A ‘zero tolerance’ security policy being implemented by the government is damaging joint working and flexible working practices in public bodies including councils, LGC has learned.
Chief executives and senior officers have expressed anger and frustration at the Cabinet Office’s approach and warned that they will have to either scrap flexible working or spend hundreds of thousands of pounds on new equipment.
At present five councils have been issued with ‘red flags’ and could be disconnected from the Public Services Network, some by Christmas. This would cut off access to central government systems including crucial Department for Work & Pensions benefits data.
Many more could find themselves in the same position as the Cabinet Office’s rolling annual compliance process returns to councils that were judged compliant earlier this year before the zero tolerance approach was introduced. As of this week, 173 councils have been judged compliant, leaving 181 still to be given the all-clear.
Socitm vice president Steve Halliday said the new approach had affected the whole of the public sector, not just councils.
“The zero tolerance approach is understandable because we are dealing with serious cyber threats - hacking, viruses, criminal activities, fraud and terrorism,” Mr Halliday said. “The problem is that there are not black and white answers and organisations are having the risk decisions taken away from them in order to join the PSN; and joining the PSN is effectively mandatory. This creates cost, threats of disconnection and a groundswell of angry opinion in local government.”
He added: “Businesses and public organisations need to be flexible and agile. There are two noble strategies that are at odds with each other: security and flexible working.”
East Hampshire DC and Havant BC, which share their IT with Hampshire CC, are among the councils that are threatened with disconnection because they allow staff to use home computers and their own devices to access the council network.
Shared chief executive Sandy Hopkins said 70% of the private sector used a ‘bring your own device’ approach to IT.
“[This is] making local government more inefficient again,” she said. “Our approach should be encouraging staff to use their own equipment. We need to mirror the private sector in a drive to increase productivity and reduce costs. This is going to cost the public purse absolutely millions.”
Portsmouth City Council, also judged non-compliant, has estimated the cost of new equipment for flexible staff and new IT infrastructure to be £190,000. Leader Gerald Vernon-Jackson (Lib Dem) has told communities secretary Eric Pickles the cost should be met by government under the ‘new burdens’ agreement.
If the same £190,000 were required by each of the 181 still awaiting the all-clear the total cost to local government as a whole would be more than £30m.
But Ms Hopkins said there were considerable non-financial costs, including recruitment and equality issues if flexible working has to be withdrawn, and the impact on joint working with other public sector agencies and third sector partners that are not PSN-compliant.
Ms Hopkins said troubled families was an example of a programme that could be affected by the zero tolerance approach. “This hinders our partnership working across the tiers of government and prevents us in protecting the most vulnerable people across the county,” she said.
A Cabinet Office spokesman said public bodies had been supported with guidance and advice. “Allowing even one noncompliant organisation on to the network could put the whole of the secure government network - and personal data on it - at risk, and this is not acceptable,” he said. “If necessary, [we] will suspend the connection of any organisation that fails to comply.”
Public services network
As public bodies migrate from the existing government network to the new Public Services Network, the Cabinet Office has introduced a ‘zero tolerance’ approach to its annual security check of connected public bodies.
In June the Cabinet Office reported that some people were “extremely frustrated and feel negative about what they see as an overly tough approach”.
In October, the Cabinet Office said bodies showing a “genuine appetite and realistic plans to achieve compliance” would not be automatically disconnected. As a result, the number of ‘red flagged’ councils fell from 10 to four.
A local authority ‘PSN Secure Solutions’ expert group has been established. However, this is looking at long-term rather than short-term solutions to the problem.
- Local authorities that have not yet confirmed their PSN transition dates will be contacted by the PSN project team