Getty Images/iStockphoto

Reliance on PSN may have exacerbated cyber attack impact

As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks

The UK government’s Central Digital and Data Office (CDDO) has tendered for a supplier to assist in the long-anticipated and inevitably delayed migration of the public sector off the Public Services Network (PSN), saying that delays and complexities of the project had exposed key systems to increased risk and may have exacerbated the impact of cyber attacks on the sector.

In the tender notice, CDDO said that despite its previously stated desire to have had most organisations exiting the PSN by March 2021, nearly 18 months on there are still 484 public sector bodies connecting into core business applications over the PSN.

According to CDDO, this means that both service providers and public sector bodies are “entirely dependent” on legacy, insecure and poorly performing network architectures in their day-to-day work.

“Organisations are exposed to any performance or security issues from a network that was first introduced in 2008,” said CDDO in the notice. “With little to no transparency on use or cost, they are also forced to continue to pay inflated charges to a small group of PSN suppliers.

“Departments have to wait months to set up network connectivity on the PSN, causing delays in onboarding any new services.

“The delays and complexity of implementing these changes risks extending the life of existing legacy systems, exposing departments to unnecessary risks and, as a result, increased support costs. Cyber attacks in Redcar & Cleveland (total cost of £10.4m) and Hackney (total cost of £10m) are recent examples of what could happen if the PSN is overlooked again.

“With the entire platform operating on an MOU [memorandum of understanding] rather than explicit insurance policies with defined service-level agreements [SLAs], there is no obvious course of redress, rendering government services unusable.”

The PSN framework was launched over a decade ago as a means through which the public sector could source network and comms services and cut costs. The government signalled its intent to move public sector bodies off the PSN in January 2017, when GDS decreed that the internet was good enough to support the vast majority of the work that government does.

Read more about public sector IT

In September 2020, it said the PSN could be shuttered for good “as early as 2023”, although, at the time of writing, this timescale is clearly no longer achievable.

CDDO wants to engage a supplier that can enable PSN-reliant bodies to adopt up-to-date connectivity that enables them to migrate off PSN for good, while strengthening their overall network security posture.

The resources to do so will be hosted on a public platform and are to include network architectural patterns and technical documentation, guidance, website content, case studies and direct engagement. All of this should ultimately be available through the PSN pages on gov.uk.

The requirement will be to support organisations moving through the Future Networks For Government (FN4G) – the Cabinet Office programme set up specifically to help wean the public sector off PSN.

FN4G has already identified alternative solutions that improve both security and performance while accessing legacy networks, so by opening FN4G up to all, CDDO hopes to ensure the remaining PSN users can still get the best value for money from their PSN connection, and simplify the process when the time comes to migrate their applications away for good.

Read more on Network security management