Sascha Giese, Head Geek™ at SolarWinds
By Sascha Giese, Head Geek™ at SolarWinds
Trust underpins the foundations of modern and legitimate democracies. From civil safety and national security to upholding the rule of law, trust is vital if we’re to function as a society.
Get it right, and public trust can become the cornerstone of a working contract between citizens and government. Get it wrong, and the erosion of public trust can undermine a government’s ability to implement and carry out policy.
And when it comes to digital transformation within the public sector, nothing is more important than trust and security.
It’s an issue discussed at length in an independent report—Addressing trust in public sector data use—published by the Centre for Data Ethics and Innovation (CDEI) in 2020.
Although it’s a couple of years old, its findings have helped to shape opinion and crystalise thinking on these important issues.
Data privacy and systems security underpin trust
For instance, according to the report, “The sharing of personal data must be conducted in a way that is trustworthy, aligned with society’s values and people’s expectations. Public consent is crucial to the long-term sustainability of data-sharing activity.”
In other words, people have to be confident their personal information is being given the same protection as, for example, a bank might provide in storing people’s money and savings.
Elsewhere, the report recognises the importance of security when dealing with people’s personal details.
“Sharing sensitive data requires high levels of security, which are hard to meet when data is often managed in legacy systems,” it said. “It is particularly challenging when sharing across organisational boundaries, where each side may have different requirements for the security of their data and no shared infrastructure.”
Fast forward two years and the sage words of the 2020 report are once again brought into sharp focus following August’s cyberattack on the NHS. The breach—which disabled key digital services—is yet another timely reminder about the importance of data privacy and security.
Security breaches chip away at public trust
In the immediate aftermath of the attack, IT teams were focused on their response to the incident as they sought to restore systems and shore up defences. However, for those charged with pursuing the broader policy around public sector digital transformation, the attack likely raised concerns about the potential long-term damage to public confidence.
After all, IT systems aren’t bulletproof. There’s no such thing as 100% security. It simply doesn’t exist. So, while the best security systems, processes, and protocols may be put in place, it’s also essential to have reactive procedures in place should the unthinkable ever happen.
After all, what governments need to keep uppermost in their minds is the information they’re dealing with isn’t theirs—it belongs to citizens. If someone steals my credit card details, I can always block the card. And if bad actors have used it to buy some personal electronics or clothes, I’d like to think my bank would refund the money. But if my personal details are stolen due to a security breach at the tax office, the government isn’t going to refund my identity.
When it comes to responding to an attack, the advice couldn’t be clearer. Organisations need to be open and transparent.
Maintaining trust is key to responding to cyberbreaches
This is something about which I can speak from personal experience following the much-publicised security breach which involved SolarWinds. Not only did we follow this policy of openness, but we’re also using this experience to shape the way we run our business.
Today, if there’s the merest hint of a security issue, we use such events to train our people within our organisation, so they know how best to respond to an incident. By doing so, we can optimise our responses and rehearse protocols—such as who to reach out to—regardless if it turns out to be a false alarm.
But there’s still more to be done. And this includes closer cooperation between the private and public sectors.
On matters concerning security, the information flow is expected to come from private companies to the government. However, at SolarWinds, we believe this should be a two-way street—data sharing about such attacks should also flow from the government to private enterprises.
If this can be achieved, I’m convinced it can go a long way in helping to build trust and mitigate threats. After all, it’s only by learning the lessons of past attacks and implementing new protocols that we can hope to keep IT systems secure, protect people’s data, and maintain trust.
Recent Comments