Executive summary
We've all been affected in some way by the digital revolution. Across the world, there are now nearly two billion internet users and over five billion mobile phone connections; every day, we send 294 billion emails and five billion SMS messages. Government departments collect and process vast quantities of data every day. Without it, they would not be able to deliver the essential services that millions of their citizens depend on. If the data were to be altered or lost, the impact on the department - not just in terms of financial costs - could be significant.
Cyber criminals and other adversaries have come to appreciate that good money can be made in selling personal information, policy details, economic forecasts, or in disrupting essential services and infrastructure. And government IT estates, with their convoluted array of applications, platforms and systems, are vulnerable to attack. Numerous signature-based detection and endpoint security solutions – such as anti-virus software and firewalls – struggle to contain the widening array of cyber risks and process a growing volume of security data. While the owners of individual IT systems or online services may claim that they are well-protected, in reality the security is disjointed at the organisational level. Overall, current protective monitoring approaches tend to be an ineffective, inefficient, expensive patchwork.
Moreover, while conventional attacks on computer networks and data – such as spam, viruses and 'phishing – are reportedly continuing to explode in number, more sophisticated attacks are on the rise, too:
– Cyber crime – in the form of online fraud – is costing the Government billions of pounds a year.
– Sensitive information is also being targeted through cyber espionage.
And unlike the more conventional attacks, these types of cyber attack are more targeted, more persistent and, ultimately, more successful. Public sector organisations have to face the facts that not only are they being targeted but, inevitably, some of those attacks are going to get through their current defences. As a consequence, with their current IT security arrangements, most organisations are inadequately prepared to detect and respond to the very wide spectrum of possible cyber intrusions and incidents that exist. Changing from a set of stove-piped security solutions to an effective, efficient and inexpensive protective monitoring capability is an imperative.
Protective monitoring solutions for government need to match the full extent and severity of the threat in the context of the operational environment in which protected systems sit. They need to be capable of dealing with large volumes of non-specific, untargeted malware and accidental policy violations as well as high-impact 'advanced persistent threats' and malicious 'insider' activity.
