Data DangerCabinet Office Admits Holes in its Cyber Security
Amid its attempts to centralise Government data, Michael Gove’s department is exposed to cybersecurity incidents, Sam Bright reports
The Cabinet Office is exposed to a serious risk of cyber security incidents due to weaknesses in its IT systems, Byline Times can reveal.
The department’s recently released annual Report and Account admits there is “an ongoing risk of cyber security incidents within Cabinet Office due to the vulnerability of legacy IT systems.”
The Cabinet Office adds it is attempting to deal with this risk, and will review the problem following the conclusion of a KPMG cyber security audit that is due to be completed in the next few months.
The threat of cyber security incidents is ranked as an “inner ring” risk by the Cabinet Office – meaning that the department, run by Michael Gove, is directly responsible for sorting it out.
Putin’s Paradise
This vulnerability of Cabinet Office information is particularly concerning, given the recently released Parliamentary report into Russian interference in British politics. Finally exposed to the world on 21 July after a nine-month delay, the report states that since 2014, “Russia has carried out malicious cyber activity in order to assert itself aggressively in a number of spheres”. This has included a concerted attempt, bolstered by the support of “organised crime groups,” to hack and leak the official documents of foreign powers.
Indeed it has been reported that Russian actors hacked the email account of former Secretary of State for International Trade Liam Fox, obtaining classified documents relating to a trade deal between the UK and the US. These documents were reported on by the Telegraph (though, strangely, the day before the first point at which Fox’s email was allegedly hacked), and then widely publicised by Labour leader Jeremy Corbyn during the 2019 General Election campaign.
The hack was almost certainly initiated by Russian group ‘Secondary Infektion,’ which has been attempting to mould public opinion by sowing discord for at least six years, according to social media analysts.
Gove’s Data Grab
What’s more, the Cabinet Office’s cyber vulnerability is doubly concerning given recent efforts to concentrate Government data in the department. As catalogued by David Hencke for Byline Times, Gove’s department has undertaken an unprecedented data grab – attempting to centralise data in the Whitehall machine.
For example, just a few days after the release of the Cabinet Office Report and Account, Hencke reported on Gove’s seizure of data from the Department of Digital, Culture, Media and Sport (DCMS). All DCMS data will now be controlled by the Cabinet Office, while there are also reportedly plans for the department to create new databases for people with disabilities, and for black and ethnic minorities. A database of all the 200,000 people who need to be security-vetted every year will similarly be controlled by the Cabinet Office, after this function was transferred from the Ministry of Defence (MoD).
The Cabinet Office’s response to the DCMS data grab reveals its thinking: “This is about making sure that Government departments and the decisions they make are properly joined up. It will allow the Government to make the best use of data to deliver the best possible services for the people of the UK. It will enable cross-Government work to be carried out, ensuring data is managed ethically while providing clear accountability through one central Government department”.
This data hoarding has coincided with the rapid expansion of the department, as Gove and his Vote Leave ally Dominic Cummings attempt to concentrate Government power. The Cabinet Office Report and Account notes that the department now employs 8,000 people – a fourfold increase from 2015-16. This reflects “our position as the functional centre of Government,” the document states.
However, this rapid centralisation of data and power appears to have come despite significant cyber security vulnerabilities still existing in the department. In the past year alone, there have been two incidents of the department losing sensitive data, as acknowledged by the report. One of these incidents was so serious that it prompted a Cabinet Office review into how it handles and manages data.
You would be forgiven for wondering why the Cabinet Office hasn’t prioritised plugging data management and cyber security holes before aggregating massive amounts of sensitive data from across Government.
The Cabinet Office said: “We take the security of our IT systems seriously and where issues are identified, safeguards are immediately put in place to ensure that these are addressed.”