GPSJ Autumn 2024 ONLINE - Flipbook - Page 39
IT & IT SECURITY
GPSJ
A Dual Approach to Managing and
Protecting Government IT
By Rob Johnson, VP and Global Head of Solutions Engineering, SolarWinds
Rob Johnson
The UK recently hosted an
international conference to
discuss how best to tackle the
growing threat of cyberattacks
and find a way to boost the
skills needed to protect
against cybercrime. The event
attracted delegates from EU
member states, Canada, and
Japan, as well as international
organisations such as the World
Economic Forum (WEF) and
the Organisation for Economic
Co-operation and Development
(OECD).
The agenda included details from the
UK’s latest Cyber Security Skills in
the UK Labour Market Survey, which
found that 44% of UK businesses
do not have the fundamental
skills to protect themselves from
cyberattacks. But the lack of skills
is not just restricted to matters
of security. Last year, the Public
Accounts Committee published a
report on digital transformation in
government, which warned that more
needs to be done to recruit skilled
staff.
The report, entitled Digital
transformation in government:
addressing the barriers to efficiency,
estimated that the number of digital,
data, and technology professionals in
the civil service is around 4.5%, “less
than half the number it needs when
compared to an equivalent industry
average of between 8% and 12%”
It singled out shortages in roles
such as data architects and cyber
security experts, which it said were
difficult to recruit and where the skills
command a premium in the market.
Clearly, there should be no let-up
in the drive to train, recruit, and retain
skilled IT professionals. But it could
be argued that we’re reaching the
point where even an army of skilled
IT pros would be unable to provide
the level of cover needed to operate
public sector IT infrastructure.
Instead, there is a growing
consensus that to properly manage
the scale of cyber threats, along with
the ever-expanding complexity of IT
environments, organisations must
introduce greater automation.
Harnessing smart technology to
mitigate the impact of the IT skills
shortage
AIOps, for example, allows IT
teams to automate many of the
time-consuming tasks that ensure
websites, applications, databases,
and infrastructure function better.
It uses artificial intelligence (AI),
machine learning (ML), and data
analytics to enhance the monitoring
of IT systems, which would ordinarily
have to be done by IT teams.
It’s estimated that IT and cloud
teams spend around 44% of their
time on routine work to ensure
everything runs properly. Even if part
of this work could be automated,
there’s little doubt about the impact it
would have on increasing IT teams’
efficiency and productivity.
Clearly, if technology can step in
and do more of the monotonous
legwork, it reduces the need to
employ additional staff. It may not
solve the skills shortage, but it
certainly helps to get the most out of
limited resources.
AI and ML systems continuously
adapt to changing conditions,
automatically resolving issues and
optimising performance to ensure
seamless operation across complex
IT environments. This frees up
existing tech talent to focus on more
challenging, higher-value work.
The future of IT management is
autonomous
The need for human talent and
attention in cybersecurity has been
emphasized by the escalation
of cyberattacks in recent years.
During the summer, the government
confirmed plans to introduce the
Cyber Security and Resilience Bill
to improve UK cyber defenses and
protect our essential public services.
In an update on the bill, the
government stated, “Our digital
economy is increasingly being
attacked by cyber criminals and
state actors, affecting essential
public services and infrastructure.”
In the last 18 months, our hospitals,
universities, local authorities,
democratic institutions, and
government departments have all
been targeted in cyberattacks.
“Recent cyberattacks affecting
the NHS and Ministry of Defence
show the impacts can be severe.
Our laws have not kept pace with
technological change, so we need
to take swift action to address
vulnerabilities and protect our digital
economy to deliver growth.”
“The Bill will strengthen the UK’s
cyber defences and ensure critical
infrastructure and the digital services
companies rely on are secure.”
Among the measures expected
to be included in the new bill are
new rules to mandate increased
incident reporting, which would
give the government better data
on cyberattacks, including where a
company has been held to ransom.
It’s hoped that this will help to
improve the understanding of the
threats and alert us to potential
attacks.
Transparency and collaboration
SolarWinds is a firm supporter of
great transparency and collaboration,
not just in the IT industry but between
the public and private sectors.
As it stands, information regarding
security and systems resilience
is expected to flow from private
companies to the government.
However, I strongly believe this
should be a two-way street. Data
sharing about such attacks should
also flow from the government
to private enterprises. Greater
cooperation and collaboration are
essential if we are to put up a united
front against cyber threats.
After all, while the UK’s public
service faces a critical IT skills
shortage, it’s becoming increasingly
clear that recruitment alone will
not be sufficient to shore up our
defences. Instead, we must embrace
a dual approach by bolstering human
expertise while leaning on automation
to manage the growing complexity
of IT systems and the evolving cyber
threat landscape.
GOVERNMENT AND PUBLIC SECTOR JOURNAL AUTUMN 2024
39
