The Government’s defences against cyber-attack have “matured” but a lack of resources, inexperience and management weakness has meant that there is still a lot of work to do, its official watchdog has found.
Comptroller and Auditor General Lynn Pamment has turned her attention to the Government’s Cyber Security Programme, which was launched in late 2019 and due to be completed with two years.
Although covid delayed the first year-long ‘tranche’ of work by around six months, Mrs Pamment found that the slippage could not be put down solely to the pandemic.
Shortage in “internal” resources, the inexperience of some key stakeholders and “weaknesses in management of interfaces and dependencies,” was also to blame, she concluded.
Mrs Pamment also found that there needed to be more communication from leaders and more effective processes around planning and prioritisation.
Pictured: C&AG Lynn Pamment.
She makes a number of recommendations, including that workshops are regularly held to prioritise work and there is better documentation of decisions.
She said: “Tranche one of the Cyber Security Programme has been delivered in a challenging environment, as the pandemic changed operational priorities and stretched resources across the Government.
“Cyber security maturity has increased across all operational areas covered by the tranche one workstreams.
“However, delays to the CSP cannot solely be attributed to the effects of the covid pandemic and the associated restrictions and changes to operational priorities.
“The success of large transformation projects is reliant on effective prioritisation, communication and engagement.
“The CSP has implemented communication pathways with business units across Government.
“However, the prioritisation of transformation programmes and projects and of the interdependencies between concurrent transformation programmes and projects could be further improved.”
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.