Can the public sector keep up with computer security?

Written by Professor Bill Buchanan on 9 July 2015 in Comment

Professor Bill Buchanan of Edinburgh Napier University offers his verdict following cyber attack on Edinburgh city council

At a first look, the hack involving City of Edinburgh Council reported earlier this week doesn't look too serious as there does not seem to be any passwords involved. All that has been revealed is email addresses, which can often be gained from other sources.

The only threat would be in spear phishing of users with council-related emails, but the users involved probably will be wary of any emails sent from the council anyway.

For councils, possibly they should learn from others with larger budgets. As with the US hack on OPM (Office of Personnel Management), the focus is increasingly on detecting the first signs of a hack and try and overcome it. Like it or not, this tends to be a human activity, running 24x7, and using advanced logging methods, which councils will struggle to afford.

Really, the public sector are struggling to keep up with the pace of increasing the integration of IT but in also properly supporting it. If the US OPM can't do it properly, the UK public sector will especially struggle.

For this amazing city, we have so many companies involved in computer security and we are building an infrastructure of Cyber Age companies. There thus needs to be more ways to share best practice to support all stakeholders and we hope to help with the development of The Cyber Academy, which is a place where everyone can share information.

No one domain can hold all the knowledge in this new information age and we must all work together to share best practice. The public sector needs it as much as any, especially in supporting the drive to get services online.

I had a case just the other day where I could change the address on my driving licence online, but if I want to change the address on my vehicle I need to fill in a form (and sign it - tut!) and send it back.

The UK and Scottish governments have targets of allowing citizens to get access to their health records by 2020, so the public sector will have to learn how to set up detection systems in order to stop large-scale data breaches, and hopefully share resources and intelligence.

This article is based on Edinburgh Breach - Can The Public Sector Keep up with Computer Security?, an article by Professor Bill Buchanan of Edinburgh Napier University.​



Related Articles

£90m city deal signed for Stirling and Clackmannanshire
31 May 2018

The deal will see investment in a digital district, environment centre and aquaculture innovation hub to create thousands of jobs

Nesta proposes public sector code of conduct for AI decision making
23 February 2018

Nesta has created a list of 10 principles it believes should define how government uses artificial intelligence and algorithms

Robots, connectivity and digital skills: progress on digital in Scotland
21 June 2017

With technology now permeating all aspects of life, there is a need for leadership as the public sector pushes to keep up with the pace of change

Related Sponsored Articles

Associate feature: 5 ways IoT is transforming the public sector
5 February 2018

Vodafone explores some of the ways IoT is significantly improving public sector service delivery

Associate feature: Who keeps your organisation secure?
19 February 2018

BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.

Share this page