NAO criticises government data security

The National Audit Office (NAO) has published a report criticising the UK government’s approach to digital security.

The report highlighted that central teams and departments dedicated to protecting information were found to be operating without cohesion and governance.

The NAO report said: “None of the departments we interviewed understood the specific roles of the various bodies involved, making it difficult to identify any single arbiter of standards or guidance. The increased security requirements, for example around encrypting data, proved problematic and too costly for many local authorities.

"For example, many local authority staff used mobile digital devices that represented 'unsecured endpoints', potentially allowing unauthorised access to the PSN. Departments must report data breaches in their annual reports, but each organisation reports its breaches in different ways.

Amyas Morse, head of the National Audit Office added: “Protecting information while re-designing public services and introducing the technology necessary to support them is an increasingly complex challenge.

"To achieve this, the Cabinet Office, departments and the wider public sector need a new approach, in which the centre of government provides clear principles and guidance and departments increase their capacity to make informed decisions about the risks involved."

Meanwhile, a spokesperson for the Cabinet Office said: “The Cabinet Office conducted its own review of government security in early 2016 and many of our findings are consistent with the NAO report. So we are already well under way in strengthening oversight of information security by bringing together nine separate central teams into just two.

"We have also appointed the government's first ever Chief Security Officer to bring together all disciplines of government security under central leadership.”