of Edinburgh Napier University offers his verdict following cyber attack on Edinburgh city council

At a first look, the hack involving City of Edinburgh Council reported earlier this week doesn't look too serious as there does not seem to be any passwords involved. All that has been revealed is email addresses, which can often be gained from other sources.

The only threat would be in spear phishing of users with council-related emails, but the users involved probably will be wary of any emails sent from the council anyway.

For councils, possibly they should learn from others with larger budgets. As with the US hack on OPM (Office of Personnel Management), the focus is increasingly on detecting the first signs of a hack and try and overcome it. Like it or not, this tends to be a human activity, running 24x7, and using advanced logging methods, which councils will struggle to afford.

Really, the public sector are struggling to keep up with the pace of increasing the integration of IT but in also properly supporting it. If the US OPM can't do it properly, the UK public sector will especially struggle.

For this amazing city, we have so many companies involved in computer security and we are building an infrastructure of Cyber Age companies. There thus needs to be more ways to share best practice to support all stakeholders and we hope to help with the development of The Cyber Academy, which is a place where everyone can share information.

No one domain can hold all the knowledge in this new information age and we must all work together to share best practice. The public sector needs it as much as any, especially in supporting the drive to get services online.

I had a case just the other day where I could change the address on my driving licence online, but if I want to change the address on my vehicle I need to fill in a form (and sign it - tut!) and send it back.

The UK and Scottish governments have targets of allowing citizens to get access to their health records by 2020, so the public sector will have to learn how to set up detection systems in order to stop large-scale data breaches, and hopefully share resources and intelligence.

This article is based on Edinburgh Breach - Can The Public Sector Keep up with Computer Security?, an article by Professor Bill Buchanan of Edinburgh Napier University.​



Related Articles

Robots, connectivity and digital skills: progress on digital in Scotland
21 June 2017

With technology now permeating all aspects of life, there is a need for leadership as the public sector pushes to keep up with the pace of change

The digital defenders: Some of the key players in Scottish public sector ICT
21 June 2017

A snapshot of people in this sector, we hope it gives an insight into how strategically important technology is now to Scottish public service delivery.

Tech 100: 'Whether we like it or not, we may all soon become obsolete unless we shift too'
20 March 2017

Charlie Anderson, Head of ICT for Fife Council, on what automation and machine learning will mean for the public sector in the not too distant future

Share this page