Geoff Connell tells Cyber Summit there is a need for a new approach in which security is ‘built in by design’
Cyber security professionals need to ease up on the fear factor and behave more like good lawyers in their sales pitches to public authorities, according to the current president of public sector IT association Socitm.
Geoff Connell (pictured) used the Local Government Cyber Summit in London last week to highlight the need for a new relationship between private sector experts and government organisations, pointing to an approach in which cyber security is built into services by design.
“In terms of the offer from cyber security professionals and the industry must evolve, it should be like a good lawyer in asking the customer what they are trying to achieve, then suggest how they can do it and the risks that are in the way,” he said.
“I think the cyber security experts need to help us design systems that are easy to use and easy to evolve. They need to understand what we are trying to achieve, recognise the threats involved and seek to diffuse them.”
Lawyer analogy
He outlined a handful of steps for information managers and cyber security advisors, beginning with a reference to lawyers: bad ones tell their customers what they cannot do, while the good ones ask what they are trying to achieve then suggest how it can be done in a risk aware and appropriate way.
This leads to a need to design systems that are easy to use with good cyber practice built in by design.
To get there cyber service providers need to move from a “fear sales pitch” to an evidence based approach, and help to develop the metrics to evaluate the risks and a proportionate response.
This includes making good practice the easiest thing to do. To make the point, Connell said that building a system that requires people to use a series of different and complex passwords is counter-productive, especially if they have to change them regularly.
Connell also said that the security fears around data sharing and cyber threats should not be whipped up to paralyse efforts to use digital technologies – such as cloud, online self-service and the internet of things – to modernise services.
“We can’t afford to ignore the opportunities to do more with less,” he said.