The Stuff of Nightmares
Ronald Reagan once said ‘The nine most terrifying words in the English language are: I’m from the government and I’m here to help.’
Whatever your politics, when the American government decides to spend $2B of taxpayers money on helping, it’s probably something important. In this case it’s cyber security. The Senate have now passed Joe Biden’s big infrastructure bill and assuming it makes its way back through the House largely unchanged – far from certain, it will see £1.9B being made available to secure national critical infrastructure, of which the majority will go to local government.
Senator Maggie Hassan from my adopted home State of New Hampshire said: ‘A cyberattack on a state or local government network can put schools, electrical grids, and crucial services in jeopardy. Even though cyberattacks are becoming more and more common in today’s threat landscape, state and local governments often do not have the adequate resources to defend against them. This new grant program will be a crucial resource for state and local governments…’
Our public services have become utterly reliant on technology, which has (or should have) significantly increased speed and quality of service. It has also driven huge costs savings. I had a job in local government over 30 years ago in which not only did I not have a computer, but my boss nor bosses boss nor bosses bosses boss didn’t have one either. The only computer was in finance…. and I still got asked to help fix it.
We have adopted all the benefits of technology and wilfully taken many of the operational savings, whilst complaining how expensive IT has got. In fairness I should note that we’ve also shouldered the burden of huge failed projects, projects that delivered late, or projects that cost far too much. That’s misery of the world of IT. On balance though, I hope the benefits have significantly outweighed the disadvantages.
The public sector in the UK is facing an unprecedented level of cyber threat. Almost as fast as you can close one door, somebody levers open another. For both the amateur and professional criminal alike, let alone sovereign states, the potential upside is huge and the downside pretty much negligible. If you held up a local government cash office (in the days when local government still handled cash) you’d likely be caught and go to prison for quite a long time. If you hold up a local authority now – as happened not so recently at Hackney and others, the odds are that whilst the authorities might be able to figure out who did it, they almost certainly won’t be brought to justice. There’s little incentive for the bad actors not to try.
I don’t know what the UK government are spending on local government cyber defence but, the Hackney article referenced above suggests £50m. By head, of population, that’s about 75p a person. In contrast, the US investment, if approved, will be closer to £2.21 a person. I don’t know what the right number is, but having run headlong down the digital path, turning almost everything we do into 1’s and 0’s, spending appropriately to protect our ability to keep delivering public services in the face of a fast growing threat feels like exactly the sort of help you’d expect from government. Unless perhaps you are Ronald Reagan.
Lest anyone think I’m suggesting the American way is better rather than simply different, let me restore some balance. With half my working life spent in the States, I’ve found a balanced view to be important. In the same infrastructure bill, the Senate have agreed to fund the Office of the White House National Cyber Director. That post was appointed in June but with no funding – no one will get everything right.
Giles Letheren, Chief Executive Officer