Public sector lacks data-security sense

Tom Espiner writes in Silicon.com:

A leading government advisor has heavily criticised low levels of awareness of security threats within the public sector.

Lieutenant general Sir Edmund Burton, a key advisor to the Cabinet Office on information assurance issues, said that with the exception of the police, defence and intelligence communities, public servants have little grasp of information security threats. “What keeps me awake at night is that, with some notable exceptions, across government there’s too little awareness of the scale and breadth of the risk facing us at the moment,” he said.

The government recently announced two sets of controversial plans around data use – plans to form the database for the ID Cards National Identity Register from three existing databases, and plans to relax data-sharing laws so government departments can share information more easily.

Phil Booth, national co-ordinator for the No2ID anti-ID cards campaign, said ordinary civil servants not having a grasp of security issues should “terrify” people. “That civil servants can’t even assess security threats beggars belief. They are proposing major new pieces of the critical national infrastructure. To say they don’t understand security should terrify anyone whose details are going to be on the system,” he said.